Solved Help with MoneyPak virus

[andy2082]

Hi, my computer keeps popping up with the MoneyPak virus. I can remove it temporarily by accessing the computer through another user and running Malwarebytes, but it recurs within a day or so. Below are my logs, any help appreciated. Andrew

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.27.05
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]
27/10/2013 15:48:35
mbam-log-2013-10-27 (15-48-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229231
Time elapsed: 10 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Andrew\AppData\Roaming\skype.dat -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Andrew at 16:07:21 on 2013-10-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3004.1542 [GMT -4:00]
.
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Andrew\AppData\Local\Temp\nsvD625.tmp\ns8355.tmp
C:\Windows\system32\conhost.exe
C:\Users\Andrew\AppData\Local\Temp\nsvD625.tmp\PEV.DAT
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\30.0.1599.101\npchrome_frame.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Google Update] "c:\users\andrew\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:147
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:147
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://soem.webex.com/client/T27LC/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\14C6D28416D6262716 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\64F445A5D275946494 : DHCPNameServer = 192.168.100.4
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\84F6D656 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\30.0.1599.101\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-7 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-6-18 582936]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 44752]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-9 218176]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [2013-10-4 15400]
R1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-8-26 330960]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-10-11 70352]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2011-1-3 29744]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-10-11 2327248]
R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-9-5 3450368]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-25 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-25 701512]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-12-10 479224]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-5-20 59904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-1-3 116136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-25 22856]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2012-6-7 92112]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 131288]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2013-10-26 13:55:40 -------- d--h--w- C:\VTRoot
2013-10-26 13:55:38 2144 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-10-26 03:04:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-26 03:04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-20 23:12:35 -------- d-----w- c:\users\andrew\appdata\local\calibre-cache
2013-10-13 23:42:33 -------- d-----w- c:\program files\common files\COMODO
2013-10-04 08:15:04 15400 ----a-w- c:\windows\system32\drivers\hmd.sys
2013-09-30 16:01:09 737280 ----a-w- c:\windows\iun6002.exe
2013-09-30 15:57:29 -------- d-----w- c:\program files\AAZV Collected Proceedings 1968-2013
.
==================== Find3M ====================
.
2013-10-04 08:15:04 15400 ----a-w- c:\windows\inf\hmd\hmd.sys
2013-09-24 10:54:08 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-09-24 10:54:08 44752 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54:07 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53:51 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-09-24 10:53:51 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 10:53:35 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53:34 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-09-11 03:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-05 09:35:06 55504 ----a-w- c:\windows\system32\offreg.dll
2013-08-03 01:21:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-08-03 01:21:57 1060864 ----a-w- c:\windows\system32\mfc71.dll
.
============= FINISH: 16:07:51.40 ===============

 

[andy2082]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 03/01/2011 11:13:53
System Uptime: 27/10/2013 15:18:27 (1 hours ago)
.
Motherboard: Acer | | Aspire 5935
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | uPGA-478 | 1596/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 232.431 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP207: 30/06/2013 22:04:11 - Scheduled Checkpoint
RP208: 02/07/2013 19:34:30 - Installed Microsoft Office Professional Plus 2010
RP209: 13/07/2013 14:10:28 - Scheduled Checkpoint
RP210: 26/07/2013 22:35:33 - Scheduled Checkpoint
RP211: 02/08/2013 20:55:21 - Removed AVG 2012
RP212: 02/08/2013 20:57:27 - Removed AVG 2012
RP213: 02/08/2013 21:07:37 - Device Driver Package Install: COMODO Network Service
RP214: 10/08/2013 15:57:49 - Scheduled Checkpoint
RP215: 17/08/2013 20:41:43 - Removed AVG PC TuneUp
RP216: 17/08/2013 20:43:02 - Removed AVG PC TuneUp Language Pack (en-US)
RP217: 18/08/2013 09:15:09 - Removed Avery Wizard 4.0.
RP219: 26/08/2013 20:08:15 - Installed Rapport
RP220: 03/09/2013 20:50:00 - Scheduled Checkpoint
RP222: 12/09/2013 18:26:36 - Installed Rapport
RP224: 18/09/2013 18:37:40 - Installed Rapport
RP225: 21/09/2013 18:44:06 - Installed Cisco AnyConnect Secure Mobility Client
RP226: 05/10/2013 20:34:15 - Scheduled Checkpoint
RP227: 13/10/2013 20:29:24 - Scheduled Checkpoint
RP228: 20/10/2013 18:29:43 - Installed calibre
.
==== Installed Programs ======================
.
AAZV Collected Proceedings 1968-2013
Acer Bio Protection
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5
Adobe Reader X
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Android USB Drivers
ASUS WebStorage Sync Agent
µTorrent
Avery Wizard 4.0
Avidemux 2.6 (32-bit)
BBC iPlayer Desktop
Bonjour
calibre
CCleaner
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
COMODO Internet Security Premium
DAEMON Tools Lite
Desktop Support Tools
DjVuLibre+DjView
doPDF 7.2 printer
EA Shared Game Component: Activation
ENE CIR Receiver Driver
Fingerprint Solution
Free FLAC to MP3 Converter 1.0
GeekBuddy
Google Chrome
Google Chrome Frame
Google Update Helper
HD Tune Pro 4.60
IBM SPSS Statistics 19
ImgBurn
iTunes
Java Auto Updater
Java(TM) 6 Update 32
JMicron Flash Media Controller Driver
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSXML 4.0 SP3 Parser
NirSoft VideoCacheView
NVIDIA Drivers
NVIDIA PhysX
PDF Settings CS5
PS3 Media Server
Python 2.7.3
QuickTime
Rapport
Realtek High Definition Audio Driver
Skype Click to Call
Skype™ 6.0
SopCast 3.4.8
Spybot - Search & Destroy
StreamTorrent 1.0
Synaptics Pointing Device Driver
Torrent Stream 2.0.8.2
Trusteer Endpoint Protection
Upgrade Kit
VirtualCloneDrive
VitalSource Bookshelf
VLC media player 2.0.7
WebEx
WinRAR 4.00 beta 4 (32-bit)
XBMC
.
==== Event Viewer Messages From Past Week ========
.
27/10/2013 15:21:09, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
27/10/2013 15:17:28, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
26/10/2013 16:26:11, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
26/10/2013 16:22:57, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
25/10/2013 22:26:13, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CFRMD cmdGuard cmdHlp DfsC discache ElbyCDIO HMD inspect NetBIOS NetBT nsiproxy Psched RapportKELL rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
25/10/2013 22:26:13, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2013 22:26:13, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2013 22:26:13, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2013 22:26:13, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2013 22:26:13, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2013 22:26:12, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2013 22:26:12, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2013 22:26:12, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2013 22:26:12, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/10/2013 22:13:14, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
25/10/2013 22:13:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
25/10/2013 22:13:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25/10/2013 22:13:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/10/2013 22:13:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
.
==== End Of File ===========================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[andy2082]

