Jump to content

My computer is slow (Resolved)


Icedog101
 Share

Recommended Posts

Hello

 

I appreciate all the help I can have for a faster system. I am here writing and the curse sometimes stays in the same place for a bit and the letters start showing. I don`t know what can be the problem.

 

I did scan with malawarebites, superantispyware, Microsoft security essential, slimcleaner , glary utilities and nothing was found.

 

I like to know some information, if all these programs are ok to have or it is to much.

 

I have been delaying paying the bills because I don`t know if I am infected or it is only to much in the system.

 

All the programs I have I use, but if I know which ones, I can remove I will do that. I did clean the free space, disk cleaned with glary utilities.

 

I did a scan with HijackThis log, and I put bellow.

 

HighjackThis Log:

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:08:25 PM, on 30/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Users\John\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8BCFB85-77AD-4FB6-8817-47080EE4DC69}: NameServer = 192.168.2.1
O18 - Protocol: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - (no file)
O18 - Protocol: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Users\John\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SamsungDeviceConfiguration (SamsungDeviceConfigurationWinService) - Unknown owner - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12693 bytes

 

 

 

Thank you.

 

Link to comment
Share on other sites

  • Replies 77
  • Created
  • Last Reply

Top Posters In This Topic

Hi and welcome

 

Not sure if your security applications will interfere here but we'll give it a try.

 

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

Link to comment
Share on other sites

Hi Juliet

 

I appreciate all you can do to help me. I rely on may computer to access and pay bills. I have some mobility problems and I need my computer to make my life easier.

 

I did download rkill.exe and with which I did a scan.

I also did scan with (FRST) Farbar Recovery Scan Tool, which I am going to copy and past in order I scanned it.

 

rkill log:

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/31/2014 03:21:04 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (PID: 4352) [AU-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\windows\System32\mshtml.dll : 19,252,224 : 09/22/2013 06:54 PM : f026c6f104758d0eb215b017016fae27 [NoSig]
+-> C:\windows\ERDNT\cache64\mshtml.dll : 19,230,208 : 02/21/2013 06:14 AM : 394ecd933cd66badf97ea85a183b9e1e [Pos Repl]
+-> C:\windows\SysWOW64\mshtml.dll : 14,335,488 : 09/22/2013 07:27 PM : a7221924181c8eb92b64c5a2d888bea5 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16521_none_911cac30929d18df\mshtml.dll : 19,221,504 : 03/14/2013 04:14 PM : 7539e5b4a9763c22ce5cace3e9a6246f [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_911ec38c929b31ec\mshtml.dll : 19,230,208 : 02/21/2013 06:14 AM : 394ecd933cd66badf97ea85a183b9e1e [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16576_none_91213bba929917b7\mshtml.dll : 19,231,232 : 04/05/2013 02:50 AM : c56ef4c50a1feed0cc9b7ae068cbbbbb [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16614_none_911097a292a6685c\mshtml.dll : 19,233,792 : 05/16/2013 08:58 PM : 945c49fa10b96570dfe37cfb145a1d10 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_91103c8292a6cee0\mshtml.dll : 19,233,792 : 06/08/2013 10:07 AM : 5c41af3f4b83340d2783ce8fde30566a [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9112816e92a4b4ab\mshtml.dll : 19,238,912 : 06/11/2013 07:25 PM : 9586ec4e1cc39ccba26a5e7dfe774c9e [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16660_none_9115f43492a1808b\mshtml.dll : 19,239,424 : 07/26/2013 01:12 AM : 396889142bd839db8a055a0be0ad2f79 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16686_none_91176c1892a04cff\mshtml.dll : 19,246,592 : 08/10/2013 01:21 AM : cc4ae7e2ecaee7612b3c0d3ab302375c [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16721_none_91070c5892ad50c1\mshtml.dll : 19,252,224 : 09/22/2013 06:54 PM : f026c6f104758d0eb215b017016fae27 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll : 23,212,032 : 11/12/2013 02:50 AM : d233e1a32ce6af918c9de1bc44afeb2a [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll : 23,549,440 : 03/06/2014 06:21 AM : 37d0fb9e5e8eda40b66fc3fb3d660261 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll : 8,988,160 : 11/20/2010 11:24 PM : 1c8b787baa52dead1a6fec1502d652f0 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16521_none_9b715682c6fddada\mshtml.dll : 14,317,568 : 03/14/2013 04:14 PM : e3fa8aeaa2f40ec1bb00fefb2c4f3ad9 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16540_none_9b736ddec6fbf3e7\mshtml.dll : 14,323,200 : 02/21/2013 06:29 AM : d017bf8d92938eeb9b3a1d1c53fda152 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16576_none_9b75e60cc6f9d9b2\mshtml.dll : 14,323,712 : 04/05/2013 01:26 AM : 7a468bc721c1d34e60389d3f2f87bbea [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16614_none_9b6541f4c7072a57\mshtml.dll : 14,327,808 : 05/16/2013 09:25 PM : 69a03ab053cad761e51bae1b01f95f55 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_9b64e6d4c70790db\mshtml.dll : 14,327,808 : 06/08/2013 07:40 AM : 05920bd009621d06722a1cd339da6481 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9b672bc0c70576a6\mshtml.dll : 14,329,856 : 06/11/2013 07:43 PM : af31e7d2c385f647adfd5f5736b3ba64 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16660_none_9b6a9e86c7024286\mshtml.dll : 14,329,344 : 07/25/2013 11:12 PM : e631b408882f8320739f6e0caf444397 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16686_none_9b6c166ac7010efa\mshtml.dll : 14,332,928 : 08/09/2013 11:58 PM : 5d2d7e7850ce963c2f401d4dee7bb32a [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16721_none_9b5bb6aac70e12bc\mshtml.dll : 14,335,488 : 09/22/2013 07:27 PM : a7221924181c8eb92b64c5a2d888bea5 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll : 17,142,784 : 11/12/2013 02:50 AM : f9f114b2a6f876c92d317a755494f233 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll : 17,387,008 : 03/06/2014 05:19 AM : ea85144f35ede6ee25c484d4242ff2c8 [Pos Repl]
+-> C:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll : 5,977,600 : 11/20/2010 11:25 PM : c50799f0d47dfb9774f721521b6c41d5 [Pos Repl]

* C:\windows\System32\olepro32.dll : 0 : 03/25/2014 10:58 PM : d41d8cd98f00b204e9800998ecf8427e [NoSig]
+-> C:\windows\SysWOW64\olepro32.dll : 90,112 : 11/20/2010 11:24 PM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll : 90,112 : 11/20/2010 11:24 PM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl]

* C:\windows\System32\wininet.dll : 2,241,024 : 09/22/2013 06:55 PM : d28b35de88d27efb27df4b1e8319e3c0 [NoSig]
+-> C:\windows\ERDNT\cache64\wininet.dll : 2,240,512 : 02/21/2013 06:15 AM : 753c0848ae7872a3f59663078a517293 [Pos Repl]
+-> C:\windows\SysWOW64\wininet.dll : 1,767,936 : 09/22/2013 07:28 PM : e4feb264b47360b7296aea4e052f88d8 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16521_none_7fc28d121246afa9\wininet.dll : 2,240,512 : 03/14/2013 04:14 PM : 69f1d418b4c4ec23033d598e4cbc6b73 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_7fc4a46e1244c8b6\wininet.dll : 2,240,512 : 02/21/2013 06:15 AM : 753c0848ae7872a3f59663078a517293 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_7fc71c9c1242ae81\wininet.dll : 2,242,048 : 04/05/2013 02:52 AM : 27a9000c534aa9badc9ee74940f50c6d [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_7fb67884124fff26\wininet.dll : 2,241,024 : 05/16/2013 08:59 PM : 12716d987d475b051f35895659159705 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_7fb86250124e4b75\wininet.dll : 2,241,024 : 06/11/2013 07:26 PM : faf6ec2460ad5fbbd38d8e1ae28b0d77 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16660_none_7fbbd516124b1755\wininet.dll : 2,241,024 : 07/26/2013 01:13 AM : ac155dd9bd1e6d3b740826a4d1c68aae [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16686_none_7fbd4cfa1249e3c9\wininet.dll : 2,241,024 : 08/10/2013 01:22 AM : aafa952e774dddb0956d3bdfae5b5b99 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16721_none_7faced3a1256e78b\wininet.dll : 2,241,024 : 09/22/2013 06:55 PM : d28b35de88d27efb27df4b1e8319e3c0 [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll : 2,332,160 : 11/12/2013 02:50 AM : e6cb36b85be59095337427e853a5b65a [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll : 2,260,480 : 03/06/2014 02:22 AM : f220ba78ab542c70211d73ae4729b2cd [Pos Repl]
+-> C:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll : 1,188,864 : 11/20/2010 11:23 PM : f6c5302e1f4813d552f41a0ac82455e5 [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16521_none_23a3f18e59e93e73\wininet.dll : 1,766,912 : 03/14/2013 04:14 PM : ba15504fa59a8dc304f1cbaeba6252a1 [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_23a608ea59e75780\wininet.dll : 1,766,912 : 02/21/2013 06:30 AM : cfe0cee587f9cea4c29deec6d85fc91c [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_23a8811859e53d4b\wininet.dll : 1,767,424 : 04/05/2013 01:28 AM : 5abb3f36af17007f33fa275e96a2c95e [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_2397dd0059f28df0\wininet.dll : 1,767,936 : 05/16/2013 09:25 PM : 2473ca6595a2659d7039a4a89feca269 [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_2399c6cc59f0da3f\wininet.dll : 1,767,936 : 06/11/2013 07:43 PM : 9bf7c7654efd098ee3a27b49492a382a [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16660_none_239d399259eda61f\wininet.dll : 1,767,936 : 07/25/2013 11:13 PM : daa3903f06116ae9ee7ac1d1b93684a4 [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16686_none_239eb17659ec7293\wininet.dll : 1,767,936 : 08/09/2013 11:59 PM : 535f6263035f2530a62d5d64ef6e73d3 [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16721_none_238e51b659f97655\wininet.dll : 1,767,936 : 09/22/2013 07:28 PM : e4feb264b47360b7296aea4e052f88d8 [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll : 1,818,112 : 11/12/2013 02:50 AM : b5eb5bd3066959611e1f7a80fd6cc172 [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll : 1,789,440 : 03/06/2014 01:41 AM : e4e829ee073e046b0eb19b5fecb19b8c [Pos Repl]
+-> C:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll : 980,992 : 11/20/2010 11:24 PM : 44214c94911c7cfb1d52cb64d5e8368d [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/31/2014 03:23:04 PM
Execution time: 0 hours(s), 2 minute(s), and 0 seconds(s)

 

FRST txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by John (administrator) on JOHN-PC on 31-05-2014 15:26:54
Running from C:\Users\John\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
() C:\Users\John\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\7234e5c0-b76f-4255-bb15-5f4ca468a91d.com
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Farbar) C:\Users\John\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-05-08] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-839072158-3120938179-813264055-1000\...\Run: [Google Update] => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-20] (Google Inc.)
HKU\S-1-5-21-839072158-3120938179-813264055-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-05-14] (Glarysoft Ltd)
HKU\S-1-5-21-839072158-3120938179-813264055-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {c1d89ae7-449d-4929-b24b-fded04adbe06}
SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKCU - DefaultScope {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - D46D4BAB47D04971B56617F57A99570B URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN29205931237739246&UM=2
SearchScopes: HKCU - {7B4D4325-10A3-2E17-A0C3-5743FC1385DB} URL =
SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PD
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Users\John\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F8BCFB85-77AD-4FB6-8817-47080EE4DC69}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434
FF Homepage: msn.ca
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.1.0 - C:\Users\John\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.1.0 - C:\Users\John\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\Users\John\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\John\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\John\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\John\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\John\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Canadian English Dictionary - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\en-CA@dictionaries.addons.mozilla.org [2014-05-17]
FF Extension: 365Scores Notifier - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\Firefox@365scores.com [2014-05-18]
FF Extension: Corretor para Português de Portugal - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\pt-PT@dictionaries.addons.mozilla.org [2014-05-16]
FF Extension: WOT - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-16]
FF Extension: AutoTradutor - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\jid0-Re15rJGCtDTAeh3coeID4VTYl18@jetpack.xpi [2014-05-16]
FF Extension: Pin It button - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\pinterest@robertnyman.com.xpi [2014-05-16]
FF Extension: Priberam - Lingua Portuguesa On-Line. - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\priberam@coelhonarede.com.xpi [2014-05-16]
FF Extension: Flagfox - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-05-16]
FF Extension: abcTajpu - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-05-16]
FF Extension: FootieFox - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2014-05-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}] - C:\Users\John\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Users\John\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Users\John\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Users\John\RealDownloader\BrowserPlugins\Firefox\Ext [2012-05-19]

