Inactive Some malware problems...help

[Broni]

Very good

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[randyhawk]

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : gskainth [Admin rights]
Mode : Remove -- Date : 08/14/2013 19:41:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\???ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\GoogleUpdate.exe" < [x] -> STOPPED

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\gskainth\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\gskainth\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-839646718-883908242-3764046450-1000\[...]\Run : Google Update ("C:\Users\gskainth\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-839646718-883908242-3764046450-1000\[...]\Run : Google Update ("C:\Users\gskainth\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> [0x2] The system cannot find the file specified.
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\???ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\GoogleUpdate.exe" < [x]) -> DELETED
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\???ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\GoogleUpdate.exe" < [x]) -> [0x57] The parameter is incorrect.
[SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\???ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\GoogleUpdate.exe" < [x]) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> [0x3] The system cannot find the path specified.
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> [0x3] The system cannot find the path specified.
[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> [0x3] The system cannot find the path specified.

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-839646718-883908242-3764046450-1000UA.job : C:\Users\gskainth\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> DELETED
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-839646718-883908242-3764046450-1000Core.job : C:\Users\gskainth\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-839646718-883908242-3764046450-1000Core : C:\Users\gskainth\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-839646718-883908242-3764046450-1000UA : C:\Users\gskainth\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Folder] Install : C:\Users\gskainth\AppData\Local\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][File] @ : C:\Users\gskainth\AppData\Local\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\?��?��?��\?��?��?��\???ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\@ [-] --> DELETED
[ZeroAccess][Folder] L : C:\Users\gskainth\AppData\Local\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\?��?��?��\?��?��?��\???ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\L [-] --> DELETED
[ZeroAccess][Folder] U : C:\Users\gskainth\AppData\Local\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\?��?��?��\?��?��?��\???ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\U [-] --> DELETED
[ZeroAccess][Folder] {bda4f5ac-389f-645b-5c3c-87463bee4c98} : C:\Users\gskainth\AppData\Local\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\?��?��?��\?��?��?��\???ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Users\gskainth\AppData\Local\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\?��?��?��\?��?��?��\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\gskainth\AppData\Local\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\?��?��?��\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\gskainth\AppData\Local\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] {bda4f5ac-389f-645b-5c3c-87463bee4c98} : C:\Users\gskainth\AppData\Local\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} [-] --> DELETED

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] 76cf287f94f58dac7336ef4e6c120580
[BSP] 8b40b55c4ad229b3e4ff376ca80fd0d9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08142013_194129.txt >>
RKreport[0]_S_08142013_193957.txt

 

[randyhawk]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 5644324864

Downloaded database version: v2013.08.14.08
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16635

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 5761994752

Initializing...
------------ Kernel report ------------
08/14/2013 19:54:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\bScsiMSa.sys
\SystemRoot\system32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\b57xdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\nsi.dll
\Windows\System32\setupapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\imm32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009ca8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007e6f050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009ca8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009af38a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009ca8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007e6f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A3776C45

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 1433481216

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\‮ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\‮ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\@ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\‮ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\l --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\‮ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\u --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\‮ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\u\00000001.@ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\‮ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\u\80000000.@ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \...\‮ﯹ๛\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\u\800000cb.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_31459328_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 6081806336

Downloaded database version: v2013.08.15.01
Initializing...
------------ Kernel report ------------
08/14/2013 20:45:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\bScsiMSa.sys
\SystemRoot\system32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\b57xdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\normaliz.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009c8b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007df2050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009c8b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009c8bab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009c8b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007df2050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A3776C45

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 1433481216

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \... --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_31459328_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 5733916672

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 5879148544

=======================================

 

[randyhawk]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 6056460288

Downloaded database version: v2013.08.15.01
Initializing...
------------ Kernel report ------------
08/14/2013 23:21:09
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\bScsiMSa.sys
\SystemRoot\system32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\b57xdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009ca9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007df6050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009ca9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009ca9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009ca9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007df6050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A3776C45

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 1433481216

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \... --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_31459328_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

[randyhawk]

after all these scans my browser is all most stable, but with chrome there are two extra windows pop up snap.do and one morehttp://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN62689657425179121&UM=2

http://search.snapdo.com/?st=hp&q=

 

[Broni]

We'll get to it.