Thanks Broni, below are the logs.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Andrew (administrator) on ANDREW-PC on 28-10-2013 09:31:37
Running from C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FBC2KIE
Microsoft Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Egis Technology Inc.) C:\Program Files\Acer Bio Protection\BASVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files\Google\Chrome Frame\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\javaw.exe
() C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\tsengine.exe
() C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\tsupdate.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7731744 2009-09-04] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [212992 2009-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1576152 2013-10-19] (COMODO)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [tvncontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-19] (Google Inc.)
Lsa: [Notification Packages] C:\Program Files\Acer Bio Protection\PwdFilter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://soem.webex.com/client/T27LC/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 132.236.249.19 132.236.249.18 132.236.56.250
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
CHR DefaultSuggestURL: (Google) - "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\Andrew\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (TS Magic Player) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.29_0
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4832192 2013-10-19] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [131288 2013-09-24] (COMODO)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
R2 IGBASVC; C:\Program Files\Acer Bio Protection\BASVC.exe [3450368 2009-09-05] (Egis Technology Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [386424 2012-09-04] (SupportSoft, Inc.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] (Cisco Systems, Inc.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [582936 2013-09-24] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [44752 2013-09-24] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218176 2011-01-09] (DT Soft Ltd)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29744 2011-01-03] (EgisTec)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2013-10-04] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [85464 2013-09-24] (COMODO)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2008-03-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 RapportCerberus_56758; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [330960 2013-08-26] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [148688 2013-09-10] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [222416 2013-09-10] (Trusteer Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Andrew\AppData\Local\Temp\catchme.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S3 WinDriver6; system32\drivers\windrvr6.sys [x]
U3 mbr; \??\C:\Users\Andrew\AppData\Local\Temp\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-10-28 09:31 - 2013-10-28 09:31 - 00000000 ____D C:\FRST
2013-10-28 09:30 - 2013-10-28 09:30 - 01089183 _____ (Farbar) C:\Users\Andrew\Desktop\FRST.exe
2013-10-27 16:08 - 2013-10-27 16:08 - 00009722 _____ C:\Users\Andrew\Desktop\attach.txt
2013-10-27 16:08 - 2013-10-27 16:07 - 00013110 _____ C:\Users\Andrew\Desktop\dds.txt
2013-10-27 15:49 - 2013-10-27 15:49 - 00688992 ____R (Swearware) C:\Users\Andrew\Desktop\dds.com
2013-10-27 11:39 - 2013-10-27 11:40 - 00000004 _____ C:\Users\Andrew\AppData\Roaming\skype.ini
2013-10-26 16:46 - 2013-10-26 16:47 - 12321834 _____ C:\Users\Andrew\Desktop\Ophthalmology_of_Exotic_Pets_epub.epub
2013-10-26 09:55 - 2013-10-26 10:17 - 00002144 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ___HD C:\VTRoot
2013-10-25 23:04 - 2013-10-25 23:04 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 23:04 - 2013-10-25 23:04 - 00000000 ____D C:\Users\fixer\AppData\Roaming\Malwarebytes
2013-10-25 23:04 - 2013-10-25 23:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 23:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-25 23:03 - 2013-10-25 23:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\fixer\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-25 23:03 - 2013-10-25 23:03 - 00000000 ____D C:\Users\fixer\AppData\Roaming\Adobe
2013-10-25 23:01 - 2013-10-25 23:01 - 00109992 _____ C:\Users\fixer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-25 23:01 - 2013-10-25 23:01 - 00000000 ____D C:\Users\fixer\AppData\Roaming\Apple Computer
2013-10-25 23:00 - 2013-10-25 23:00 - 00001417 _____ C:\Users\fixer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-25 23:00 - 2013-10-25 23:00 - 00000000 ____D C:\Users\fixer\AppData\Local\VirtualStore
2013-10-25 22:59 - 2013-10-25 23:00 - 00000000 ____D C:\Users\fixer
2013-10-25 22:59 - 2013-10-25 22:59 - 00000020 ___SH C:\Users\fixer\ntuser.ini
2013-10-25 22:59 - 2013-01-31 20:22 - 00000000 ____D C:\Users\fixer\AppData\Roaming\TuneUp Software
2013-10-25 22:59 - 2011-09-27 13:04 - 00000000 ____D C:\Users\fixer\AppData\Local\Trusteer
2013-10-25 22:59 - 2011-04-29 04:28 - 00000000 ____D C:\Users\fixer\AppData\Roaming\Trusteer
2013-10-25 22:59 - 2011-01-03 13:08 - 00000000 ____D C:\Users\fixer\AppData\Roaming\Macromedia
2013-10-25 22:59 - 2009-07-14 00:42 - 00000000 ___RD C:\Users\fixer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-25 22:59 - 2009-07-14 00:37 - 00000000 ___RD C:\Users\fixer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-20 19:12 - 2013-10-20 19:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\calibre-cache
2013-10-20 18:05 - 2013-10-20 18:05 - 00000000 ____D C:\Users\Andrew\Downloads\A Song of Ice And Fire
2013-10-19 18:59 - 2013-10-19 19:21 - 00000000 ____D C:\Users\Andrew\Downloads\Elysium 2013 HDRip x264 AC3-JYK
2013-10-19 18:58 - 2013-10-19 19:52 - 00000000 ____D C:\Users\Andrew\Downloads\Pacific Rim (2013) [1080p]
2013-10-19 18:58 - 2013-10-19 19:36 - 00000000 ____D C:\Users\Andrew\Downloads\Man of Steel (2013) [1080p]
2013-10-15 12:48 - 2013-10-15 12:54 - 00000000 ____D C:\Users\Andrew\Downloads\An.*****.Abroad.3.BDRip.H264-BONE
2013-10-13 19:42 - 2013-10-13 19:42 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-10-12 08:46 - 2013-10-12 08:46 - 15886511 _____ C:\Users\Andrew\Desktop\finally_connected.zip
2013-10-12 08:46 - 2013-10-12 08:46 - 00000000 ____D C:\Users\Andrew\Desktop\finally_connected
2013-10-08 19:25 - 2013-10-28 06:53 - 00000000 ____D C:\Users\Andrew\Downloads\Dexter.S07.Season.7.COMPLETE.HDTV.x264-ASAP.EVOLVE
2013-10-08 19:25 - 2013-10-08 19:27 - 00000000 ____D C:\Users\Andrew\Downloads\Dexter S07E06 HDTV x264-ASAP[ettv]
2013-10-06 13:28 - 2013-10-06 13:37 - 00000000 ____D C:\Users\Andrew\Desktop\AAZV Collected
2013-10-06 12:25 - 2013-10-27 15:18 - 00001306 _____ C:\Windows\PFRO.log