Chrome:
=======
CHR HomePage: hxxp://msn.pt/
CHR StartupUrls: "hxxp://msn.ca/", "hxxp://msn.pt/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\John\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\John\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\John\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealDownloader Plugin) - C:\Users\John\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Accent Grid) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\efedjomeallaomheefphgnbleieplnfk [2014-05-23]
CHR Extension: (Special Characters - Click and Paste) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjbliednplpohojfpgnbpcppgdnhklb [2014-05-23]
CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2014-05-26]
CHR Extension: (AdBlock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-15]
CHR Extension: (Pin It Button) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-05-26]
CHR Extension: (Portuguese Dictionary) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkjekdadnmabagedanjdjfpmjpoglapb [2014-02-16]
CHR Extension: (RealDownloader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-20]
CHR Extension: (Spell Checker for Chrome) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2014-05-18]
CHR Extension: (Shareaholic for Pinterest) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2014-05-18]
CHR Extension: (Skype Click to Call) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-20]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (365Scores - Live Scores,Sports News & Alerts) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpppefjehmjbiplimkfjeamnohldmko [2014-05-18]
CHR Extension: (Live Sports) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2014-05-18]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\John\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Users\John\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-03-23]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\John\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-07-15] (Atheros)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-05-08] (Garmin Ltd or its subsidiaries)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Users\John\RealDownloader\rndlresolversvc.exe [31920 2012-03-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-10] (AVG Secure Search)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-03-10] (AVG Technologies)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-05-14] (Glarysoft Ltd)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63928 2014-04-11] ()
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-16] (Glarysoft Ltd)
S2 LxrSII1d; C:\windows\SysWOW64\Drivers\LxrSII1d.sys [70016 2005-05-19] ()
R2 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-05-30] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-04-14] (Windows ® 2003 DDK 3790 provider)
R1 SafDskNT; C:\windows\system32\drivers\SAFDSKNT.SYS [76112 2009-12-07] (PC Dynamics, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-28] (Spotflux, Inc.)
S3 DCamUSBSTK02N; system32\DRIVERS\STK02NW2.sys [X]
S3 SBIOSIO; \??\C:\Users\John\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 15:26 - 2014-05-31 15:27 - 00033028 _____ () C:\Users\John\Downloads\FRST.txt
2014-05-31 15:26 - 2014-05-31 15:26 - 00000000 ____D () C:\FRST
2014-05-31 15:24 - 2014-05-31 15:24 - 02066944 _____ (Farbar) C:\Users\John\Downloads\FRST64(1).exe
2014-05-31 15:21 - 2014-05-31 15:23 - 00024210 _____ () C:\Users\John\Desktop\Rkill.txt
2014-05-31 15:21 - 2014-05-31 15:21 - 00977392 _____ (SlimWare Utilities, Inc.) C:\Users\John\Downloads\SlimCleanerPlus-setup.exe
2014-05-31 15:19 - 2014-05-31 15:19 - 01056256 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-05-31 15:18 - 2014-05-31 15:19 - 02066944 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-05-31 15:17 - 2014-05-31 15:17 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2014-05-30 22:22 - 2014-05-31 15:02 - 00000336 _____ () C:\windows\setupact.log
2014-05-30 22:22 - 2014-05-30 22:22 - 00000000 _____ () C:\windows\setuperr.log
2014-05-30 17:08 - 2014-05-30 17:08 - 00012695 _____ () C:\Users\John\Desktop\hijackthis.log
2014-05-30 15:12 - 2014-05-30 15:12 - 00346896 _____ () C:\Users\John\Downloads\footiefox-2.1.10-fx.xpi
2014-05-28 00:51 - 2014-05-28 00:51 - 00000027 _____ () C:\Users\John\Desktop\email.txt
2014-05-27 21:18 - 2014-05-29 17:33 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-05-27 21:18 - 2014-05-27 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-27 21:13 - 2014-05-27 21:16 - 25055851 _____ () C:\Users\John\Downloads\VLC_Media_Player_(64bit)_v2.1.4.exe
2014-05-27 21:13 - 2014-05-27 21:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\Malwarebytes_Anti_Malware_v2.0.2.exe
2014-05-27 19:02 - 2014-05-27 19:02 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-27 18:54 - 2014-05-27 18:54 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-27 18:02 - 2014-05-27 19:01 - 04748896 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup414.exe
2014-05-26 10:15 - 2014-05-26 10:15 - 00007262 _____ () C:\Users\John\Documents\cc_20140526_101515.reg
2014-05-26 10:02 - 2014-05-26 10:02 - 00001606 _____ () C:\Users\John\Desktop\:filtered:.txt
2014-05-23 22:15 - 2014-05-23 22:15 - 00030726 _____ () C:\Users\John\Downloads\Outlook.com.zip
2014-05-23 21:51 - 2014-05-23 21:53 - 35311232 _____ (Skype Technologies S.A.) C:\Users\John\Downloads\SkypeSetupFull (1).exe
2014-05-23 10:10 - 2014-05-23 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-23 10:07 - 2014-05-23 10:07 - 00000000 ____D () C:\Program Files (x86)\SkypeWebPlugin
2014-05-23 10:05 - 2014-05-23 10:06 - 05353472 _____ () C:\Users\John\Downloads\SkypeWebPlugin-2.9.13008.18866.msi
2014-05-23 10:03 - 2014-05-23 10:04 - 35314816 _____ (Skype Technologies S.A.) C:\Users\John\Downloads\SkypeSetupFull.exe
2014-05-23 09:57 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-05-23 00:32 - 2014-05-23 00:32 - 00096439 _____ () C:\Users\John\Downloads\shexview-x64.zip
2014-05-23 00:20 - 2014-05-23 00:20 - 00535766 _____ (www.disableautorun.com ) C:\Users\John\Downloads\disableautorun_setup.exe
2014-05-22 23:36 - 2014-05-22 23:36 - 00613875 _____ () C:\Users\John\Downloads\dcu.zip
2014-05-22 20:29 - 2014-05-22 20:29 - 00002782 _____ () C:\Users\John\Documents\cc_20140522_202923.reg
2014-05-22 19:26 - 2014-05-22 19:27 - 00000085 _____ () C:\windows\wininit.ini
2014-05-22 11:21 - 2014-05-22 11:21 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-05-22 11:16 - 2014-05-22 11:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot-2.3.exe
2014-05-22 10:34 - 2014-05-22 10:34 - 00116272 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 00:10 - 2014-05-22 00:10 - 00009864 ____N () C:\bootsqm.dat
2014-05-20 15:57 - 2014-05-20 15:57 - 00000828 _____ () C:\Users\John\Documents\cc_20140520_155712.reg
2014-05-19 01:14 - 2014-05-19 01:14 - 00347816 _____ (Microsoft Corporation) C:\Users\John\Downloads\MicrosoftFixit.wu.RNP.149323907021257177.4.1.Run.exe
2014-05-19 01:13 - 2014-05-19 01:13 - 00347816 _____ (Microsoft Corporation) C:\Users\John\Downloads\MicrosoftFixit.malware.RNP.149323907021257177.3.1.Run.exe
2014-05-19 01:11 - 2014-05-19 01:11 - 00347816 _____ (Microsoft Corporation) C:\Users\John\Downloads\MicrosoftFixit.Performance.RNP.149323907021257177.2.1.Run.exe
2014-05-19 01:07 - 2014-05-19 01:07 - 00006210 _____ () C:\Users\John\Documents\cc_20140519_010743.reg
2014-05-19 00:20 - 2014-05-19 00:20 - 01016261 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-05-18 22:38 - 2014-05-18 22:39 - 03822364 _____ () C:\Users\John\Downloads\HDDScan-3.3.zip
2014-05-18 22:32 - 2014-05-18 22:34 - 18286393 _____ () C:\Users\John\Downloads\hdsentinel_trial_setup.zip
2014-05-18 18:02 - 2014-05-18 18:02 - 00000000 ____D () C:\Users\John\Downloads\Root Kit scanner
2014-05-18 17:30 - 2014-05-18 17:31 - 00000000 ____D () C:\Users\John\Downloads\Cleaners
2014-05-18 17:26 - 2014-05-18 17:26 - 00000000 ____D () C:\Users\John\Downloads\Portugal
2014-05-18 17:18 - 2014-05-18 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-18 17:16 - 2014-05-18 17:16 - 12589848 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.07.0.1009.exe
2014-05-18 17:15 - 2014-05-18 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-05-18 17:15 - 2014-05-18 17:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-05-17 14:46 - 2014-05-17 14:46 - 00000166 _____ () C:\Users\John\Desktop\Glarysoft Freeware.url
2014-05-17 14:39 - 2014-05-17 14:39 - 00000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2014-05-17 13:14 - 2014-05-17 21:35 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-05-17 13:14 - 2014-05-17 13:14 - 00003010 _____ () C:\windows\System32\Tasks\SlimCleaner Run
2014-05-17 13:14 - 2014-05-17 13:14 - 00002467 _____ () C:\Users\Public\Desktop\SlimCleaner.lnk
2014-05-17 13:14 - 2014-05-17 13:14 - 00000000 ____D () C:\Users\John\AppData\Local\SlimWare Utilities Inc
2014-05-17 13:14 - 2014-05-17 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2014-05-17 13:13 - 2014-05-17 13:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-05-16 23:38 - 2014-05-16 23:39 - 29014160 _____ (Mozilla) C:\Users\John\Downloads\Firefox Setup 29.0.1.exe
2014-05-16 23:04 - 2014-05-16 23:04 - 00046124 _____ () C:\Users\John\Downloads\myuninst.zip
2014-05-16 22:21 - 2014-05-16 22:24 - 00000000 ____D () C:\Users\John\Downloads\windows scan
2014-05-16 19:46 - 2014-05-16 19:46 - 00000075 _____ () C:\Users\John\Desktop\Scans.txt
2014-05-16 18:53 - 2014-05-14 04:39 - 00118048 _____ (Glarysoft Ltd) C:\windows\system32\BootDefrag.exe
2014-05-16 18:53 - 2014-05-14 03:02 - 00017600 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\BootDefragDriver.sys
2014-05-16 18:18 - 2014-05-16 18:19 - 104581400 _____ (Microsoft Corporation) C:\Users\John\Downloads\msert.exe
2014-05-16 17:04 - 2014-05-16 17:04 - 00020672 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\GUBootStartup.sys
2014-05-16 17:04 - 2014-05-16 17:04 - 00002968 _____ () C:\windows\System32\Tasks\GU5SkipUAC
2014-05-16 17:04 - 2014-05-16 17:04 - 00002622 _____ () C:\windows\System32\Tasks\GlaryInitialize 5
2014-05-16 17:04 - 2014-05-16 17:04 - 00001052 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-16 17:04 - 2014-05-16 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-16 16:16 - 2014-05-16 16:16 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 15:23 - 2014-05-16 15:23 - 00106826 _____ () C:\Users\John\Downloads\MSN Canada - Outlook.com formerly Hotmail, Bing, Skype and latest news.htm
2014-05-16 15:03 - 2014-05-18 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 14:44 - 2014-05-16 14:44 - 00001848 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-05-16 14:44 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-16 14:44 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-16 14:44 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 14:44 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 14:43 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 14:43 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 14:43 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 14:43 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 14:43 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 14:43 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 14:43 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-16 14:43 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-16 14:43 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 14:43 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 14:43 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 14:43 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 14:43 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 14:43 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 14:43 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 14:43 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 14:43 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 14:43 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-16 14:43 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 14:43 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-16 14:43 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-16 14:43 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-16 14:43 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-16 14:43 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 14:43 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 14:43 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-16 14:43 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-16 14:43 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-16 14:43 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 14:43 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 14:00 - 2014-05-16 14:00 - 00000000 ____D () C:\Users\Isabel\AppData\Local\Samsung
2014-05-16 01:24 - 2014-05-16 01:24 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-05-15 17:51 - 2014-05-15 17:51 - 00000000 ____D () C:\Users\Isabel\AppData\Local\Macromedia
2014-05-14 10:32 - 2014-05-27 18:49 - 00000330 _____ () C:\windows\Tasks\GlaryInitialize 5.job
2014-05-14 10:31 - 2014-05-27 19:08 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-13 09:08 - 2014-05-13 09:09 - 00000000 ____D () C:\Users\Isabel\AppData\Roaming\Mozilla
2014-05-13 09:08 - 2014-05-13 09:09 - 00000000 ____D () C:\Users\Isabel\AppData\Local\Mozilla
2014-05-13 09:08 - 2014-05-13 09:08 - 00000000 ____D () C:\Users\Isabel\AppData\Roaming\Foxit Software
2014-05-12 10:06 - 2014-05-12 10:06 - 00000000 ____D () C:\Users\Isabel\Documents\TurboTax
2014-05-12 00:21 - 2014-05-12 00:21 - 00000000 ____D () C:\Users\Isabel\AppData\Roaming\ATI
2014-05-12 00:21 - 2014-05-12 00:21 - 00000000 ____D () C:\Users\Isabel\AppData\Local\ATI
2014-05-12 00:20 - 2014-05-16 13:29 - 00000000 ____D () C:\Users\Isabel\Documents\Bluetooth Folder
2014-05-12 00:20 - 2014-05-12 00:20 - 00116272 _____ () C:\Users\Isabel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-12 00:20 - 2014-05-12 00:20 - 00000000 ____D () C:\Users\Isabel\AppData\Roaming\Intuit Canada
2014-05-12 00:20 - 2014-05-12 00:20 - 00000000 ____D () C:\Users\Isabel\AppData\Roaming\Atheros
2014-05-12 00:20 - 2014-05-12 00:20 - 00000000 ____D () C:\Users\Isabel\AppData\Local\BMExplorer
2014-05-12 00:19 - 2014-05-18 13:24 - 00000000 ____D () C:\Users\Isabel\AppData\Local\temp
2014-05-12 00:19 - 2014-05-16 14:26 - 00000000 ____D () C:\Users\Isabel
2014-05-12 00:19 - 2014-05-16 14:18 - 00000000 ___RD () C:\Users\Isabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-12 00:19 - 2014-05-16 14:18 - 00000000 ____D () C:\Users\Isabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-12 00:19 - 2014-05-