I need you to re-rum MBAR one more time and post both logs.

 

[randyhawk]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 5509423104

Downloaded database version: v2013.08.16.07
Initializing...
------------ Kernel report ------------
08/16/2013 19:08:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\bScsiMSa.sys
\SystemRoot\system32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\b57xdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009caa060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007e6c050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009caa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009caab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009caa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007e6c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A3776C45

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 1433481216

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \... --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_31459328_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 6428643328

Downloaded database version: v2013.08.17.01
Downloaded database version: v2013.08.17.02
Downloaded database version: v2013.08.17.03
Downloaded database version: v2013.08.17.04
Initializing...
------------ Kernel report ------------
08/17/2013 17:44:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\bScsiMSa.sys
\SystemRoot\system32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\b57xdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\ole32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009cab060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8008136050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009cab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009cabb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009cab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008136050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A3776C45

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 1433481216

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!

 

[randyhawk]

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
gskainth :: DUFFYSTAXI-PC [administrator]

16/08/2013 7:08:16 PM
mbar-log-2013-08-16 (19-08-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 263613
Time elapsed: 26 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \... (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} (Trojan.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[randyhawk]

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
gskainth :: DUFFYSTAXI-PC [administrator]

17/08/2013 5:44:59 PM
mbar-log-2013-08-17 (17-44-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 262836
Time elapsed: 26 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \... (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} (Trojan.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[randyhawk]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 5509423104

Downloaded database version: v2013.08.16.07
Initializing...
------------ Kernel report ------------
08/16/2013 19:08:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\bScsiMSa.sys
\SystemRoot\system32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\b57xdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009caa060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007e6c050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009caa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009caab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009caa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007e6c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A3776C45

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 1433481216

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \... --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_31459328_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 8434597888, free: 6428643328

Downloaded database version: v2013.08.17.01
Downloaded database version: v2013.08.17.02
Downloaded database version: v2013.08.17.03
Downloaded database version: v2013.08.17.04
Initializing...
------------ Kernel report ------------
08/17/2013 17:44:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\bScsiMSa.sys
\SystemRoot\system32\drivers\b57xdbd.sys
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\drivers\b57xdmp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\ole32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009cab060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8008136050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009cab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009cabb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009cab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008136050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A3776C45

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 1433481216

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}\ \... --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_31459328_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

[Broni]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[randyhawk]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by gskainth (administrator) on 17-08-2013 22:11:26
Running from C:\Users\gskainth\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\IERA\IERA64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Pelmorex Media Inc.) C:\Users\gskainth\AppData\Local\The Weather Network\weathereye.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKCU\...\Run: [WeatherEye] - C:\Users\gskainth\AppData\Local\The Weather Network\WeatherEye.exe [310920 2012-08-30] (Pelmorex Media Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: E - E:\autorun.exe
MountPoints2: {9e771140-fb9e-11e2-949d-c0f8da7f8ba8} - E:\WIN\setup.exe -ap
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TRUUpdater] - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] - C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKU\Default\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} [x]
HKU\Default User\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} [x]
HKU\Guest\...\Run: [WeatherEye] - C:\Users\Guest\AppData\Local\The Weather Network\WeatherEye.exe [x]
HKU\Guest\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: No Name - {02edb56b-9b33-435b-b7df-b2843273a694} - No File
BHO-x32: No Name - {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {6EC74131-08B2-4F67-A9BC-5914EF1EDB97} - No File
Toolbar: HKCU - No Name - {02EDB56B-9B33-435B-B7DF-B2843273A694} - No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/stg_drm.ocx
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/armhelper.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 64.59.176.13 64.59.177.226
Tcpip\..\Interfaces\{00645C10-F0C3-4CAF-AC11-185A15DFB214}: [NameServer]64.71.255.198 64.71.255.253
Tcpip\..\Interfaces\{95EA9B33-E0E9-4C40-9C3E-BBF6200B7F8B}: [NameServer]64.71.255.198 64.71.255.253