2013-10-04 04:15 - 2013-10-04 04:15 - 00015400 _____ C:\Windows\system32\Drivers\hmd.sys
2013-09-30 12:01 - 2013-09-30 11:57 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2013-09-30 11:57 - 2013-09-30 12:01 - 00000000 ____D C:\Program Files\AAZV Collected Proceedings 1968-2013
2013-09-30 11:57 - 2013-09-30 11:57 - 00001854 _____ C:\Users\Andrew\Desktop\AAZV Collected Proceedings 1968-2013.lnk
2013-09-29 17:03 - 2013-09-29 17:31 - 00000000 ____D C:\Users\Andrew\Desktop\JZWM 2013 3
2013-09-29 16:15 - 2013-09-29 16:15 - 02139531 _____ C:\Users\Andrew\Downloads\Martin_George_R_R_-A_Clash_of_Kings.epub
==================== One Month Modified Files and Folders =======
2013-10-28 09:31 - 2013-10-28 09:31 - 00000000 ____D C:\FRST
2013-10-28 09:31 - 2011-10-13 11:21 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-28 09:30 - 2013-10-28 09:30 - 01089183 _____ (Farbar) C:\Users\Andrew\Desktop\FRST.exe
2013-10-28 09:28 - 2013-08-02 21:08 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-10-28 09:28 - 2011-11-06 20:18 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001UA.job
2013-10-28 09:28 - 2011-01-03 20:05 - 01136888 _____ C:\Windows\WindowsUpdate.log
2013-10-28 06:53 - 2013-10-08 19:25 - 00000000 ____D C:\Users\Andrew\Downloads\Dexter.S07.Season.7.COMPLETE.HDTV.x264-ASAP.EVOLVE
2013-10-27 18:31 - 2011-10-13 11:21 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 16:08 - 2013-10-27 16:08 - 00009722 _____ C:\Users\Andrew\Desktop\attach.txt
2013-10-27 16:07 - 2013-10-27 16:08 - 00013110 _____ C:\Users\Andrew\Desktop\dds.txt
2013-10-27 15:49 - 2013-10-27 15:49 - 00688992 ____R (Swearware) C:\Users\Andrew\Desktop\dds.com
2013-10-27 15:26 - 2009-07-14 00:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 15:26 - 2009-07-14 00:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 15:18 - 2013-10-06 12:25 - 00001306 _____ C:\Windows\PFRO.log
2013-10-27 15:18 - 2013-08-18 09:31 - 00006872 _____ C:\Windows\setupact.log
2013-10-27 15:18 - 2011-08-14 17:28 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-27 15:18 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 11:40 - 2013-10-27 11:39 - 00000004 _____ C:\Users\Andrew\AppData\Roaming\skype.ini
2013-10-27 11:28 - 2011-01-03 12:59 - 00000000 ____D C:\Users\Andrew\Calibre Library
2013-10-27 10:50 - 2011-11-06 20:18 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001Core.job
2013-10-27 10:45 - 2011-01-03 12:18 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-26 16:47 - 2013-10-26 16:46 - 12321834 _____ C:\Users\Andrew\Desktop\Ophthalmology_of_Exotic_Pets_epub.epub
2013-10-26 16:20 - 2011-01-13 19:06 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\uTorrent
2013-10-26 16:15 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\tracing
2013-10-26 10:17 - 2013-10-26 09:55 - 00002144 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-10-26 09:55 - 2013-10-26 09:55 - 00000000 ___HD C:\VTRoot
2013-10-26 09:16 - 2009-07-14 00:52 - 00000000 ____D C:\Windows\addins
2013-10-25 23:04 - 2013-10-25 23:04 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 23:04 - 2013-10-25 23:04 - 00000000 ____D C:\Users\fixer\AppData\Roaming\Malwarebytes
2013-10-25 23:04 - 2013-10-25 23:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 23:03 - 2013-10-25 23:03 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\fixer\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-25 23:03 - 2013-10-25 23:03 - 00000000 ____D C:\Users\fixer\AppData\Roaming\Adobe
2013-10-25 23:01 - 2013-10-25 23:01 - 00109992 _____ C:\Users\fixer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-25 23:01 - 2013-10-25 23:01 - 00000000 ____D C:\Users\fixer\AppData\Roaming\Apple Computer
2013-10-25 23:00 - 2013-10-25 23:00 - 00001417 _____ C:\Users\fixer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-25 23:00 - 2013-10-25 23:00 - 00000000 ____D C:\Users\fixer\AppData\Local\VirtualStore
2013-10-25 23:00 - 2013-10-25 22:59 - 00000000 ____D C:\Users\fixer
2013-10-25 22:59 - 2013-10-25 22:59 - 00000020 ___SH C:\Users\fixer\ntuser.ini
2013-10-22 19:08 - 2012-07-21 18:40 - 00000000 ____D C:\Users\Andrew\Documents\Presentations
2013-10-20 19:12 - 2013-10-20 19:12 - 00000000 ____D C:\Users\Andrew\AppData\Local\calibre-cache
2013-10-20 18:35 - 2011-01-03 12:58 - 00000934 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-10-20 18:35 - 2011-01-03 12:58 - 00000000 ____D C:\Program Files\Calibre2
2013-10-20 18:05 - 2013-10-20 18:05 - 00000000 ____D C:\Users\Andrew\Downloads\A Song of Ice And Fire
2013-10-19 19:52 - 2013-10-19 18:58 - 00000000 ____D C:\Users\Andrew\Downloads\Pacific Rim (2013) [1080p]
2013-10-19 19:36 - 2013-10-19 18:58 - 00000000 ____D C:\Users\Andrew\Downloads\Man of Steel (2013) [1080p]
2013-10-19 19:21 - 2013-10-19 18:59 - 00000000 ____D C:\Users\Andrew\Downloads\Elysium 2013 HDRip x264 AC3-JYK
2013-10-18 11:06 - 2011-09-14 11:41 - 00002046 ____H C:\Users\Andrew\Documents\Default.rdp
2013-10-18 08:15 - 2012-06-30 15:18 - 00000000 ____D C:\Users\Andrew\Documents\ACZM stuff to sort
2013-10-18 08:14 - 2013-07-12 17:00 - 00000000 ____D C:\Users\Andrew\Desktop\Fwd__UF_primate_week
2013-10-15 19:31 - 2012-11-03 13:39 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\.Torrent Stream
2013-10-15 12:54 - 2013-10-15 12:48 - 00000000 ____D C:\Users\Andrew\Downloads\An.*****.Abroad.3.BDRip.H264-BONE
2013-10-14 13:05 - 2013-09-16 21:30 - 00000000 ____D C:\Users\Andrew\Desktop\RE__
2013-10-13 19:42 - 2013-10-13 19:42 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-10-12 11:09 - 2011-05-21 13:16 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2013-10-12 08:46 - 2013-10-12 08:46 - 15886511 _____ C:\Users\Andrew\Desktop\finally_connected.zip
2013-10-12 08:46 - 2013-10-12 08:46 - 00000000 ____D C:\Users\Andrew\Desktop\finally_connected
2013-10-08 19:27 - 2013-10-08 19:25 - 00000000 ____D C:\Users\Andrew\Downloads\Dexter S07E06 HDTV x264-ASAP[ettv]
2013-10-06 13:37 - 2013-10-06 13:28 - 00000000 ____D C:\Users\Andrew\Desktop\AAZV Collected
2013-10-04 04:15 - 2013-10-04 04:15 - 00015400 _____ C:\Windows\system32\Drivers\hmd.sys
2013-09-30 12:01 - 2013-09-30 11:57 - 00000000 ____D C:\Program Files\AAZV Collected Proceedings 1968-2013
2013-09-30 11:57 - 2013-09-30 12:01 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2013-09-30 11:57 - 2013-09-30 11:57 - 00001854 _____ C:\Users\Andrew\Desktop\AAZV Collected Proceedings 1968-2013.lnk
2013-09-29 17:31 - 2013-09-29 17:03 - 00000000 ____D C:\Users\Andrew\Desktop\JZWM 2013 3
2013-09-29 16:15 - 2013-09-29 16:15 - 02139531 _____ C:\Users\Andrew\Downloads\Martin_George_R_R_-A_Clash_of_Kings.epub
2013-09-29 12:52 - 2013-09-03 20:01 - 09917240 _____ C:\Users\Andrew\Desktop\TipsTrixCR.CUSHINGAndrew.LaserTherapy.pptx
Files to move or delete:
====================
C:\Users\Andrew\AppData\Roaming\skype.ini

Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\temp\jna1406651252787008340.dll
C:\Users\Andrew\AppData\Local\temp\jna1631082396357456345.dll
C:\Users\Andrew\AppData\Local\temp\jna2100906310486895729.dll
C:\Users\Andrew\AppData\Local\temp\jna3062282274108672811.dll
C:\Users\Andrew\AppData\Local\temp\jna3259756508778595380.dll
C:\Users\Andrew\AppData\Local\temp\jna4663349691795808440.dll
C:\Users\Andrew\AppData\Local\temp\jna6534607864291599732.dll
C:\Users\Andrew\AppData\Local\temp\jna6635607039097959893.dll
C:\Users\Andrew\AppData\Local\temp\jna6982923008890699174.dll
C:\Users\Andrew\AppData\Local\temp\uttA255.tmp.exe

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-22 12:46
==================== End Of Log ============================

 

[andy2082]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-10-2013
Ran by Andrew at 2013-10-28 09:32:48
Running from C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FBC2KIE
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30180)
AAZV Collected Proceedings 1968-2013
Acer Bio Protection (Version: 6.2.56)
Adobe AIR (Version: 3.7.0.2090)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (Version: 10.0.0)
ALPS Touch Pad Driver (Version: 7.5.2002.1404)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASUS Android USB Drivers (Version: 1.0.6292)
ASUS WebStorage Sync Agent (Version: 1.1.13.147)
Avery Wizard 4.0 (Version: 4.0.103)
Avidemux 2.6 (32-bit) (Version: 2.6.1.8321)
BBC iPlayer Desktop (Version: 3.2.15)
Bonjour (Version: 3.0.0.10)
calibre (Version: 1.7.0)
CCleaner (Version: 4.04)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042)
COMODO Internet Security Premium (Version: 6.2.20728.2847)
DAEMON Tools Lite (Version: 4.40.1.0127)
Desktop Support Tools
DjVuLibre+DjView (Version: 3.5.24+4.7c)
doPDF 7.2 printer
EA Shared Game Component: Activation (Version: 2.2.0)
ENE CIR Receiver Driver (Version: 2.7.3.519)
Fingerprint Solution (Version: 6.1.56.0)
Free FLAC to MP3 Converter 1.0
GeekBuddy (Version: 4.9.73)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Chrome Frame (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
HD Tune Pro 4.60
IBM SPSS Statistics 19 (Version: 19.0.0)
ImgBurn (Version: 2.5.0.0)
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 32 (Version: 6.0.320)
JMicron Flash Media Controller Driver (Version: 1.0.32.1)
Launch Manager (Version: 3.0.03)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NirSoft VideoCacheView
NVIDIA Drivers (Version: 1.3)
NVIDIA PhysX (Version: 9.09.0814)
PDF Settings CS5 (Version: 10.0)
PS3 Media Server (Version: 1.72.0)
Python 2.7.3 (Version: 2.7.3150)
QuickTime (Version: 7.69.80.9)
Rapport (Version: 3.5.1302.61)
Realtek High Definition Audio Driver (Version: 6.0.1.5932)
Skype Click to Call (Version: 5.10.9560)
Skype™ 6.0 (Version: 6.0.126)
SopCast 3.4.8 (Version: 3.4.8)
Spybot - Search & Destroy (Version: 1.6.2)
StreamTorrent 1.0
Synaptics Pointing Device Driver (Version: 13.2.2.0)
Torrent Stream 2.0.8.2 (HKCU Version: 2.0.8.2)
Trusteer Endpoint Protection (Version: 3.5.1302.61)
Upgrade Kit (Version: 1.00.3002)
VirtualCloneDrive
VitalSource Bookshelf (Version: 5.04.0010)
VLC media player 2.0.7 (Version: 2.0.7)
WebEx
WinRAR 4.00 beta 4 (32-bit) (Version: 4.00.4)
XBMC

==================== Restore Points =========================

01-07-2013 02:04:11 Scheduled Checkpoint
02-07-2013 23:34:30 Installed Microsoft Office Professional Plus 2010
13-07-2013 18:10:28 Scheduled Checkpoint
27-07-2013 02:35:33 Scheduled Checkpoint
03-08-2013 00:55:21 Removed AVG 2012
03-08-2013 00:57:27 Removed AVG 2012
03-08-2013 01:07:37 Device Driver Package Install: COMODO Network Service
10-08-2013 19:57:49 Scheduled Checkpoint
18-08-2013 00:41:43 Removed AVG PC TuneUp
18-08-2013 00:43:02 Removed AVG PC TuneUp Language Pack (en-US)
18-08-2013 13:15:09 Removed Avery Wizard 4.0.
27-08-2013 00:08:15 Installed Rapport
04-09-2013 00:50:00 Scheduled Checkpoint
12-09-2013 22:26:36 Installed Rapport
18-09-2013 22:37:40 Installed Rapport
21-09-2013 22:44:06 Installed Cisco AnyConnect Secure Mobility Client
06-10-2013 00:34:15 Scheduled Checkpoint
14-10-2013 00:29:24 Scheduled Checkpoint
20-10-2013 22:29:43 Installed calibre