Link to comment
Share on other sites

The below script will reboot your computer, please don't be alarmed.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

SearchScopes: HKCU - D46D4BAB47D04971B56617F57A99570B URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN29205931237739246&UM=2

SearchScopes: HKCU - {7B4D4325-10A3-2E17-A0C3-5743FC1385DB} URL =

SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PD

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)

FF Plugin-x32: @avg.com/AVG

SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)

CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\John\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]

R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-10] (AVG Secure Search)

Task: {04CD910F-8669-46D0-BD3E-B5DBC3012B86} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION

Task: {CC673E62-0B11-4CF0-BA0E-04CE379DB180} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

****************

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Please post

Fixlog.txt

C:\AdwCleaner.txt

Link to comment
Share on other sites

Hi Juliet

 

I hope I did all the right way. I did put these on the desktop (FRST/FRST64, fixlist.txt. Farbar Recovery Scan Tool" (FRST) program.

 

I did a scan and the computer restarted.

 

I downloaded AdwCleaner.exe. After the scan the system restarted.

 

Now, I am going to put the logs from the scans.

 

Fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014 01
Ran by John at 2014-06-01 12:47:53 Run:1
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Quote

start
SearchScopes: HKCU - D46D4BAB47D04971B56617F57A99570B URL = http://search.condui...1237739246&UM=2
SearchScopes: HKCU - {7B4D4325-10A3-2E17-A0C3-5743FC1385DB} URL =
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.c...rm=1&toolbar=PD
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG
SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\John\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-08-15]
R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-10] (AVG Secure Search)
Task: {04CD910F-8669-46D0-BD3E-B5DBC3012B86} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {CC673E62-0B11-4CF0-BA0E-04CE379DB180} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Reboot:
end
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\D46D4BAB47D04971B56617F57A99570B => Key deleted successfully.
HKCR\CLSID\D46D4BAB47D04971B56617F57A99570B => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B4D4325-10A3-2E17-A0C3-5743FC1385DB} => Key deleted successfully.
HKCR\CLSID\{7B4D4325-10A3-2E17-A0C3-5743FC1385DB} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key deleted successfully.
HKCR\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @avg.com/AVG => Key not found.
FF Plugin-x32: @avg.com/AVG not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl => Key deleted successfully.
C:\Users\John\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx => Moved successfully.
vToolbarUpdater18.0.0 => Service stopped successfully.
vToolbarUpdater18.0.0 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04CD910F-8669-46D0-BD3E-B5DBC3012B86} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CD910F-8669-46D0-BD3E-B5DBC3012B86} => Key deleted successfully.
C:\Windows\System32\Tasks\Express FilesUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC673E62-0B11-4CF0-BA0E-04CE379DB180} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC673E62-0B11-4CF0-BA0E-04CE379DB180} => Key deleted successfully.
C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

AdwCleaner[s0]:

 

# AdwCleaner v3.211 - Report created 01/06/2014 at 13:25:45
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\windows\SysWOW64\hotspot shield
Folder Deleted : C:\windows\System32\ARFC
Folder Deleted : C:\Users\John\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\John\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\John\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\John\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\John\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\John\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\John\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\John\AppData\Roaming\strongvault
Folder Deleted : C:\Users\John\AppData\Roaming\ZoomBrowser EX
File Deleted : C:\END
File Deleted : C:\windows\System32\dmwu.exe
File Deleted : C:\windows\System32\ImhxxpComm.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\5257dcdfbd68e545
Key Deleted : HKLM\SOFTWARE\5257dcdfbd68e545
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_glary-utilities-portable_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_glary-utilities-portable_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rgs-cardmaster_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rgs-cardmaster_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\WNLT

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Icedog\AppData\Roaming\Mozilla\Firefox\Profiles\oykaspm5.default\prefs.js ]


[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2d837ppg.default-1395243719434\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [8877 octets] - [01/06/2014 13:22:08]
AdwCleaner[s0].txt - [8618 octets] - [01/06/2014 13:25:45]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8678 octets] ##########

 

Thank you

Link to comment
Share on other sites

Hi,

 

I find it a little better. I can scroll down a bit faster. What I find is when I go to open a bookmark and right click I need to wait until the link shows up, and sometimes even when that shows the bookmark does not upload.

 

I did not try that much, I was resting because I had lots of pain on my back.

 

I am sorry if I took to long to answer.

Link to comment
Share on other sites

In the logs you posted previously I see you had downloaded ComboFix, you still have the logs from that scan?

 

C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

 

How about c:\Combofix\combofix.txt <-- is it here?

Link to comment
Share on other sites

Hi,

 

I did a search to see if I have the C:\qoobox\quarantined_files.txt and did not find.

I don`t know where to find the one you talk. I follow the link and did not see the one you are saying.

 

 

 

The combo fix I have this one:

 

ComboFix 13-04-24.03 - John 24/04/2013 18:11:00.11.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.352.1033.18.5612.3764 [GMT -4:00]
Lancé depuis: c:\users\John\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\John\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-03-24 au 2013-04-24 ))))))))))))))))))))))))))))))))))))
.
.
2013-04-24 22:22 . 2013-04-24 22:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-24 22:22 . 2013-04-24 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-24 20:52 . 2013-04-24 20:52 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7653266-86EB-4588-8A2A-B2859DD0D704}\offreg.dll
2013-04-24 20:51 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7653266-86EB-4588-8A2A-B2859DD0D704}\mpengine.dll
2013-04-24 14:06 . 2013-04-24 14:06 -------- d-----w- c:\windows\CheckSur
2013-04-24 06:02 . 2013-04-24 06:01 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B861467-7A29-4FDD-B89F-5ECFD85B0447}\gapaengine.dll
2013-04-24 05:57 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-24 00:45 . 2006-11-03 01:01 25872 ----a-w- c:\windows\SysWow64\drivers\DKbFltr.sys
2013-04-24 00:44 . 2013-04-24 00:45 -------- d-----w- c:\program files (x86)\Launch Manager
2013-04-24 00:14 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 02:18 . 2013-04-21 02:18 -------- d-----w- c:\users\John\AppData\Roaming\Oracle
2013-04-21 02:17 . 2013-04-21 02:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-21 02:17 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 02:26 . 2013-04-18 02:26 -------- d-----w- c:\program files\VideoLAN
2013-04-15 15:28 . 2013-04-15 15:28 -------- d-----w- c:\program files (x86)\Trend Micro
2013-04-15 04:30 . 2013-04-15 04:30 -------- d-----w- c:\users\John\AppData\Local\Mozilla
2013-04-15 04:30 . 2013-04-24 00:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-04-13 19:23 . 2013-04-13 19:23 -------- d-----w- C:\MATS
2013-04-13 04:33 . 2013-04-13 04:34 -------- d-----w- C:\temp
2013-04-11 17:10 . 2013-04-11 17:10 -------- d-----w- c:\users\John\AppData\Local\Downloaded Installations
2013-04-11 17:05 . 2013-04-11 17:05 -------- d-----w- c:\users\John\AppData\Roaming\Samsung
2013-04-11 16:20 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 06:08 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 06:07 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-11 06:07 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 06:07 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 06:07 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 06:07 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 06:07 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 22:30 . 2013-04-10 22:30 -------- d-----w- c:\users\John\AppData\Local\Lexar Media
2013-04-07 21:17 . 2013-04-07 21:17 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-07 16:52 . 2013-04-07 16:52 -------- d-sh--w- c:\windows\ftpcache
2013-04-03 18:00 . 2013-04-13 01:46 -------- d-----w- c:\windows\softwaredistribution.bak3
2013-03-30 02:59 . 2013-03-30 02:59 -------- d-----w- c:\users\John\John`s Files
2013-03-29 02:13 . 2013-04-03 06:12 -------- d-----w- c:\windows\softwaredistribution.bak2
2013-03-28 05:07 . 2013-03-28 20:05 -------- d-----w- c:\windows\softwaredistribution.bak1
2013-03-28 02:55 . 2013-03-28 02:55 -------- d-----w- c:\program files (x86)\BillP Studios
2013-03-26 21:55 . 2013-04-11 05:48 -------- d-----w- c:\program files (x86)\Glary Utilities
2013-03-26 21:50 . 2013-03-26 21:51 -------- d-----w- c:\users\John\AppData\Roaming\GoforFiles
2013-03-26 20:57 . 2013-03-26 20:57 -------- d-----w- c:\users\John\AppData\Roaming\DriverCure
2013-03-26 20:57 . 2013-03-26 20:57 -------- d-----w- c:\users\John\AppData\Roaming\SparkTrust
2013-03-26 20:56 . 2013-03-26 21:42 -------- d-----w- c:\programdata\SparkTrust
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 13:43 . 2013-02-16 21:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-17 13:43 . 2013-02-16 21:11 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 16:21 . 2012-05-06 21:41 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 18:50 . 2012-06-12 15:55 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-03 06:19 . 2011-12-22 02:38 407040 ----a-w- c:\windows\HotfixChecker.exe
2013-04-03 06:10 . 2011-12-22 02:25 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-28 03:20 . 2012-06-15 02:33 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-28 03:20 . 2012-06-15 02:33 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-18 18:52 . 2012-05-08 22:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-18 18:52 . 2012-05-08 22:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-14 20:14 . 2013-03-14 20:14 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-14 20:14 . 2013-03-14 20:14 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-14 20:14 . 2013-03-14 20:14 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-14 20:14 . 2013-03-14 20:14 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-14 20:14 . 2013-03-14 20:14 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-14 20:14 . 2013-03-14 20:14 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-14 20:14 . 2013-03-14 20:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-14 20:14 . 2013-03-14 20:14 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-14 20:14 . 2013-03-14 20:14 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-14 20:14 . 2013-03-14 20:14 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-14 20:14 . 2013-03-14 20:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-14 20:14 . 2013-03-14 20:14 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-14 20:14 . 2013-03-14 20:14 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-14 20:14 . 2013-03-14 20:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-14 20:14 . 2013-03-14 20:14 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-14 20:14 . 2013-03-14 20:14 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-14 20:14 . 2013-03-14 20:14 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-14 20:14 . 2013-03-14 20:14 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-14 20:14 . 2013-03-14 20:14 441856 ----a-w- c:\windows\system32\html.iec
2013-03-14 20:14 . 2013-03-14 20:14 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-14 20:14 . 2013-03-14 20:14 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-14 20:14 . 2013-03-14 20:14 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-14 20:14 . 2013-03-14 20:14 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-14 20:14 . 2013-03-14 20:14 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-14 20:14 . 2013-03-14 20:14 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-14 20:14 . 2013-03-14 20:14 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-14 20:14 . 2013-03-14 20:14 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-14 20:14 . 2013-03-14 20:14 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-14 20:14 . 2013-03-14 20:14 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-14 20:14 . 2013-03-14 20:14 235008 ----a-w- c:\windows\system32\url.dll
2013-03-14 20:14 . 2013-03-14 20:14 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-14 20:14 . 2013-03-14 20:14 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-14 20:14 . 2013-03-14 20:14 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-14 20:14 . 2013-03-14 20:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-14 20:14 . 2013-03-14 20:14 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-14 20:14 . 2013-03-14 20:14 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-14 20:14 . 2013-03-14 20:14 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-14 20:14 . 2013-03-14 20:14 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-14 20:14 . 2013-03-14 20:14 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-14 20:14 . 2013-03-14 20:14 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-14 20:14 . 2013-03-14 20:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-14 20:14 . 2013-03-14 20:14 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-14 20:14 . 2013-03-14 20:14 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-14 20:14 . 2013-03-14 20:14 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-14 20:14 . 2013-03-14 20:14 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-14 20:14 . 2013-03-14 20:14 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-14 20:14 . 2013-03-14 20:14 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-14 20:14 . 2013-03-14 20:14 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-14 20:14 . 2013-03-14 20:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-07 22:25 . 2012-12-17 20:47 92248 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-03-07 16:21 . 2013-03-07 16:21 38664 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2013-02-20 04:28 . 2013-02-20 04:28 208216 ----a-w- c:\windows\system32\drivers\72995970.sys
2013-02-12 05:45 . 2013-03-13 21:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 21:10 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 21:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 21:10 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 21:10 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 21:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-14 20:09 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-07 12:15 . 2013-02-07 12:15 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-17 422632]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-02-18 866824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-2-7 575000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"WD Drive Unlocker"=c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
"WD Quick View"=c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
"BingDesktop"=c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\users\John\RealDownloader\rndlresolversvc.exe [2012-03-23 31920]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2013-02-07 660504]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-20 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS [2011-11-04 58368]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SBIOSIO;SBIOSIO;c:\users\John\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 40712]
R3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys [2013-03-07 38664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-07 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2011-10-12 13824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 204288]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-15 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-15 91296]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-03-22 168536]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-02-13 31624]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2013-02-07 1223704]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680]
S2 SWUpdateService;SW Update Service;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe [2013-04-09 2921520]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-09-20 1157056]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-06 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-09-20 1177536]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-07-15 36000]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-18 115216]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-07-15 259744]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-07-15 109216]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-07-15 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-07-15 166048]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-07-15 59040]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-07-15 283296]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-15 289440]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-10-13 197416]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys [2013-02-07 18456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-17 05:03 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-16 13:43]
.
2013-04-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-03-26 04:41]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-28 16:38]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-28 16:38]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-19 01:51]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-19 01:51]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sympatico.ca
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{F8BCFB85-77AD-4FB6-8817-47080EE4DC69}: DhcpNameServer = 172.16.0.1
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files (x86)\TurboTax 2012\ic2012pp.dll
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\
FF - prefs.js: browser.startup.homepage - msn.ca
FF - ExtSQL: 2013-04-16 13:35; pt-PT@dictionaries.addons.mozilla.org; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\pt-PT@dictionaries.addons.mozilla.org
FF - ExtSQL: 2013-04-16 13:37; en-CA@dictionaries.addons.mozilla.org; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\en-CA@dictionaries.addons.mozilla.org
FF - ExtSQL: 2013-04-16 14:20; langpack-pt-PT@firefox.mozilla.org; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\langpack-pt-PT@firefox.mozilla.org.xpi
FF - ExtSQL: 2013-04-16 14:22; pt-PT-preao@maracuja.homeip.net; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\pt-PT-preao@maracuja.homeip.net
FF - ExtSQL: 2013-04-16 14:26; {582195F5-92E7-40a0-A127-DB71295901D7}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF - ExtSQL: 2013-04-16 14:28; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-16 14:32; {9fb7d178-155a-4318-9173-1a8eaaea7fe4}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi
FF - ExtSQL: 2013-04-17 16:43; bookmarkdup@localghost.net; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\bookmarkdup@localghost.net.xpi
FF - ExtSQL: 2013-04-19 13:50; {15a7ef52-8a77-426e-9e17-e21af257d7c8}; c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wdei7hx4.default\extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-04-24 18:48:46
ComboFix-quarantined-files.txt 2013-04-24 22:48
ComboFix2.txt 2013-04-24 20:49
.
Avant-CF: 111,150,632,960 bytes free
Après-CF: 110,324,944,896 bytes free
.
- - End Of File - - F7AE074B33A917F255CA2DE4B9A7B9F2