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\gskainth\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\gskainth\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\gskainth\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: trtv3 - C:\Users\gskainth\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome:
=======
CHR HomePage: hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=CA&userid=a61b348d-26ad-4d75-8ae9-69f89f7bf682&searchtype=hp&installDate=18/05/2013
CHR Extension: (Torrent Search) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.3_0
CHR Extension: (Google Docs) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (TV) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0
CHR Extension: (YouTube) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (PartyCloud) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko\4.1_0
CHR Extension: (Bikini TV) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcanljafkhmmideajcgekocpbdhkened\2.5.2_0
CHR Extension: (YouTube Feed) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmclllfjjmmdmhjobjdgfnggfhljboa\1.3.4.1_0
CHR Extension: (Crazy Shooting) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbhccdddhenjmeamogpjhicnoffdood\1.0.0_0
CHR Extension: (Until AM) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.203_0
CHR Extension: (Traffic Talent) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgegdofhghiobhllaniipmplkbligpi\1_0
CHR Extension: (Gmail) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project)
R2 IERA; C:\Program Files (x86)\Sierra Wireless Inc\IERA\IERA64.exe [202096 2011-06-16] (Sierra Wireless, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-27] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-14] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.)
S3 libusb0; system32\drivers\libusb0.sys [x]
S3 SWUMX20; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 22:10 - 2013-08-17 22:10 - 01575580 _____ (Farbar) C:\Users\gskainth\Downloads\FRST64.exe
2013-08-14 23:20 - 2013-08-14 23:20 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-08-14 21:32 - 2013-08-14 21:32 - 00071304 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-08-14 20:27 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 20:27 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 20:27 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 20:27 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 20:27 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 20:27 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 20:27 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 20:27 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 20:27 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 20:27 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 20:27 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 20:27 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 20:21 - 2013-08-14 20:22 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 19:49 - 2013-08-14 19:49 - 00071304 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-08-14 19:34 - 2013-08-14 19:45 - 00000000 ____D C:\Users\gskainth\Desktop\RK_Quarantine
2013-08-14 19:00 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 19:00 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 19:00 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 19:00 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 19:00 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 19:00 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 19:00 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 19:00 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 19:00 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 19:00 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 19:00 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 19:00 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 19:00 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 19:00 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:59 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:59 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:59 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:59 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:59 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:59 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:59 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:59 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:59 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:59 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:59 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:59 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:59 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-12 23:41 - 2013-08-12 23:54 - 06651392 _____ C:\Users\gskainth\Desktop\Test_Landmarks completed_Excel.xls