==================== Hosts content: ==========================

2009-07-13 22:04 - 2012-09-02 20:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {11C588EB-0A80-437D-9F62-8FCD98401ABB} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\Comodo\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO)
Task: {129C737A-6C5E-472F-AA38-583A190F7CE0} - System32\Tasks\{449849B4-299F-42A1-878F-B3B22968204B} => C:\Program Files\Skype\\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.)
Task: {14C2F5E6-7BB2-495A-9DF0-88461577CECA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-13] (Google Inc.)
Task: {1B84B231-6516-45B9-96A3-0627F31FC392} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\Comodo\COMODO Internet Security\cis.exe [2013-10-19] (COMODO)
Task: {37E7992F-11FF-4509-8000-0870737BC7B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-13] (Google Inc.)
Task: {4355C3B7-EF14-4A98-8A50-42C2673700FC} - System32\Tasks\Google Updater and Installer => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19] (Google Inc.)
Task: {5FABEC1D-BF11-4319-A4BD-B1FBF1E3822C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\Comodo\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO)
Task: {6EC54964-10E1-42AE-A3AC-6980AE428F67} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files\ASUS\ASUS Sync\asusUPCTLoader.exe
Task: {7C05FD66-A2F1-4F71-8AFD-F3BE2DE46397} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {8019A0FB-2F25-4EDA-A59E-FD7CD07A7ABF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001UA => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19] (Google Inc.)
Task: {8A91D91E-8859-47E6-A646-A77BB9899B7B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001Core => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19] (Google Inc.)
Task: {9B59180A-8542-483F-82A1-D442B65F551F} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {D28C2F7E-8128-40CE-9126-6D25D82A9684} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\Comodo\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO)
Task: {DB774116-0D5C-4CFC-8853-74A7DDB12CFB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\Comodo\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO)
Task: {E305F2BF-8C32-4BD0-861F-AA179DE0C58A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E7AAFBB1-CA9C-4C77-90BE-3BC00F0A2B92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001Core.job => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001UA.job => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2012-03-11 13:50 - 2013-08-26 20:12 - 00991984 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-09-25 21:32 - 2013-09-27 14:37 - 00121344 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00038400 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\_socket.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00720896 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\_ssl.pyd
2013-09-25 21:32 - 2013-09-18 13:37 - 00018944 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\acestreamengine.pycompat.pyd
2013-09-25 21:32 - 2013-09-27 14:37 - 02418688 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\acestreamengine.CoreApp.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00287232 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\_hashlib.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00106496 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\_ctypes.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00011776 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\select.pyd
2011-01-18 17:56 - 2011-01-18 17:56 - 00334336 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00152576 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\pyexpat.pyd
2012-02-07 12:37 - 2012-02-07 12:37 - 00098816 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\win32api.pyd
2012-02-07 12:35 - 2012-02-07 12:35 - 00110080 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\pywintypes27.dll
2012-02-07 12:38 - 2012-02-07 12:38 - 00358912 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\pythoncom27.dll
2012-02-07 12:36 - 2012-02-07 12:36 - 00111616 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\win32file.pyd
2012-02-07 12:36 - 2012-02-07 12:36 - 00024064 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\win32pdh.pyd
2010-10-10 18:23 - 2010-10-10 18:23 - 00723968 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\apsw.pyd
2013-01-29 12:20 - 2013-01-29 12:20 - 00082944 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\cpyamf.util.pyd
2011-02-13 11:02 - 2011-02-13 11:02 - 00031232 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\Crypto.Cipher.AES.pyd
2011-07-15 15:37 - 2011-07-15 15:37 - 00981504 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\wx._core_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00746496 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\wx._gdi_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00670720 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\wx._windows_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00966144 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\wx._controls_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00674816 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\wx._misc_.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00688128 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\unicodedata.pyd
2013-01-29 12:20 - 2013-01-29 12:20 - 00066048 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\engine\lib\cpyamf.amf0.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00038400 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\_socket.pyd
2011-06-12 09:09 - 2011-06-12 09:09 - 00720896 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\_ssl.pyd
2011-07-15 15:37 - 2011-07-15 15:37 - 00981504 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\wx._core_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00746496 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\wx._gdi_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00670720 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\wx._windows_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00966144 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\wx._controls_.pyd
2011-07-15 15:38 - 2011-07-15 15:38 - 00674816 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\wx._misc_.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00287232 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\_hashlib.pyd
2011-01-18 17:56 - 2011-01-18 17:56 - 00334336 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00011776 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\select.pyd
2011-06-12 09:06 - 2011-06-12 09:06 - 00152576 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\pyexpat.pyd
2012-02-07 12:37 - 2012-02-07 12:37 - 00098816 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\win32api.pyd
2012-02-07 12:35 - 2012-02-07 12:35 - 00110080 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\pywintypes27.dll
2012-02-07 12:38 - 2012-02-07 12:38 - 00358912 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\pythoncom27.dll
2012-02-07 12:36 - 2012-02-07 12:36 - 00111616 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\win32file.pyd
2012-02-07 12:36 - 2012-02-07 12:36 - 00024064 _____ () C:\Users\Andrew\AppData\Roaming\TorrentStream\updater\lib\win32pdh.pyd

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2013 06:51:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36983516

Error: (10/28/2013 06:51:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36983516

Error: (10/28/2013 06:51:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2013 04:13:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2948

Error: (10/27/2013 04:13:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2948

Error: (10/27/2013 04:13:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2013 04:13:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1825

Error: (10/27/2013 04:13:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1825

Error: (10/27/2013 04:13:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2013 10:42:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55240765


System errors:
=============
Error: (10/27/2013 06:24:16 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/27/2013 03:21:09 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (10/27/2013 03:21:09 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (10/27/2013 03:21:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (10/27/2013 03:21:08 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (10/27/2013 03:17:28 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/27/2013 11:42:37 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (10/27/2013 11:42:37 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (10/27/2013 11:42:37 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (10/27/2013 11:42:37 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422


Microsoft Office Sessions:
=========================
Error: (10/28/2013 06:51:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36983516

Error: (10/28/2013 06:51:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36983516

Error: (10/28/2013 06:51:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2013 04:13:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2948

Error: (10/27/2013 04:13:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2948

Error: (10/27/2013 04:13:16 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2013 04:13:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1825

Error: (10/27/2013 04:13:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1825

Error: (10/27/2013 04:13:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2013 10:42:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55240765


CodeIntegrity Errors:
===================================
Date: 2013-09-13 20:57:10.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-13 20:57:10.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-13 20:44:07.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-13 20:44:07.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-13 20:43:54.176
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-13 20:43:54.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dum.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3003.91 MB
Available physical RAM: 1384.78 MB
Total Pagefile: 6006.1 MB
Available Pagefile: 4133.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.96 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:450.3 GB) (Free:232.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 4FA5E263)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

See if you can login to affected user account.

 

[andy2082]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by Andrew at 2013-10-28 19:21:12 Run:1
Running from C:\Users\Andrew\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
U3 mbr; \??\C:\Users\Andrew\AppData\Local\Temp\mbr.sys [x]
C:\Users\Andrew\AppData\Local\Temp\mbr.sys
2013-10-27 11:39 - 2013-10-27 11:40 - 00000004 _____ C:\Users\Andrew\AppData\Roaming\skype.ini
*****************
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => Value deleted successfully.
C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll not found.
mbr => Service deleted successfully.
"C:\Users\Andrew\AppData\Local\Temp\mbr.sys" => File/Directory not found.
C:\Users\Andrew\AppData\Roaming\skype.ini => Moved successfully.
==== End of Fixlog ====

 

[andy2082]

Thanks again. I can log in to the affected account, but have been able to - its just recurs every 2-3 days. So far, not since we started this process.

 

[Broni]

Very well.
Stay in that account....

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[andy2082]

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Andrew [Admin rights]
Mode : Remove -- Date : 10/28/2013 21:32:17
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x71470022)
[Inline] EAT @iexplore.exe (?_rooksdol_extension_instance@rooksdol_extension@rooksdol@@0PAV12@A) : rooksdol.dll -> HOOKED (Unknown @ 0xC89EB922)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x70DC0022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x70D70022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x70D20022)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x71470022)
[Inline] EAT @iexplore.exe (?_rooksdol_extension_instance@rooksdol_extension@rooksdol@@0PAV12@A) : rooksdol.dll -> HOOKED (Unknown @ 0xC89EB222)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x70DC0022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x70D70022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x70D20022)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] fd8a2f34c3d014d55c97de571036860b
[BSP] 150299c26fbf149abfa2f2d269ded352 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25174016 | Size: 461107 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 969521152 | Size: 3540 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_10282013_213217.txt >>
RKreport[0]_S_10282013_213043.txt

 

[andy2082]

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
Database version: v2013.10.28.11
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]
28/10/2013 21:51:23
mbar-log-2013-10-28 (21-51-23).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 234531
Time elapsed: 25 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

 

[andy2082]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_32

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 3149828096, free: 1709785088

Downloaded database version: v2013.10.28.11
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
10/28/2013 21:51:17
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\fnrtgxd.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKELL.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\system32\DRIVERS\CFRMD.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\hmd.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v32.sys
\SystemRoot\system32\DRIVERS\b57nd60x.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\FPSensor.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\int15.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Users\Andrew\AppData\Local\Temp\mbr.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff876f77d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff86caa028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff876f77d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff876f7410, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff876f77d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86caa028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FA5E263

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 25173792

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 25174016 Numsec = 944347136
Partition is not bootable

Partition 2 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 969521152 Numsec = 7249920

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_25174016_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

 

[Broni]

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[andy2082]