Link to comment
Share on other sites

Hope you are well.

 

Yes, that was one of the logs I wanted to see but, it shows me also it has been run 3 times so I will not be able to see what it originally deleted.

 

Let's check for leftovers.

The most of them should take no more than 5 to 20 minutes each.

Eset could take up to an hour or two or longer depending on the size of your hard drive and the speed of your computer.

 

 

STEP 1

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • ~~~~~~~~~~~~~~~~~~~

    STEP 2

     

     

     

    Please download the latest version of TDSSKiller from here and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

      image000q.png

    • ~~~~~~~~~~~
    • Put a checkmark beside loaded modules.

      Sbf88.png

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      JtwHB.png

    • Click the Start Scan button.

      19695967.jpg

    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      67776163.jpg

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      62117367.jpg

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    STEP 3

     

     

     

    Please download Malwarebytes Anti-Rootkit mbamicontw5.gif and save it to your desktop.

    • Be sure to print out and follow these instructions for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
    STEP 4

     

     

     

    I'd like us to scan your machine with ESET OnlineScan

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

      ESET OnlineScan

    • Click the Run ESET Online Scanner button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
    • Check esetAcceptTerms.png
    • Click the esetStart.png button.
    • Accept any security warnings from your browser.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push esetListThreats.png
    • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the esetBack.png button.
    • Push esetFinish.png
  • please post

    JRT.txt

    TDSSKiller log

    Malwarebytes Anti-Rootkit log

    Eset log

Link to comment
Share on other sites

Hi Juliet

 

I did download the programs and I did the scans.

 

When I did scan with JRT I turned off real time protection on windows security essentials.

 

With mbar I did two times.

 

As for tdsskiller I did uninstall windows security essentials and I did re-install again.

 

eset_nod32_antivirus I did online scan and I did install and a scan. With this one I don`t know if I did what should be done.

 

I post the logs bellow.

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on 03/06/2014 at 22:03:37.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-839072158-3120938179-813264055-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-839072158-3120938179-813264055-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasmancs



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\costmin"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\John\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{0BAAF731-59E7-43C7-81AA-AD03B66D790B}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{24791DE8-AAE6-4561-9F93-963045A807F4}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{2A825E33-DA9F-4C94-B44B-D78BC188CEB9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{6FBCB5A0-680C-48D8-8D3F-5C59976A22B6}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9B20C8FC-27FF-4624-AEFC-1724DCBD655E}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9CE5A48E-D0A1-4968-918A-D3918DDBBB23}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A0A183AE-5385-41EC-9320-185FA1E67B5A}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A2779237-D51C-4071-9C77-985F15B4ADF9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A2C99439-516C-433E-BE1B-CF010D6EB078}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{B2DE83BE-046A-4DE1-8907-AE2E9D455CFE}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D6EE2757-6E63-4D26-98C5-BDBFE61D61D4}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E2CAA561-17CE-4B9C-91AC-6E789342ED12}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{ED568333-ECA4-464F-8774-94E76CD42BAD}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\user.js
Successfully deleted the following from C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\prefs.js

user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("extensions.crossrider.bic", "1465f8663e7421978316b4f1cc884a5a");
user_pref("extensions.iQiS.scode", "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||ur
user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=c
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/06/2014 at 22:17:25.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

mbar-log-2014-06-03 (13-04-06):

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.06.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
John :: JOHN-PC [administrator]

03/06/2014 1:04:06 PM
mbar-log-2014-06-03 (13-04-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 371323
Time elapsed: 1 hour(s), 11 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 8
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com/) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com/) -> Replace on reboot.

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot.

Files Detected: 1
C:\ProgramData\374311380\BIT82E3.tmp (Rogue.Multiple) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

system-log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 3601125376

Downloaded database version: v2014.06.03.05
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/03/2014 13:03:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bc3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa8006fc1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80064c0060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d3ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c0060, DeviceName: \Device\00000078\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006fc1b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
Infected: C:\ProgramData\374311380 --> [Rogue.Multiple]
Infected: C:\ProgramData\374311380\BIT82E3.tmp --> [Rogue.Multiple]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL --> [Hijack.SearchPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 3594854400

Downloaded database version: v2014.06.03.06
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/03/2014 14:49:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bc3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa8006fc1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80064c0060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d3ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c0060, DeviceName: \Device\00000078\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006fc1b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 4181753856

Downloaded database version: v2014.06.03.06
Downloaded database version: v2014.06.02.01
Initializing...
======================
------------ Kernel report ------------
06/03/2014 15:39:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006b00060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a5\
Lower Device Object: 0xfffffa8006afe750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006a6a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa80064c09c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006a6a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a6a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006a6a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064c4ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c09c0, DeviceName: \Device\00000077\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006b00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008157040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006afe750, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

Kaspersky TDSSKiller Antirootkit log:

 