ComboFix 13-10-28.01 - Andrew 29/10/2013 9:14.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3004.1848 [GMT -4:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\5320.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-29 )))))))))))))))))))))))))))))))
.
.
2013-10-29 13:44 . 2013-10-29 13:44--------d-----w-c:\users\Public\AppData\Local\temp
2013-10-29 13:44 . 2013-10-29 13:44--------d-----w-c:\users\Default\AppData\Local\temp
2013-10-29 01:51 . 2013-10-29 02:25--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-29 01:51 . 2013-10-29 01:51105176----a-w-c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-29 01:50 . 2013-10-29 01:5075992----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2013-10-28 13:31 . 2013-10-28 13:31--------d-----w-C:\FRST
2013-10-26 13:55 . 2013-10-26 13:55--------d-----w-C:\VTRoot
2013-10-26 13:55 . 2013-10-26 14:172144----a-w-c:\windows\system32\drivers\fvstore.dat
2013-10-26 03:04 . 2013-10-26 03:04--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-10-26 03:04 . 2013-04-04 18:5022856----a-w-c:\windows\system32\drivers\mbam.sys
2013-10-26 02:59 . 2013-10-26 03:00--------d-----w-c:\users\fixer
2013-10-20 23:12 . 2013-10-20 23:12--------d-----w-c:\users\Andrew\AppData\Local\calibre-cache
2013-10-13 23:42 . 2013-10-13 23:42--------d-----w-c:\program files\Common Files\COMODO
2013-10-04 08:15 . 2013-10-04 08:1515400----a-w-c:\windows\system32\drivers\hmd.sys
2013-09-30 16:01 . 2013-09-30 15:57737280----a-w-c:\windows\iun6002.exe
2013-09-30 15:57 . 2013-09-30 16:01--------d-----w-c:\program files\AAZV Collected Proceedings 1968-2013
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-04 08:15 . 2013-10-04 08:1515400----a-w-c:\windows\inf\HMD\hmd.sys
2013-09-24 10:54 . 2013-06-18 20:1685464----a-w-c:\windows\system32\drivers\inspect.sys
2013-09-24 10:54 . 2013-06-18 20:16582936----a-w-c:\windows\system32\drivers\cmdguard.sys
2013-09-24 10:54 . 2013-06-18 20:1644752----a-w-c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54 . 2013-06-18 20:1620072----a-w-c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53 . 2013-06-18 20:1536000----a-w-c:\windows\system32\cmdcsr.dll
2013-09-24 10:53 . 2013-06-18 20:15354240----a-w-c:\windows\system32\guard32.dll
2013-09-24 10:53 . 2013-06-18 20:15280792----a-w-c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53 . 2013-06-18 20:1540664----a-w-c:\windows\system32\cmdkbd32.dll
2013-09-11 03:18 . 2013-09-11 03:1897008----a-w-c:\windows\system32\drivers\RapportKELL.sys
2013-09-05 09:35 . 2013-09-05 09:3555504----a-w-c:\windows\system32\offreg.dll
2013-08-03 01:21 . 2013-08-03 01:21348160----a-w-c:\windows\system32\msvcr71.dll
2013-08-03 01:21 . 2013-08-03 01:211060864----a-w-c:\windows\system32\mfc71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
2012-09-27 07:341461248----a-w-c:\program files\ASUS\WebStorage Sync Agent\1.1.13.147\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
2012-09-27 07:341461248----a-w-c:\program files\ASUS\WebStorage Sync Agent\1.1.13.147\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-09-27 07:341461248----a-w-c:\program files\ASUS\WebStorage Sync Agent\1.1.13.147\AsusWSShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-18 1157128]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-04 7731744]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-08 212992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-10-20 1576152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-10 527864]
"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-10-11 2327248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-10-11 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 03:44500208------w-c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2012-10-25 04:123574656----a-w-c:\program files\ASUS\WebStorage Sync Agent\1.1.13.147\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-20 00:31136176----atw-c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56152392----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-08 22:5213789728----a-w-c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:072260480--sha-r-c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 13:37517096----a-w-c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"TorrentStream"=c:\users\Andrew\AppData\Roaming\TorrentStream\engine\tsengine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-12-10 92112]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-09-11 97008]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2013-05-07 35064]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-09-24 20072]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-09-24 582936]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-09-24 44752]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-09 218176]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys [2013-10-04 15400]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [2013-08-27 330960]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-09-11 148688]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-09-11 222416]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [2013-10-11 70352]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2011-01-03 29744]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [2013-10-11 2327248]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3450368]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-09-11 1435928]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 116136]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-13 15:21]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-13 15:21]
.
2013-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 00:31]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 132.236.249.19 132.236.249.18 132.236.56.250
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-XBMC - c:\program files\XBMC\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-284424345-2181464997-1662967063-1001\Software\G*e*n*I*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Andrew\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Andrew\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Andrew\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Andrew\\Documents\\Sports Interactive\\Football Manager 2011\\games\\Untitled Game.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009eba
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="55-E480-E35F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000001
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000001
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000002
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-284424345-2181464997-1662967063-1001\Software\G*e*n*I*e*"!\FM Genie Scout 11g]
"PicturesNumber"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\guard32.dll
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
- - - - - - - > 'Explorer.exe'(2668)
c:\windows\system32\guard32.dll
c:\windows\system32\dhcpcsvc.DLL
c:\windows\system32\dhcpcsvc6.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2013-10-29 10:23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-29 14:23
ComboFix2.txt 2012-09-03 00:50
.
Pre-Run: 245,025,996,800 bytes free
Post-Run: 245,291,446,272 bytes free
.
- - End Of File - - CD0EDC903320BEAE339E6743F90551B1
5586EABCC0D095DB340D873E2B236896

 

[Broni]

Looks good.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[andy2082]

Hi Broni. Computer so far seems ok - I get an error message regarding my VPN set up, but I can reinstall this after we are done. Below are the logs.

# AdwCleaner v3.010 - Report created 30/10/2013 at 09:00:14
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium (32 bits)
# Username : Andrew - ANDREW-PC
# Running from : C:\Users\Andrew\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Andrew\AppData\Local\Ilivid Player

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\Software\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Google Chrome v

[ File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2128 octets] - [30/10/2013 08:58:13]
AdwCleaner[S0].txt - [2087 octets] - [30/10/2013 09:00:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2147 octets] ##########

 

[andy2082]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows 7 Home Premium x86
Ran by Andrew on 30/10/2013 at 9:06:46.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Andrew\appdata\local\{F253A5DF-9E66-4593-A47D-1307016A43DE}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Andrew\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/10/2013 at 9:14:33.93
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 10/30/2013 9:16:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrew\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 69.03% Memory free
5.87 Gb Paging File | 4.75 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.30 Gb Total Space | 228.51 Gb Free Space | 50.75% Space Free | Partition Type: NTFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/30 08:57:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
PRC - [2013/10/19 21:23:22 | 004,832,192 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2013/10/19 21:22:56 | 007,025,880 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cis.exe
PRC - [2013/10/19 21:22:56 | 001,576,152 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
PRC - [2013/10/11 18:25:47 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/11 12:23:06 | 000,228,560 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
PRC - [2013/10/11 12:23:04 | 000,217,808 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
PRC - [2013/10/11 12:23:04 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe
PRC - [2013/10/11 10:35:22 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013/09/24 06:53:25 | 001,857,752 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/01/16 09:54:08 | 000,717,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/09/05 04:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 04:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/26 20:12:03 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - [2013/10/19 21:23:22 | 004,832,192 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/10/11 12:23:04 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2013/10/11 10:35:22 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013/09/24 06:53:27 | 000,131,288 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/09 07:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/04 19:08:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/02/19 09:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/05 04:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrew\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/10/04 04:15:04 | 000,015,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\hmd.sys -- (HMD)
DRV - [2013/09/24 06:54:09 | 000,085,464 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2013/09/24 06:54:08 | 000,582,936 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013/09/24 06:54:08 | 000,044,752 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/09/24 06:54:07 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/09/10 23:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 23:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 23:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/26 20:12:02 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2013/05/07 03:00:16 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2012/12/10 09:00:50 | 000,092,112 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/06/07 11:25:20 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011/01/09 10:50:39 | 000,218,176 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/03 12:20:46 | 000,029,744 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor)
DRV - [2010/06/22 01:14:28 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/20 07:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 12:40:42 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/06/08 21:25:00 | 009,760,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/20 02:08:40 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/03/12 07:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\..\SearchScopes\{AA806B93-CAC2-4B04-847F-F18BEA841A10}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=2.0.8.2: C:\Users\Andrew\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\magicplayer@torrentstream.org: C:\Users\Andrew\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013/09/25 20:31:57 | 000,000,000 | ---D | M]

[2011/03/01 07:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2011/03/01 07:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Torrent Stream P2P Multimedia Plug-in 2 (Enabled) = C:\Users\Andrew\AppData\Roaming\TorrentStream\player\npts_plugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: TS Magic Player = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg\1.1.29_0\
CHR - Extension: Gmail = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/29 10:18:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKU\S-1-5-21-284424345-2181464997-1662967063-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 147
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 147
O7 - HKU\S-1-5-21-284424345-2181464997-1662967063-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838 (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://soem.webex.com/client/T27LC/webex/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 132.236.249.19 132.236.249.18 132.236.56.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}: DhcpNameServer = 132.236.249.19 132.236.249.18 132.236.56.250
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/30 09:04:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/30 08:58:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/30 08:57:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2013/10/30 08:57:23 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Andrew\Desktop\JRT.exe
[2013/10/29 10:23:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/29 10:22:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/29 09:09:47 | 005,137,071 | R--- | C] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe
[2013/10/28 21:51:17 | 000,105,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2013/10/28 21:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/10/28 21:50:49 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/10/28 21:50:43 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\mbar
[2013/10/28 21:26:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\RK_Quarantine
[2013/10/28 09:31:20 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/28 09:30:57 | 001,089,183 | ---- | C] (Farbar) -- C:\Users\Andrew\Desktop\FRST.exe
[2013/10/27 15:49:05 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Andrew\Desktop\dds.com
[2013/10/26 09:55:40 | 000,000,000 | ---D | C] -- C:\VTRoot
[2013/10/25 23:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/25 23:04:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/10/25 23:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/20 19:12:35 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\calibre-cache
[2013/10/13 19:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2013/10/12 08:46:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\finally_connected
[2013/10/06 13:28:28 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\AAZV Collected
[2013/09/30 12:01:09 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2013/09/30 11:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AAZV Collected Proceedings 1968-2013
[2013/09/30 11:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\AAZV Collected Proceedings 1968-2013
[9 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/30 09:13:28 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 09:13:28 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 09:10:50 | 000,666,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/30 09:10:50 | 000,125,820 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/30 09:06:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/30 09:06:17 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/10/30 09:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/30 09:06:03 | 2362,368,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 08:57:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2013/10/30 08:57:24 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Andrew\Desktop\JRT.exe
[2013/10/30 08:56:52 | 001,060,070 | ---- | M] () -- C:\Users\Andrew\Desktop\adwcleaner.exe
[2013/10/30 08:50:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001UA.job
[2013/10/29 15:31:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 10:53:46 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/10/29 10:50:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-284424345-2181464997-1662967063-1001Core.job
[2013/10/29 10:18:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/29 09:09:47 | 005,137,071 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe
[2013/10/28 21:51:17 | 000,105,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2013/10/28 21:50:49 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/10/28 21:20:28 | 000,067,187 | ---- | M] () -- C:\Users\Andrew\Desktop\Untitled-2.jpg
[2013/10/28 19:43:14 | 000,025,754 | ---- | M] () -- C:\Users\Andrew\Desktop\Untitled-3.jpg
[2013/10/28 19:35:38 | 003,538,944 | ---- | M] () -- C:\Users\Andrew\Desktop\RogueKiller.exe
[2013/10/28 15:12:32 | 007,738,381 | ---- | M] () -- C:\Users\Andrew\Desktop\Haematology of Australian Mammals.pdf
[2013/10/28 15:10:38 | 020,471,362 | ---- | M] () -- C:\Users\Andrew\Desktop\Medicine of Australian Mammals .pdf
[2013/10/28 09:30:57 | 001,089,183 | ---- | M] (Farbar) -- C:\Users\Andrew\Desktop\FRST.exe
[2013/10/27 15:49:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\dds.com
[2013/10/26 16:47:27 | 012,321,834 | ---- | M] () -- C:\Users\Andrew\Desktop\Ophthalmology_of_Exotic_Pets_epub.epub
[2013/10/26 16:28:31 | 000,513,252 | ---- | M] () -- C:\Users\Andrew\Desktop\Johann River Otter tongue vesicl.JPG
[2013/10/26 10:17:40 | 000,002,144 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/10/25 23:04:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/20 18:35:42 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/10/20 10:37:52 | 000,938,637 | ---- | M] () -- C:\Users\Andrew\Desktop\10 Eval of diag Tests.pdf
[2013/10/18 11:06:55 | 000,002,046 | -H-- | M] () -- C:\Users\Andrew\Documents\Default.rdp
[2013/10/13 19:42:35 | 000,002,017 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/10/13 10:15:27 | 010,567,031 | ---- | M] () -- C:\Users\Andrew\Desktop\Avian Medicine - Samour.pdf
[2013/10/12 08:46:29 | 015,886,511 | ---- | M] () -- C:\Users\Andrew\Desktop\finally_connected.zip
[2013/10/10 20:42:30 | 000,715,863 | ---- | M] () -- C:\Users\Andrew\Desktop\PC JWD 2013 3 Papilloma hyaenas.pdf
[2013/10/07 21:10:24 | 000,187,162 | ---- | M] () -- C:\Users\Andrew\Desktop\ACZM credentials.pdf
[2013/10/06 12:46:57 | 000,081,558 | ---- | M] () -- C:\Users\Andrew\Desktop\www.amazon.co.uk_gp_orc_returns_labels_load.pdf
[2013/10/06 12:45:54 | 000,081,726 | ---- | M] () -- C:\Users\Andrew\Desktop\www.amazon.co.uk_gp_orc_returns_labels_load_ie=UTF8&printerFriendly=label&rmaID=DLxq8BqKRRMA.pdf
[2013/10/04 04:15:04 | 000,015,400 | ---- | M] () -- C:\Windows\System32\drivers\hmd.sys
[2013/09/30 11:57:29 | 000,001,854 | ---- | M] () -- C:\Users\Andrew\Desktop\AAZV Collected Proceedings 1968-2013.lnk
[2013/09/30 11:57:18 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[9 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/30 08:56:51 | 001,060,070 | ---- | C] () -- C:\Users\Andrew\Desktop\adwcleaner.exe
[2013/10/28 19:43:24 | 000,067,187 | ---- | C] () -- C:\Users\Andrew\Desktop\Untitled-2.jpg
[2013/10/28 19:43:11 | 000,025,754 | ---- | C] () -- C:\Users\Andrew\Desktop\Untitled-3.jpg
[2013/10/28 19:35:38 | 003,538,944 | ---- | C] () -- C:\Users\Andrew\Desktop\RogueKiller.exe
[2013/10/28 15:59:30 | 020,471,362 | ---- | C] () -- C:\Users\Andrew\Desktop\Medicine of Australian Mammals .pdf
[2013/10/28 15:59:29 | 007,738,381 | ---- | C] () -- C:\Users\Andrew\Desktop\Haematology of Australian Mammals.pdf
[2013/10/26 16:46:18 | 012,321,834 | ---- | C] () -- C:\Users\Andrew\Desktop\Ophthalmology_of_Exotic_Pets_epub.epub
[2013/10/26 16:28:30 | 000,513,252 | ---- | C] () -- C:\Users\Andrew\Desktop\Johann River Otter tongue vesicl.JPG
[2013/10/26 09:55:38 | 000,002,144 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/10/25 23:04:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/20 10:37:45 | 000,938,637 | ---- | C] () -- C:\Users\Andrew\Desktop\10 Eval of diag Tests.pdf
[2013/10/13 10:15:13 | 010,567,031 | ---- | C] () -- C:\Users\Andrew\Desktop\Avian Medicine - Samour.pdf
[2013/10/12 08:46:17 | 015,886,511 | ---- | C] () -- C:\Users\Andrew\Desktop\finally_connected.zip
[2013/10/10 20:42:30 | 000,715,863 | ---- | C] () -- C:\Users\Andrew\Desktop\PC JWD 2013 3 Papilloma hyaenas.pdf
[2013/10/07 21:07:38 | 000,187,162 | ---- | C] () -- C:\Users\Andrew\Desktop\ACZM credentials.pdf
[2013/10/06 12:46:57 | 000,081,558 | ---- | C] () -- C:\Users\Andrew\Desktop\www.amazon.co.uk_gp_orc_returns_labels_load.pdf
[2013/10/06 12:45:54 | 000,081,726 | ---- | C] () -- C:\Users\Andrew\Desktop\www.amazon.co.uk_gp_orc_returns_labels_load_ie=UTF8&printerFriendly=label&rmaID=DLxq8BqKRRMA.pdf
[2013/10/04 04:15:04 | 000,015,400 | ---- | C] () -- C:\Windows\System32\drivers\hmd.sys
[2013/09/30 11:57:29 | 000,001,854 | ---- | C] () -- C:\Users\Andrew\Desktop\AAZV Collected Proceedings 1968-2013.lnk
[2013/08/02 21:08:11 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/09/02 20:40:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/02 20:40:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/02 20:40:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/02 20:40:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/02 20:40:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/04 22:05:35 | 000,000,298 | -H-- | C] () -- C:\Users\Andrew\.JavaPowUpload.properties
[2011/09/20 12:16:19 | 000,014,336 | -H-- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 14:42:22 | 000,000,565 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\myMPQ.ini
[2011/03/22 10:59:20 | 000,000,132 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/14 11:39:24 | 000,000,132 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/01/21 18:55:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/12 15:59:59 | 000,064,317 | -H-- | C] () -- C:\Users\Andrew\Endocrine Big 5.pdf
[2011/01/12 15:58:32 | 000,101,150 | -H-- | C] () -- C:\Users\Andrew\Toxicology Top 20.pdf
[2011/01/12 15:58:16 | 000,092,240 | -H-- | C] () -- C:\Users\Andrew\Chronic Wasting Disease (CWD).pdf
[2011/01/12 15:58:04 | 000,061,666 | -H-- | C] () -- C:\Users\Andrew\Ethylene Glycol (antifreeze) Poisoning.pdf
[2011/01/12 15:57:51 | 000,059,734 | -H-- | C] () -- C:\Users\Andrew\Anticoagulant Rodenticide Toxicity.pdf
[2011/01/12 15:57:40 | 000,053,296 | -H-- | C] () -- C:\Users\Andrew\Tetanus.pdf