15:12:42.0268 0x0c48 TDSS rootkit removing tool 3.0.0.37 May 30 2014 13:12:03
15:12:42.0533 0x0c48 ============================================================
15:12:42.0533 0x0c48 Current date / time: 2014/06/03 15:12:42.0533
15:12:42.0533 0x0c48 SystemInfo:
15:12:42.0533 0x0c48
15:12:42.0533 0x0c48 OS Version: 6.1.7601 ServicePack: 1.0
15:12:42.0533 0x0c48 Product type: Workstation
15:12:42.0533 0x0c48 ComputerName: JOHN-PC
15:12:42.0533 0x0c48 UserName: John
15:12:42.0533 0x0c48 Windows directory: C:\windows
15:12:42.0533 0x0c48 System windows directory: C:\windows
15:12:42.0533 0x0c48 Running under WOW64
15:12:42.0533 0x0c48 Processor architecture: Intel x64
15:12:42.0533 0x0c48 Number of processors: 4
15:12:42.0533 0x0c48 Page size: 0x1000
15:12:42.0533 0x0c48 Boot type: Normal boot
15:12:42.0533 0x0c48 ============================================================
15:13:02.0096 0x0c48 KLMD registered as C:\windows\system32\drivers\76108177.sys
15:13:02.0969 0x0c48 System UUID: {E68D03CA-AE05-DE46-2C1E-E7310AA9066C}
15:13:08.0164 0x0c48 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:08.0367 0x0c48 Drive \Device\Harddisk1\DR1 - Size: 0xF48D2200 ( 3.82 Gb ), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:13:08.0367 0x0c48 ============================================================
15:13:08.0367 0x0c48 \Device\Harddisk0\DR0:
15:13:08.0461 0x0c48 MBR partitions:
15:13:08.0461 0x0c48 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:13:08.0461 0x0c48 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CE00000
15:13:08.0539 0x0c48 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CE33000, BlocksNum 0x2B2F2000
15:13:08.0539 0x0c48 \Device\Harddisk1\DR1:
15:13:08.0539 0x0c48 MBR partitions:
15:13:08.0539 0x0c48 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x22, BlocksNum 0x79D48F
15:13:08.0632 0x0c48 ============================================================
15:13:09.0428 0x0c48 C: <-> \Device\Harddisk0\DR0\Partition2
15:13:10.0348 0x0c48 D: <-> \Device\Harddisk0\DR0\Partition3
15:13:10.0348 0x0c48 ============================================================
15:13:10.0348 0x0c48 Initialize success
15:13:10.0348 0x0c48 ============================================================
15:13:20.0788 0x12ec ============================================================
15:13:20.0788 0x12ec Scan started
15:13:20.0788 0x12ec Mode: Manual;
15:13:20.0788 0x12ec ============================================================
15:13:20.0788 0x12ec KSN ping started
15:13:21.0456 0x12ec KSN ping finished: false
15:13:24.0420 0x12ec ================ Scan system memory ========================
15:13:24.0420 0x12ec System memory - ok
15:13:24.0420 0x12ec ================ Scan services =============================
15:13:24.0639 0x12ec [ B7603B1B3A188C79DE7E087F11E324FB, D9432F6DDCB53FE7E429611D9788041C38570E48E568D4C5A370E920F59B35E1 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:13:24.0639 0x12ec !SASCORE - ok
15:13:26.0682 0x12ec [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:13:26.0698 0x12ec 1394ohci - ok
15:13:26.0729 0x12ec 70844403 - ok
15:13:26.0776 0x12ec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:13:26.0807 0x12ec ACPI - ok
15:13:26.0823 0x12ec [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:13:26.0823 0x12ec AcpiPmi - ok
15:13:26.0870 0x12ec [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs C:\windows\system32\drivers\adfs.sys
15:13:26.0885 0x12ec adfs - ok
15:13:27.0072 0x12ec [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:13:27.0072 0x12ec AdobeARMservice - ok
15:13:29.0085 0x12ec [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:13:29.0100 0x12ec AdobeFlashPlayerUpdateSvc - ok
15:13:29.0163 0x12ec [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:13:29.0178 0x12ec adp94xx - ok
15:13:29.0210 0x12ec [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
15:13:29.0225 0x12ec adpahci - ok
15:13:29.0288 0x12ec [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:13:29.0319 0x12ec adpu320 - ok
15:13:29.0412 0x12ec [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:13:29.0428 0x12ec AeLookupSvc - ok
15:13:29.0475 0x12ec [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
15:13:29.0506 0x12ec AFD - ok
15:13:29.0537 0x12ec [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
15:13:29.0537 0x12ec agp440 - ok
15:13:29.0568 0x12ec [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
15:13:29.0600 0x12ec ALG - ok
15:13:29.0631 0x12ec [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
15:13:29.0646 0x12ec aliide - ok
15:13:29.0709 0x12ec [ E7BDC2E7D885A65031C6B93D5A80B019, B37B05CA81A200A0C303946A21901ED382468761AB8BB8F7F310700A060E813F ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
15:13:29.0724 0x12ec AMD External Events Utility - ok
15:13:29.0802 0x12ec AMD FUEL Service - ok
15:13:29.0912 0x12ec [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
15:13:29.0912 0x12ec amdide - ok
15:13:29.0974 0x12ec [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:13:29.0974 0x12ec AmdK8 - ok
15:13:30.0801 0x12ec [ 342156AF1FED5ED3A5D3FBB3D87F48E8, 119C85492EDCA82731E23A261DE39A72783713B01B89D8FA2F47400EB03C7C57 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
15:13:31.0347 0x12ec amdkmdag - ok
15:13:31.0534 0x12ec [ 9DCA2AFEABF1D109FB2C229491C9F293, F020F4FDD29897C656287A2D01D51B4AE45AA604E4291BCE05FB7D994242EC04 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
15:13:31.0565 0x12ec amdkmdap - ok
15:13:31.0596 0x12ec [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D62262

Link to comment
Share on other sites

Hi Juliet

 

I did download the programs and I did the scans.

 

When I did scan with JRT I turned off real time protection on windows security essentials.

 

With mbar I did two times.

 

As for tdsskiller I did uninstall windows security essentials and I did re-install again.

 

eset_nod32_antivirus I did online scan and I did install and a scan. With this one I don`t know if I did what should be done.

 

I post the logs bellow.

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on 03/06/2014 at 22:03:37.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-839072158-3120938179-813264055-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-839072158-3120938179-813264055-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasmancs



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\costmin"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\John\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{0BAAF731-59E7-43C7-81AA-AD03B66D790B}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{24791DE8-AAE6-4561-9F93-963045A807F4}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{2A825E33-DA9F-4C94-B44B-D78BC188CEB9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{6FBCB5A0-680C-48D8-8D3F-5C59976A22B6}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9B20C8FC-27FF-4624-AEFC-1724DCBD655E}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9CE5A48E-D0A1-4968-918A-D3918DDBBB23}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A0A183AE-5385-41EC-9320-185FA1E67B5A}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A2779237-D51C-4071-9C77-985F15B4ADF9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A2C99439-516C-433E-BE1B-CF010D6EB078}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{B2DE83BE-046A-4DE1-8907-AE2E9D455CFE}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D6EE2757-6E63-4D26-98C5-BDBFE61D61D4}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E2CAA561-17CE-4B9C-91AC-6E789342ED12}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{ED568333-ECA4-464F-8774-94E76CD42BAD}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\user.js
Successfully deleted the following from C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\prefs.js

user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("extensions.crossrider.bic", "1465f8663e7421978316b4f1cc884a5a");
user_pref("extensions.iQiS.scode", "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||ur
user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=c
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/06/2014 at 22:17:25.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

mbar-log-2014-06-03 (13-04-06):

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.06.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
John :: JOHN-PC [administrator]

03/06/2014 1:04:06 PM
mbar-log-2014-06-03 (13-04-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 371323
Time elapsed: 1 hour(s), 11 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 8
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com/) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com/) -> Replace on reboot.

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot.

Files Detected: 1
C:\ProgramData\374311380\BIT82E3.tmp (Rogue.Multiple) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

system-log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 3601125376

Downloaded database version: v2014.06.03.05
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/03/2014 13:03:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bc3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa8006fc1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80064c0060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d3ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c0060, DeviceName: \Device\00000078\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006fc1b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
Infected: C:\ProgramData\374311380 --> [Rogue.Multiple]
Infected: C:\ProgramData\374311380\BIT82E3.tmp --> [Rogue.Multiple]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL --> [Hijack.SearchPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 3594854400

Downloaded database version: v2014.06.03.06
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/03/2014 14:49:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bc3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa8006fc1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80064c0060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d3ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c0060, DeviceName: \Device\00000078\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006fc1b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 4181753856

Downloaded database version: v2014.06.03.06
Downloaded database version: v2014.06.02.01
Initializing...
======================
------------ Kernel report ------------
06/03/2014 15:39:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006b00060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a5\
Lower Device Object: 0xfffffa8006afe750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006a6a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa80064c09c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006a6a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a6a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006a6a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064c4ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c09c0, DeviceName: \Device\00000077\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006b00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008157040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006afe750, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

Kaspersky TDSSKiller Antirootkit log:

 

15:12:42.0268 0x0c48 TDSS rootkit removing tool 3.0.0.37 May 30 2014 13:12:03
15:12:42.0533 0x0c48 ============================================================
15:12:42.0533 0x0c48 Current date / time: 2014/06/03 15:12:42.0533
15:12:42.0533 0x0c48 SystemInfo:
15:12:42.0533 0x0c48
15:12:42.0533 0x0c48 OS Version: 6.1.7601 ServicePack: 1.0
15:12:42.0533 0x0c48 Product type: Workstation
15:12:42.0533 0x0c48 ComputerName: JOHN-PC
15:12:42.0533 0x0c48 UserName: John
15:12:42.0533 0x0c48 Windows directory: C:\windows
15:12:42.0533 0x0c48 System windows directory: C:\windows
15:12:42.0533 0x0c48 Running under WOW64
15:12:42.0533 0x0c48 Processor architecture: Intel x64
15:12:42.0533 0x0c48 Number of processors: 4
15:12:42.0533 0x0c48 Page size: 0x1000
15:12:42.0533 0x0c48 Boot type: Normal boot
15:12:42.0533 0x0c48 ============================================================
15:13:02.0096 0x0c48 KLMD registered as C:\windows\system32\drivers\76108177.sys
15:13:02.0969 0x0c48 System UUID: {E68D03CA-AE05-DE46-2C1E-E7310AA9066C}
15:13:08.0164 0x0c48 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:08.0367 0x0c48 Drive \Device\Harddisk1\DR1 - Size: 0xF48D2200 ( 3.82 Gb ), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:13:08.0367 0x0c48 ============================================================
15:13:08.0367 0x0c48 \Device\Harddisk0\DR0:
15:13:08.0461 0x0c48 MBR partitions:
15:13:08.0461 0x0c48 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:13:08.0461 0x0c48 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CE00000
15:13:08.0539 0x0c48 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CE33000, BlocksNum 0x2B2F2000
15:13:08.0539 0x0c48 \Device\Harddisk1\DR1:
15:13:08.0539 0x0c48 MBR partitions:
15:13:08.0539 0x0c48 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x22, BlocksNum 0x79D48F
15:13:08.0632 0x0c48 ============================================================
15:13:09.0428 0x0c48 C: <-> \Device\Harddisk0\DR0\Partition2
15:13:10.0348 0x0c48 D: <-> \Device\Harddisk0\DR0\Partition3
15:13:10.0348 0x0c48 ============================================================
15:13:10.0348 0x0c48 Initialize success
15:13:10.0348 0x0c48 ============================================================
15:13:20.0788 0x12ec ============================================================
15:13:20.0788 0x12ec Scan started
15:13:20.0788 0x12ec Mode: Manual;
15:13:20.0788 0x12ec ============================================================
15:13:20.0788 0x12ec KSN ping started
15:13:21.0456 0x12ec KSN ping finished: false
15:13:24.0420 0x12ec ================ Scan system memory ========================
15:13:24.0420 0x12ec System memory - ok
15:13:24.0420 0x12ec ================ Scan services =============================
15:13:24.0639 0x12ec [ B7603B1B3A188C79DE7E087F11E324FB, D9432F6DDCB53FE7E429611D9788041C38570E48E568D4C5A370E920F59B35E1 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:13:24.0639 0x12ec !SASCORE - ok
15:13:26.0682 0x12ec [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:13:26.0698 0x12ec 1394ohci - ok
15:13:26.0729 0x12ec 70844403 - ok
15:13:26.0776 0x12ec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:13:26.0807 0x12ec ACPI - ok
15:13:26.0823 0x12ec [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:13:26.0823 0x12ec AcpiPmi - ok
15:13:26.0870 0x12ec [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs C:\windows\system32\drivers\adfs.sys
15:13:26.0885 0x12ec adfs - ok
15:13:27.0072 0x12ec [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:13:27.0072 0x12ec AdobeARMservice - ok
15:13:29.0085 0x12ec [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:13:29.0100 0x12ec AdobeFlashPlayerUpdateSvc - ok
15:13:29.0163 0x12ec [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:13:29.0178 0x12ec adp94xx - ok
15:13:29.0210 0x12ec [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
15:13:29.0225 0x12ec adpahci - ok
15:13:29.0288 0x12ec [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:13:29.0319 0x12ec adpu320 - ok
15:13:29.0412 0x12ec [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:13:29.0428 0x12ec AeLookupSvc - ok
15:13:29.0475 0x12ec [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
15:13:29.0506 0x12ec AFD - ok
15:13:29.0537 0x12ec [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
15:13:29.0537 0x12ec agp440 - ok
15:13:29.0568 0x12ec [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
15:13:29.0600 0x12ec ALG - ok
15:13:29.0631 0x12ec [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
15:13:29.0646 0x12ec aliide - ok
15:13:29.0709 0x12ec [ E7BDC2E7D885A65031C6B93D5A80B019, B37B05CA81A200A0C303946A21901ED382468761AB8BB8F7F310700A060E813F ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
15:13:29.0724 0x12ec AMD External Events Utility - ok
15:13:29.0802 0x12ec AMD FUEL Service - ok
15:13:29.0912 0x12ec [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
15:13:29.0912 0x12ec amdide - ok
15:13:29.0974 0x12ec [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:13:29.0974 0x12ec AmdK8 - ok
15:13:30.0801 0x12ec [ 342156AF1FED5ED3A5D3FBB3D87F48E8, 119C85492EDCA82731E23A261DE39A72783713B01B89D8FA2F47400EB03C7C57 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
15:13:31.0347 0x12ec amdkmdag - ok
15:13:31.0534 0x12ec [ 9DCA2AFEABF1D109FB2C229491C9F293, F020F4FDD29897C656287A2D01D51B4AE45AA604E4291BCE05FB7D994242EC04 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
15:13:31.0565 0x12ec amdkmdap - ok
15:13:31.0596 0x12ec [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D62262

Link to comment
Share on other sites

Hi Juliet

 

I did download the programs and I did the scans.