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 21:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/15 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\.Torrent Stream
[2013/02/22 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\7 Sticky Notes
[2012/10/18 14:00:16 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ASUS
[2013/02/26 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ASUS WebStorage
[2012/06/17 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Avery
[2012/09/07 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\AVG
[2013/01/17 12:22:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\avidemux
[2013/07/01 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/12/04 05:29:44 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\calibre
[2012/01/17 13:30:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/13 11:52:36 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Lite
[2011/07/05 10:18:07 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Eclipse
[2011/11/27 21:10:17 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\funkitron
[2011/10/13 11:47:25 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\HD Tune Pro
[2011/01/08 16:06:44 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ImgBurn
[2013/04/20 12:41:27 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\KillProcess
[2011/11/13 21:32:19 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Leadertech
[2012/10/18 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Outlook
[2011/01/11 17:11:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Softland
[2011/04/01 05:51:51 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Sports Interactive
[2013/02/10 19:55:41 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/10/10 14:12:31 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\StreamTorrent
[2011/03/01 07:43:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TomTom
[2011/01/25 10:59:19 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Trusteer
[2013/04/02 20:40:13 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TuneUp Software
[2013/10/26 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\uTorrent
[2011/02/22 10:43:14 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\webex
[2011/07/04 18:32:45 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Windows Live Writer
[2011/04/29 04:28:30 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2013/01/31 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2011/04/29 04:28:30 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2013/01/31 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2011/04/29 04:28:30 | 000,000,000 | ---D | M] -- C:\Users\fixer\AppData\Roaming\Trusteer
[2013/01/31 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\fixer\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrew\AppData\Local\Temp\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838 (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://soem.webex.com/client/T27LC/webex/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[andy2082]

Ran all those scans. Please note I did NOT click on delete quarantine files for ESET - did not see to do that. Many thanks.

All processes killed
========== OTL ==========
Service WinDriver6 stopped successfully!
Service WinDriver6 deleted successfully!
File system32\drivers\windrvr6.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Andrew\AppData\Local\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Starting removal of ActiveX control {0972B098-DEE9-4279-AC7E-4BAAA029102D}
C:\Windows\Downloaded Program Files\ImageUploader5.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0972B098-DEE9-4279-AC7E-4BAAA029102D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0972B098-DEE9-4279-AC7E-4BAAA029102D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0972B098-DEE9-4279-AC7E-4BAAA029102D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0972B098-DEE9-4279-AC7E-4BAAA029102D}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Windows\Downloaded Program Files\ieatgpc.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 13597851 bytes
->Temporary Internet Files folder emptied: 151540086 bytes
->Java cache emptied: 506807 bytes
->Google Chrome cache emptied: 353691585 bytes
->Flash cache emptied: 57978 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

 

[andy2082]

Farbar Service Scanner Version: 24-10-2013
Ran by Andrew (administrator) on 31-10-2013 at 16:10:16
Running from "C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRZXWPPF"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

ESET SCAN:

C:\Users\Andrew\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130403102221074.rscmultiple threatsdeleted - quarantined

 

[Broni]

I still need Security Check log.

 

[andy2082]

Sorry, missed this one.
Results of screen317's Security Check version 0.99.76
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java(TM) 6 Update 32
Java version out of Date!
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Broni]

1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

=================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

 

[andy2082]

Thanks Broni, followed those steps. So far no recurrence, computer doing well. Many thanks again, much appreciated. If I was to buy/download a virus checker / firewall package programme which would you recommend? I have Comodo currently but unsure how good it is.

 

[Broni]

Comodo is perfectly fine.

Good luck and stay safe