 

When I did scan with JRT I turned off real time protection on windows security essentials.

 

With mbar I did two times.

 

As for tdsskiller I did uninstall windows security essentials and I did re-install again.

 

eset_nod32_antivirus I did online scan and I did install and a scan. With this one I don`t know if I did what should be done.

 

I post the logs bellow.

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on 03/06/2014 at 22:03:37.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-839072158-3120938179-813264055-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-839072158-3120938179-813264055-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasmancs



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\costmin"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\John\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{0BAAF731-59E7-43C7-81AA-AD03B66D790B}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{24791DE8-AAE6-4561-9F93-963045A807F4}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{2A825E33-DA9F-4C94-B44B-D78BC188CEB9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{6FBCB5A0-680C-48D8-8D3F-5C59976A22B6}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9B20C8FC-27FF-4624-AEFC-1724DCBD655E}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9CE5A48E-D0A1-4968-918A-D3918DDBBB23}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A0A183AE-5385-41EC-9320-185FA1E67B5A}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A2779237-D51C-4071-9C77-985F15B4ADF9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A2C99439-516C-433E-BE1B-CF010D6EB078}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{B2DE83BE-046A-4DE1-8907-AE2E9D455CFE}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D6EE2757-6E63-4D26-98C5-BDBFE61D61D4}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E2CAA561-17CE-4B9C-91AC-6E789342ED12}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{ED568333-ECA4-464F-8774-94E76CD42BAD}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\user.js
Successfully deleted the following from C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\prefs.js

user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("extensions.crossrider.bic", "1465f8663e7421978316b4f1cc884a5a");
user_pref("extensions.iQiS.scode", "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||ur
user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=c
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/06/2014 at 22:17:25.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

mbar-log-2014-06-03 (13-04-06):

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.06.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
John :: JOHN-PC [administrator]

03/06/2014 1:04:06 PM
mbar-log-2014-06-03 (13-04-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 371323
Time elapsed: 1 hour(s), 11 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 8
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com/) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com/) -> Replace on reboot.

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot.

Files Detected: 1
C:\ProgramData\374311380\BIT82E3.tmp (Rogue.Multiple) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

system-log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 3601125376

Downloaded database version: v2014.06.03.05
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/03/2014 13:03:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bc3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa8006fc1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80064c0060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d3ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c0060, DeviceName: \Device\00000078\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006fc1b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
Infected: C:\ProgramData\374311380 --> [Rogue.Multiple]
Infected: C:\ProgramData\374311380\BIT82E3.tmp --> [Rogue.Multiple]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL --> [Hijack.SearchPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 3594854400

Downloaded database version: v2014.06.03.06
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/03/2014 14:49:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bc3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa8006fc1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80064c0060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d3ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c0060, DeviceName: \Device\00000078\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006fc1b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 4181753856

Downloaded database version: v2014.06.03.06
Downloaded database version: v2014.06.02.01
Initializing...
======================
------------ Kernel report ------------
06/03/2014 15:39:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006b00060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a5\
Lower Device Object: 0xfffffa8006afe750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006a6a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa80064c09c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006a6a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a6a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006a6a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064c4ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c09c0, DeviceName: \Device\00000077\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006b00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008157040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006afe750, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

Kaspersky TDSSKiller Antirootkit log:

 

15:12:42.0268 0x0c48 TDSS rootkit removing tool 3.0.0.37 May 30 2014 13:12:03
15:12:42.0533 0x0c48 ============================================================
15:12:42.0533 0x0c48 Current date / time: 2014/06/03 15:12:42.0533
15:12:42.0533 0x0c48 SystemInfo:
15:12:42.0533 0x0c48
15:12:42.0533 0x0c48 OS Version: 6.1.7601 ServicePack: 1.0
15:12:42.0533 0x0c48 Product type: Workstation
15:12:42.0533 0x0c48 ComputerName: JOHN-PC
15:12:42.0533 0x0c48 UserName: John
15:12:42.0533 0x0c48 Windows directory: C:\windows
15:12:42.0533 0x0c48 System windows directory: C:\windows
15:12:42.0533 0x0c48 Running under WOW64
15:12:42.0533 0x0c48 Processor architecture: Intel x64
15:12:42.0533 0x0c48 Number of processors: 4
15:12:42.0533 0x0c48 Page size: 0x1000
15:12:42.0533 0x0c48 Boot type: Normal boot
15:12:42.0533 0x0c48 ============================================================
15:13:02.0096 0x0c48 KLMD registered as C:\windows\system32\drivers\76108177.sys
15:13:02.0969 0x0c48 System UUID: {E68D03CA-AE05-DE46-2C1E-E7310AA9066C}
15:13:08.0164 0x0c48 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:08.0367 0x0c48 Drive \Device\Harddisk1\DR1 - Size: 0xF48D2200 ( 3.82 Gb ), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:13:08.0367 0x0c48 ============================================================
15:13:08.0367 0x0c48 \Device\Harddisk0\DR0:
15:13:08.0461 0x0c48 MBR partitions:
15:13:08.0461 0x0c48 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:13:08.0461 0x0c48 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CE00000
15:13:08.0539 0x0c48 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CE33000, BlocksNum 0x2B2F2000
15:13:08.0539 0x0c48 \Device\Harddisk1\DR1:
15:13:08.0539 0x0c48 MBR partitions:
15:13:08.0539 0x0c48 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x22, BlocksNum 0x79D48F
15:13:08.0632 0x0c48 ============================================================
15:13:09.0428 0x0c48 C: <-> \Device\Harddisk0\DR0\Partition2
15:13:10.0348 0x0c48 D: <-> \Device\Harddisk0\DR0\Partition3
15:13:10.0348 0x0c48 ============================================================
15:13:10.0348 0x0c48 Initialize success
15:13:10.0348 0x0c48 ============================================================
15:13:20.0788 0x12ec ============================================================
15:13:20.0788 0x12ec Scan started
15:13:20.0788 0x12ec Mode: Manual;
15:13:20.0788 0x12ec ============================================================
15:13:20.0788 0x12ec KSN ping started
15:13:21.0456 0x12ec KSN ping finished: false
15:13:24.0420 0x12ec ================ Scan system memory ========================
15:13:24.0420 0x12ec System memory - ok
15:13:24.0420 0x12ec ================ Scan services =============================
15:13:24.0639 0x12ec [ B7603B1B3A188C79DE7E087F11E324FB, D9432F6DDCB53FE7E429611D9788041C38570E48E568D4C5A370E920F59B35E1 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:13:24.0639 0x12ec !SASCORE - ok
15:13:26.0682 0x12ec [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:13:26.0698 0x12ec 1394ohci - ok
15:13:26.0729 0x12ec 70844403 - ok
15:13:26.0776 0x12ec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:13:26.0807 0x12ec ACPI - ok
15:13:26.0823 0x12ec [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:13:26.0823 0x12ec AcpiPmi - ok
15:13:26.0870 0x12ec [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs C:\windows\system32\drivers\adfs.sys
15:13:26.0885 0x12ec adfs - ok
15:13:27.0072 0x12ec [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:13:27.0072 0x12ec AdobeARMservice - ok
15:13:29.0085 0x12ec [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:13:29.0100 0x12ec AdobeFlashPlayerUpdateSvc - ok
15:13:29.0163 0x12ec [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:13:29.0178 0x12ec adp94xx - ok
15:13:29.0210 0x12ec [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
15:13:29.0225 0x12ec adpahci - ok
15:13:29.0288 0x12ec [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:13:29.0319 0x12ec adpu320 - ok
15:13:29.0412 0x12ec [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:13:29.0428 0x12ec AeLookupSvc - ok
15:13:29.0475 0x12ec [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
15:13:29.0506 0x12ec AFD - ok
15:13:29.0537 0x12ec [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
15:13:29.0537 0x12ec agp440 - ok
15:13:29.0568 0x12ec [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
15:13:29.0600 0x12ec ALG - ok
15:13:29.0631 0x12ec [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
15:13:29.0646 0x12ec aliide - ok
15:13:29.0709 0x12ec [ E7BDC2E7D885A65031C6B93D5A80B019, B37B05CA81A200A0C303946A21901ED382468761AB8BB8F7F310700A060E813F ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
15:13:29.0724 0x12ec AMD External Events Utility - ok
15:13:29.0802 0x12ec AMD FUEL Service - ok
15:13:29.0912 0x12ec [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
15:13:29.0912 0x12ec amdide - ok
15:13:29.0974 0x12ec [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:13:29.0974 0x12ec AmdK8 - ok
15:13:30.0801 0x12ec [ 342156AF1FED5ED3A5D3FBB3D87F48E8, 119C85492EDCA82731E23A261DE39A72783713B01B89D8FA2F47400EB03C7C57 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
15:13:31.0347 0x12ec amdkmdag - ok
15:13:31.0534 0x12ec [ 9DCA2AFEABF1D109FB2C229491C9F293, F020F4FDD29897C656287A2D01D51B4AE45AA604E4291BCE05FB7D994242EC04 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
15:13:31.0565 0x12ec amdkmdap - ok
15:13:31.0596 0x12ec [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D62262

Link to comment
Share on other sites

Hi Juliet

 

I did download the programs and I did the scans.

 

When I did scan with JRT I turned off real time protection on windows security essentials.

 

With mbar I did two times.

 

As for tdsskiller I did uninstall windows security essentials and I did re-install again.

 

eset_nod32_antivirus I did online scan and I did install and a scan. With this one I don`t know if I did what should be done.

 

I post the logs bellow.

 

 

Note: I did put every scan here but did not uoload. What I did was I posted this half and did another post.

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on 03/06/2014 at 22:03:37.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-839072158-3120938179-813264055-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-839072158-3120938179-813264055-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasmancs



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\John\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\costmin"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\John\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{0BAAF731-59E7-43C7-81AA-AD03B66D790B}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{24791DE8-AAE6-4561-9F93-963045A807F4}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{2A825E33-DA9F-4C94-B44B-D78BC188CEB9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{6FBCB5A0-680C-48D8-8D3F-5C59976A22B6}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9B20C8FC-27FF-4624-AEFC-1724DCBD655E}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{9CE5A48E-D0A1-4968-918A-D3918DDBBB23}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A0A183AE-5385-41EC-9320-185FA1E67B5A}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A2779237-D51C-4071-9C77-985F15B4ADF9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A2C99439-516C-433E-BE1B-CF010D6EB078}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{B2DE83BE-046A-4DE1-8907-AE2E9D455CFE}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D6EE2757-6E63-4D26-98C5-BDBFE61D61D4}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E2CAA561-17CE-4B9C-91AC-6E789342ED12}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{ED568333-ECA4-464F-8774-94E76CD42BAD}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\web search.xml"
Successfully deleted: [File] C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\user.js
Successfully deleted the following from C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\prefs.js

user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("extensions.crossrider.bic", "1465f8663e7421978316b4f1cc884a5a");
user_pref("extensions.iQiS.scode", "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||ur
user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=c
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\2d837ppg.default-1395243719434\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/06/2014 at 22:17:25.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

mbar-log-2014-06-03 (13-04-06):

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.06.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
John :: JOHN-PC [administrator]

03/06/2014 1:04:06 PM
mbar-log-2014-06-03 (13-04-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 371323
Time elapsed: 1 hour(s), 11 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 8
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com/) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=80415&tid=23890&ver=6.3&ts=1401761782761&tguid=80415-23890-1401761782761-99BB5C101D4E398B10E49102D337D04D&st=chrome&q=) Good: (http://www.google.com/) -> Replace on reboot.

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot.

Files Detected: 1
C:\ProgramData\374311380\BIT82E3.tmp (Rogue.Multiple) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

system-log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 3601125376

Downloaded database version: v2014.06.03.05
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/03/2014 13:03:46
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bc3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa8006fc1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80064c0060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d3ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c0060, DeviceName: \Device\00000078\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006fc1b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
Infected: C:\ProgramData\374311380 --> [Rogue.Multiple]
Infected: C:\ProgramData\374311380\BIT82E3.tmp --> [Rogue.Multiple]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchPage]
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar --> [Hijack.SearchPage]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL --> [Hijack.SearchPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 3594854400

Downloaded database version: v2014.06.03.06
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
06/03/2014 14:49:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007bc3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa8006fc1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006b2e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80064c0060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006b2eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b2e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064d3ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c0060, DeviceName: \Device\00000078\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063ce040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bc3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006fc1b60, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.497000 GHz
Memory total: 5884399616, free: 4181753856

Downloaded database version: v2014.06.03.06
Downloaded database version: v2014.06.02.01
Initializing...
======================
------------ Kernel report ------------
06/03/2014 15:39:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\??\C:\windows\system32\drivers\SAFDSKNT.SYS
\??\C:\windows\system32\Drivers\SABI.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\SysWOW64\Drivers\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\SGdrv64.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\adfs.SYS
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006b00060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a5\
Lower Device Object: 0xfffffa8006afe750
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006a6a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa80064c09c0
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006a6a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006a6a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006a6a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80064c4ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80064c09c0, DeviceName: \Device\00000077\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 674EF893

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 484442112

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 484648960 Numsec = 724510720

Partition 3 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 1209159680 Numsec = 41103360

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006b00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008157040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006b00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006afe750, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 34 Numsec = 7984271

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4102889984 bytes
Sector size: 512 bytes

Done!
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page --> [Hijack.SearchPage]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

Kaspersky TDSSKiller Antirootkit log:

 

15:12:42.0268 0x0c48 TDSS rootkit removing tool 3.0.0.37 May 30 2014 13:12:03
15:12:42.0533 0x0c48 ============================================================
15:12:42.0533 0x0c48 Current date / time: 2014/06/03 15:12:42.0533
15:12:42.0533 0x0c48 SystemInfo:
15:12:42.0533 0x0c48
15:12:42.0533 0x0c48 OS Version: 6.1.7601 ServicePack: 1.0
15:12:42.0533 0x0c48 Product type: Workstation
15:12:42.0533 0x0c48 ComputerName: JOHN-PC
15:12:42.0533 0x0c48 UserName: John
15:12:42.0533 0x0c48 Windows directory: C:\windows
15:12:42.0533 0x0c48 System windows directory: C:\windows
15:12:42.0533 0x0c48 Running under WOW64
15:12:42.0533 0x0c48 Processor architecture: Intel x64
15:12:42.0533 0x0c48 Number of processors: 4
15:12:42.0533 0x0c48 Page size: 0x1000
15:12:42.0533 0x0c48 Boot type: Normal boot
15:12:42.0533 0x0c48 ============================================================
15:13:02.0096 0x0c48 KLMD registered as C:\windows\system32\drivers\76108177.sys
15:13:02.0969 0x0c48 System UUID: {E68D03CA-AE05-DE46-2C1E-E7310AA9066C}
15:13:08.0164 0x0c48 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:08.0367 0x0c48 Drive \Device\Harddisk1\DR1 - Size: 0xF48D2200 ( 3.82 Gb ), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:13:08.0367 0x0c48 ============================================================
15:13:08.0367 0x0c48 \Device\Harddisk0\DR0:
15:13:08.0461 0x0c48 MBR partitions:
15:13:08.0461 0x0c48 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:13:08.0461 0x0c48 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CE00000
15:13:08.0539 0x0c48 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CE33000, BlocksNum 0x2B2F2000
15:13:08.0539 0x0c48 \Device\Harddisk1\DR1:
15:13:08.0539 0x0c48 MBR partitions:
15:13:08.0539 0x0c48 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x22, BlocksNum 0x79D48F
15:13:08.0632 0x0c48 ============================================================
15:13:09.0428 0x0c48 C: <-> \Device\Harddisk0\DR0\Partition2
15:13:10.0348 0x0c48 D: <-> \Device\Harddisk0\DR0\Partition3
15:13:10.0348 0x0c48 ============================================================
15:13:10.0348 0x0c48 Initialize success
15:13:10.0348 0x0c48 ============================================================
15:13:20.0788 0x12ec ============================================================
15:13:20.0788 0x12ec Scan started
15:13:20.0788 0x12ec Mode: Manual;
15:13:20.0788 0x12ec ============================================================
15:13:20.0788 0x12ec KSN ping started
15:13:21.0456 0x12ec KSN ping finished: false
15:13:24.0420 0x12ec ================ Scan system memory ========================
15:13:24.0420 0x12ec System memory - ok
15:13:24.0420 0x12ec ================ Scan services =============================
15:13:24.0639 0x12ec [ B7603B1B3A188C79DE7E087F11E324FB, D9432F6DDCB53FE7E429611D9788041C38570E48E568D4C5A370E920F59B35E1 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:13:24.0639 0x12ec !SASCORE - ok
15:13:26.0682 0x12ec [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:13:26.0698 0x12ec 1394ohci - ok
15:13:26.0729 0x12ec 70844403 - ok
15:13:26.0776 0x12ec [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:13:26.0807 0x12ec ACPI - ok
15:13:26.0823 0x12ec [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:13:26.0823 0x12ec AcpiPmi - ok
15:13:26.0870 0x12ec [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs C:\windows\system32\drivers\adfs.sys
15:13:26.0885 0x12ec adfs - ok
15:13:27.0072 0x12ec [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:13:27.0072 0x12ec AdobeARMservice - ok
15:13:29.0085 0x12ec [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:13:29.0100 0x12ec AdobeFlashPlayerUpdateSvc - ok
15:13:29.0163 0x12ec [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:13:29.0178 0x12ec adp94xx - ok
15:13:29.0210 0x12ec [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
15:13:29.0225 0x12ec adpahci - ok
15:13:29.0288 0x12ec [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:13:29.0319 0x12ec adpu320 - ok
15:13:29.0412 0x12ec [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:13:29.0428 0x12ec AeLookupSvc - ok
15:13:29.0475 0x12ec [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
15:13:29.0506 0x12ec AFD - ok
15:13:29.0537 0x12ec [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
15:13:29.0537 0x12ec agp440 - ok
15:13:29.0568 0x12ec [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
15:13:29.0600 0x12ec ALG - ok
15:13:29.0631 0x12ec [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
15:13:29.0646 0x12ec aliide - ok
15:13:29.0709 0x12ec [ E7BDC2E7D885A65031C6B93D5A80B019, B37B05CA81A200A0C303946A21901ED382468761AB8BB8F7F310700A060E813F ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
15:13:29.0724 0x12ec AMD External Events Utility - ok
15:13:29.0802 0x12ec AMD FUEL Service - ok
15:13:29.0912 0x12ec [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
15:13:29.0912 0x12ec amdide - ok
15:13:29.0974 0x12ec [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:13:29.0974 0x12ec AmdK8 - ok
15:13:30.0801 0x12ec [ 342156AF1FED5ED3A5D3FBB3D87F48E8, 119C85492EDCA82731E23A261DE39A72783713B01B89D8FA2F47400EB03C7C57 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
15:13:31.0347 0x12ec amdkmdag - ok
15:13:31.0534 0x12ec [ 9DCA2AFEABF1D109FB2C229491C9F293, F020F4FDD29897C656287A2D01D51B4AE45AA604E4291BCE05FB7D994242EC04 ] amdkmdap

Link to comment
Share on other sites

Second Post:

 

ESETScan online:

C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\File System\016\t\00\00000000 a variant of Win32/SoftPulse.B potentially unwanted application deleted - quarantined
C:\Users\John\Documents\John`s Files\EXE Files\Freevideo roteate\FreeVideoFlipAndRotate.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\John\Downloads\freeringtonemakerplatinum-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\John\Downloads\Setup.exe a variant of Win32/SoftPulse.B potentially unwanted application deleted - quarantined
C:\Users\John\Downloads\ViberSetup.exe Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Users\John\Downloads\Free Hide IP\FreeHideIPv3922.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\John\Downloads\WI-FI Pass generator\WiFiPasswordKeyGenerator_v10zip.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
D:\John`s Files\EXE Files\Freevideo roteate\FreeVideoFlipAndRotate.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
D:\John`s Files\EXE Files\Hotshield\HSS-2.06-install-anchorfree-76-conduit.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined

ESETScan 1

<?xml version="1.0" encoding="utf-8"?>
<ESET>
<SECTION ID="1000103">
<SETTINGS>
<SCANNERS>
<SCANNER ID="1010100">
<PROFILES>
<NODE NAME="Enable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Active" VALUE="@Smart scan" TYPE="STRING" />
<NODE NAME="@In-depth scan" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
<NODE NAME="@Shellext scan" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
<NODE NAME="@Smart scan" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1010101">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1010102">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1010104">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1010106">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1010107">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1020100">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1020101">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1020102">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1020103">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1020104">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1020200">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1020201">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
<SCANNER ID="1030200">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="SignaturesEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="HeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdvancedHeuristicsEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="AdwareEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="FileEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SectorEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="ArchiveEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="SfxEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="RtpEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MailEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MemoryEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="MaxArchiveLevel" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxScanFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="MaxTempFileSize" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanObjectTimeout" VALUE="0" TYPE="DWORD" />
<NODE NAME="CleanLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogAllEnable" VALUE="0" TYPE="DWORD" />
<NODE NAME="SmartEnable" VALUE="1" TYPE="DWORD" />
<NODE NAME="Extensions" TYPE="SUBNODE">
<NODE NAME="AddExtensions" VALUE="|*|" TYPE="STRING" />
<NODE NAME="RemoveExtensions" VALUE="" TYPE="STRING" />
<NODE NAME="ExcludeExtensions" VALUE="" TYPE="STRING" />
</NODE>
</NODE>
</PROFILES>
</SCANNER>
</SCANNERS>
<ANTISPAM>
<ANTISPAM ID="1010101">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="Enabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="SpamSensibilityLevel" VALUE="3" TYPE="DWORD" />
<NODE NAME="DnsblService" VALUE="" TYPE="STRING" />
</NODE>
</PROFILES>
</ANTISPAM>
<ANTISPAM ID="1010102">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="Enabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="SpamSensibilityLevel" VALUE="3" TYPE="DWORD" />
<NODE NAME="DnsblService" VALUE="" TYPE="STRING" />
</NODE>
</PROFILES>
</ANTISPAM>
<ANTISPAM ID="1010107">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="Enabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="SpamSensibilityLevel" VALUE="3" TYPE="DWORD" />
<NODE NAME="DnsblService" VALUE="" TYPE="STRING" />
</NODE>
</PROFILES>
</ANTISPAM>
<ANTISPAM ID="1030200">
<PROFILES>
<NODE NAME="Enable" VALUE="0" TYPE="DWORD" />
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="Enabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="SpamSensibilityLevel" VALUE="3" TYPE="DWORD" />
<NODE NAME="DnsblService" VALUE="" TYPE="STRING" />
</NODE>
</PROFILES>
</ANTISPAM>
</ANTISPAM>
<PLUGINS>
<PLUGIN ID="1000600">
<PROFILES>
<NODE NAME="@My profile" TYPE="SUBNODE">
<NODE NAME="ScannerCnt" VALUE="1" TYPE="DWORD" />
<NODE NAME="AntistealthEnabled" VALUE="1" TYPE="DWORD" />
<NODE NAME="AntiphishEnabled" VALUE="1" TYPE="DWORD" />
<NODE NAME="ScanUnwantedApp" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanUnsafeApp" VALUE="0" TYPE="DWORD" />
<NODE NAME="ScanSuspApp" VALUE="1" TYPE="DWORD" />
<NODE NAME="ElevationFlags" VALUE="3" TYPE="DWORD" />
<NODE NAME="WUWarningLevel" VALUE="4" TYPE="DWORD" />
<NODE NAME="AutoDeleteLogs" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogsLifetime" VALUE="5A" TYPE="DWORD" />
<NODE NAME="AutoOptimizeLogs" VALUE="1" TYPE="DWORD" />
<NODE NAME="LogsOptimizePercent" VALUE="19" TYPE="DWORD" />
<NODE NAME="LogsDefaultFilter" VALUE="8000001F" TYPE="DWORD" />
<NODE NAME="PlainTextLog" VALUE="" TYPE="STRING" />
<NODE NAME="DefaultMessageAccount" VALUE="Administrator" TYPE="STRING" />
<NODE NAME="RAClientEnabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="RAClientInterval" VALUE="A" TYPE="DWORD" />
<NODE NAME="EWAID" VALUE="AAAAAAAAAAA=" TYPE="BINARY" />
<NODE NAME="RAClientServer" VALUE="" TYPE="STRING" />
<NODE NAME="RAClientPort" VALUE="8AE" TYPE="DWORD" />
<NODE NAME="RAClientPassword" VALUE="U9bh6Z7wzfJuZHathsgoda0xGrx7+O0MCd0z3YDKOkxSSBVQlW/5DIuzmRb6xx2xTRNL7T4RpuLRQ+qTCgBo7VN8xfQENzCm/Yw5LeC4acw=" TYPE="PASS" />
<NODE NAME="RAClientDisNonEncConn" VALUE="1" TYPE="DWORD" />
<NODE NAME="RAClientServerAlt" VALUE="" TYPE="STRING" />
<NODE NAME="RAClientPortAlt" VALUE="8AE" TYPE="DWORD" />
<NODE NAME="RAClientPasswordAlt" VALUE="U9bh6Z7wzfJuZHathsgoda0xGrx7+O0MCd0z3YDKOkxSSBVQlW/5DIuzmRb6xx2xTRNL7T4RpuLRQ+qTCgBo7VN8xfQENzCm/Yw5LeC4acw=" TYPE="PASS" />
<NODE NAME="RAClientDisNonEncConnAlt" VALUE="1" TYPE="DWORD" />
<NODE NAME="RAClientCustom" VALUE="" TYPE="STRING" />
<NODE NAME="RAClientFirstQuarantineCommandDelay" VALUE="12C" TYPE="DWORD" />
<NODE NAME="SMTP_Enabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="SMTP_Flags" VALUE="0" TYPE="DWORD" />
<NODE NAME="SMTP_Server" VALUE="" TYPE="STRING" />
<NODE NAME="SMTP_SenderAddress" VALUE="" TYPE="STRING" />
<NODE NAME="SMTP_Address" VALUE="" TYPE="STRING" />
<NODE NAME="SMTP_Username" VALUE="" TYPE="STRING" />
<NODE NAME="SMTP_Password" VALUE="" TYPE="PASS" />
<NODE NAME="Winpopup_Enabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="Winpopup_Address" VALUE="" TYPE="STRING" />
<NODE NAME="Winpopup_Timeout" VALUE="3C" TYPE="DWORD" />
<NODE NAME="MsgFormatVirus" VALUE="%TimeStamp% - Module %Scanner% - Threat Alert triggered on computer %ComputerName%: %InfectedObject% contains %VirusName%." TYPE="STRING" />
<NODE NAME="MsgFormatError" VALUE="%TimeStamp% - During execution of %ProgramName% on the computer %ComputerName%, the following warning occurred: %ErrorDescription%" TYPE="STRING" />
<NODE NAME="MsgMinStatusSend" VALUE="40000000" TYPE="DWORD" />
<NODE NAME="MsgMinStatusLog" VALUE="10000000" TYPE="DWORD" />
<NODE NAME="ProxyEnabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="ProxyAddress" VALUE="" TYPE="STRING" />
<NODE NAME="ProxyPort" VALUE="C38" TYPE="DWORD" />
<NODE NAME="ProxyUser" VALUE="" TYPE="STRING" />
<NODE NAME="ProxyPassword" VALUE="" TYPE="PASS" />
<NODE NAME="QuarantineUpdateScan" VALUE="1" TYPE="DWORD" />
<NODE NAME="IncomingEmailTagLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="IncomingEmailSubjectModify" VALUE="1" TYPE="DWORD" />
<NODE NAME="OutgoingEmailTagLevel" VALUE="1" TYPE="DWORD" />
<NODE NAME="OutgoingEmailSubjectModify" VALUE="1" TYPE="DWORD" />
<NODE NAME="EmailSubjectFormat" VALUE="[virus %VIRUSNAME%]" TYPE="STRING" />
<NODE NAME="NapSupportEnabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="SchedulerStartupDelay" VALUE="FFFFFFFF" TYPE="DWORD" />
<NODE NAME="GamerModeFullScreenEnabled" VALUE="1" TYPE="DWORD" />
<NODE NAME="GamerModeTimeoutEnabled" VALUE="0" TYPE="DWORD" />
<NODE NAME="GamerModeTimeout" VALUE="1" TYPE="DWORD" />
<NODE NAME="CrashDumpSupport" VALUE="0" TYPE="DWORD" />
<NODE NAME="SchedulerRandDispersion" VALUE="0" TYPE="DWORD" />
<NODE NAME="CloudEnabled" VALUE="1" TYPE="DWORD" />
<NODE NAME="CloudFlags" VALUE="0" TYPE="DWORD" />
<NODE NAME="CloudTarget" VALUE="0" TYPE="DWORD" />
<NODE NAME="CloudLog" VALUE="0" TYPE="DWORD" />
<NODE NAME="CloudExclude" VALUE="*.doc|*.rtf|*.xl?|*.dbf|*.mdb|*.sxw|*.sxc|*.doc?|*.dot?|*.xls?|*.xlt?|*.ppt?|*.pot?|*.pps?" TYPE="STRING" />
<NODE NAME="CloudMail" VALUE="" TYPE="STRING" />
<NODE NAME="RAClientDisableMacEnum" VALUE="0" TYPE="DWORD" />
<NODE NAME="PlainLog" VALUE="0" TYPE="DWORD" />
<NODE NAME="PlainLogType" VALUE="0" TYPE="DWORD" />
<NODE NAME="PlainLogDir" VALUE="" TYPE="STRING" />
<NODE NAME="NotifyIdleSettings" VALUE="7" TYPE="DWORD" />
<NODE NAME="ECPSeatID" VALUE="" TYPE="STRING" />
<NODE NAME="ODASeqNumber" VALUE="0" TYPE="DWORD" />
<NODE NAME="ECPCfgSeqNumber" VALUE="0" TYPE="DWORD" />
<NODE NAME="ODATimerSec" VALUE="708" TYPE="DWORD" />
<NODE NAME="CFGTimerSec" VALUE="708" TYPE="DWORD" />
<NODE NAME="DNSTimerSec" VALUE="B4" TYPE="DWORD" />
<NODE NAME="ECPCfgSeqNumberAcc" VALUE="0" TYPE="DWORD" />
<NODE NAME="ECPDNSConfig1" VALUE="FFFF" TYPE="DWORD" />
<NODE NAME="ECPCfgSeqNumberAntitheftGlobal" VALUE="0" TYPE="DWORD" />
<NODE NAME="ECPCfgSeqNumberEsetAccGlobal" VALUE="0" TYPE="DWORD" />
<NODE NAME="ODANODNSTimerSec" VALUE="258" TYPE="DWORD" />
<NODE NAME="CFGNODNSTimerSec" VALUE="258" TYPE="DWORD" />
<NODE NAME="WebClientID" VALUE="" TYPE="STRING" />
<NODE NAME="WebClientComputerName" VALUE="" TYPE="STRING" />
<NODE NAME="WebClientToken" VALUE="" TYPE="STRING" />
<NODE NAME="LockPassword" VALUE="0" TYPE="DWORD" />
<NODE NAME="IgnoreUserSettings" VALUE="0" TYPE="DWORD" />
<NODE NAME="GraphicMode" VALUE="FFFFFFFF" TYPE="DWORD" />
<NODE NAME="ShowSplash" VALUE="1" TYPE="DWORD" />
<NODE NAME="PageMode" VALUE="0" TYPE="DWORD" />
<NODE NAME="SimpleMenu" VALUE="0" TYPE="DWORD" />
<NODE NAME="AdvancedMenu" VALUE="0" TYPE="DWORD" />
<NODE NAME="ShowMenu" VALUE="0" TYPE="DWORD" />
<NODE NAME="ShowToolTips" VALUE="1" TYPE="DWORD" />
<NODE NAME="ShowFocus" VALUE="0" TYPE="DWORD" />
<NODE NAME="ShowAlert" VALUE="1" TYPE="DWORD" />
<NODE NAME="FullScreenMode" VALUE="1" TYPE="DWORD" />
<NODE NAME="ShowMomentaryMessageBox" VALUE="1" TYPE="DWORD" />
<NODE NAME="MomentaryMessageBoxDuration" VALUE="78" TYPE="DWORD" />
<NODE NAME="ShowDesktopAlert" VALUE="1" TYPE="DWORD" />
<NODE NAME="DesktopAlertDuration" VALUE="A" TYPE="DWORD" />
<NODE NAME="DesktopAlertTransparency" VALUE="14" TYPE="DWORD" />
<NODE NAME="ShowAlertStatus" VALUE="10000000" TYPE="DWORD" />
<NODE NAME="AnimateControls" VALUE="FFFFFFFF" TYPE="DWORD" />
<NODE NAME="AnimateControlsSpeed" VALUE="9" TYPE="DWORD" />
<NODE NAME="AnimateIcons" VALUE="1" TYPE="DWORD" />
<NODE NAME="PlaySound" VALUE="1" TYPE="DWORD" />
<NODE NAME="ShowSchedulerSystemTasks" VALUE="0" TYPE="DWORD" />
<NODE NAME="SupportMail" VALUE="" TYPE="STRING" />
<NODE NAME="SupportCompany" VALUE="" TYPE="STRING" />
<NODE NAME="SupportCountry" VALUE="FFFFFFFF" TYPE="DWORD" />
<NODE NAME="ShowProtectionTimeout" VALUE="1" TYPE="DWORD" />
<NODE NAME="ShowTrainingPage" VALUE="1" TYPE="DWORD" />
<NODE NAME="AllowStatusIgnore" VALUE="0" TYPE="DWORD" />
<NODE NAME="AllowNotifyIgnore" VALUE="0" TYPE="DWORD" />
<NODE NAME="CustomerCareProduct" VALUE="1" TYPE="DWORD" />
<NODE NAME="CustomerCareWeb" VALUE="2" TYPE="DWORD" />
<NODE NAME="CaptureShotDelay" VALUE="1" TYPE="DWORD" />
<NODE NAME="Scheduler" TYPE="SUBNODE">
<TASK>
<NODE NAME="Name" VALUE="Log maintenance" TYPE="STRING" />
<NODE NAME="ActionCode" VALUE="1" TYPE="DWORD" />
<NODE NAME="ModuleID" VALUE="1000600" TYPE="DWORD" />
<NODE NAME="TriggerType" VALUE="2" TYPE="DWORD" />
<NODE NAME="TriggerSettings" VALUE="16DA0" TYPE="DWORD" />
<NODE NAME="StartFailSettings" VALUE="0" TYPE="DWORD" />
<NODE NAME="Enabled" VALUE="1" TYPE="DWORD" />
<NODE NAME="LastExec" VALUE="538E21F4" TYPE="DWORD" />
<NODE NAME="Flags" VALUE="0" TYPE="DWORD" />
<NODE NAME="RegId" VALUE="1" TYPE="DWORD" />
<NODE NAME="DeleteThis" VALUE="0" TYPE="DWORD" />
<NODE NAME="EnableThis" VALUE="0" TYPE="DWORD" />
<NODE NAME="DisableThis" VALUE="0" TYPE="DWORD" />
</TASK>
<TASK>
<NODE NAME="Name" VALUE="Regular automatic update" TYPE="STRING" />
<NODE NAME="ActionCode" VALUE="0" TYPE="DWORD" />
<NODE NAME="ModuleID" VALUE="1000400" TYPE="DWORD" />
<NODE NAME="TriggerType" VALUE="1" TYPE="DWORD" />
<NODE NAME="TriggerSettings" VALUE="3C" TYPE="DWORD" />
<NODE NAME="StartFailSettings" VALUE="FFFFFFFF" TYPE="DWORD" />
<NODE NAME="Enabled" VALUE="1" TYPE="DWORD" />
<NODE NAME="LastExec" VALUE="538E6848" TYPE="DWORD" />
<NODE NAME="Flags" VALUE="0" TYPE="DWORD" />
<NODE NAME="RegId" VALUE="64" TYPE="DWORD" />
<NODE NAME="DeleteThis" VALUE="0" TYPE="DWORD" />
<NODE NAME="EnableThis" VALUE="0" TYPE="DWORD" />
<NODE NAME="DisableThis" VALUE="0" TYPE="DWORD" />
</TASK>
<TASK>

Link to comment
Share on other sites

Your computer was loaded with junk, let me make a few comments.

 

For the Eset instructions

 

Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

Generally I do this so if that a false positive was found we could ignore it. In this case there were none and we're OK.

 

It appears you may have downloaded items from non reputable sites, please be careful.

 

How's the computer now?

Link to comment
Share on other sites

Hi Juliet

 

I find it a bit slow. I am not aware of the sites I download, because I do not download that much, but if you say that. it is because you are more expedient and know better lol...and I thank you for all the info you give.

 

Do I need to do the scan with Eset again?

If so.I need to be more careful.

Link to comment
Share on other sites