2013-08-11 21:02 - 2013-08-11 21:03 - 00000000 ____D C:\Users\gskainth\Desktop\apartments from india
2013-08-11 20:22 - 2013-08-11 20:23 - 00000000 ____D C:\Users\gskainth\Desktop\landmark orderly ram
2013-08-11 20:18 - 2013-08-11 20:19 - 00000000 ____D C:\Users\gskainth\Desktop\winnipeg all original
2013-08-11 20:18 - 2013-08-11 20:18 - 00000000 ____D C:\Users\gskainth\Downloads\WinnipegAll
2013-08-11 20:17 - 2013-08-11 20:17 - 00973457 _____ C:\Users\gskainth\Downloads\WinnipegAll.zip
2013-08-11 20:14 - 2013-08-11 20:15 - 00000000 ____D C:\Users\gskainth\Desktop\winnipeg allmodiefied by india
2013-08-11 20:14 - 2013-08-11 20:14 - 01946102 _____ C:\Users\gskainth\Downloads\Test_Landmarks completed.csv
2013-08-11 20:13 - 2013-08-11 20:14 - 03583488 _____ C:\Users\gskainth\Downloads\Test_Landmarks completed.xls
2013-08-11 20:05 - 2013-08-11 20:05 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-08-11 19:28 - 2013-08-11 19:32 - 00000000 ____D C:\Users\gskainth\Desktop\sorted data
2013-08-11 01:39 - 2013-08-11 01:39 - 00000376 _____ C:\Windows\ODBC.INI
2013-08-11 01:38 - 2013-08-11 01:38 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-08-10 15:28 - 2013-08-10 15:28 - 00001268 _____ C:\Users\gskainth\Desktop\Revo Uninstaller.lnk
2013-08-10 12:48 - 2013-08-10 15:28 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-10 12:29 - 2013-08-10 12:29 - 00003338 _____ C:\Windows\System32\Tasks\{768CC937-BBBF-494F-BC1B-B6F190365CAE}
2013-08-10 12:19 - 2013-08-10 12:19 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Optimizer Pro
2013-08-10 12:13 - 2013-08-10 12:14 - 00002582 _____ C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\WinRAR
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Program Files\WinRAR
2013-08-10 10:50 - 2013-08-10 13:14 - 00000000 ____D C:\Users\gskainth\Desktop\New folder (2)
2013-08-10 09:02 - 2013-08-10 09:05 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\gskainth\Documents\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-08-10 08:55 - 2013-08-10 08:55 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Oracle
2013-08-10 08:52 - 2013-08-10 08:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-10 08:52 - 2013-08-10 08:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-08 21:06 - 2013-08-08 21:06 - 00000000 ____D C:\Users\gskainth\AppData\Local\{AA39F34C-6F13-47FD-AE3F-071C5B8745A7}
2013-08-08 06:27 - 2013-08-08 06:29 - 00000000 ____D C:\Users\gskainth\AppData\Local\{3C2F7639-C843-4034-9793-32431ADABB51}
2013-08-07 22:13 - 2013-08-07 22:13 - 00012116 _____ C:\Users\gskainth\Desktop\employees.htm
2013-08-07 20:58 - 2013-08-07 20:58 - 00000000 ____D C:\Users\gskainth\AppData\Local\{6A67CCC3-A3C0-44AD-B8A2-D4BFE3FF6ED2}
2013-08-04 17:16 - 2013-08-04 17:18 - 00000000 ____D C:\Users\gskainth\Desktop\schedules
2013-08-03 23:21 - 2013-08-03 23:23 - 01248931 _____ C:\Users\gskainth\Desktop\WinnipegAll.xlsx
2013-08-03 00:02 - 2013-08-03 00:02 - 00688992 ____R (Swearware) C:\Users\gskainth\Desktop\dds.com
2013-08-03 00:01 - 2013-08-03 00:01 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Malwarebytes
2013-08-03 00:00 - 2013-08-03 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 00:00 - 2013-08-03 00:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 00:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-02 23:40 - 2013-08-10 12:13 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-02 13:12 - 2013-08-02 13:12 - 00002178 _____ C:\Users\Public\Desktop\Rogers Connection Manager.lnk
2013-08-02 13:12 - 2013-08-02 13:12 - 00000000 ____D C:\Program Files (x86)\Rogers
2013-08-02 13:11 - 2013-08-02 13:13 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Sierra Wireless
2013-08-02 13:11 - 2013-08-02 13:12 - 00000000 ____D C:\Program Files (x86)\Sierra Wireless Inc
2013-08-02 13:11 - 2013-08-02 13:11 - 00000000 ____D C:\ProgramData\Sierra Wireless
2013-08-02 13:11 - 2011-05-28 13:45 - 00297472 _____ (Sierra Wireless Inc.) C:\Windows\system32\Drivers\swnc8ua3.sys
2013-08-02 13:11 - 2011-05-16 13:44 - 00109312 _____ (Sierra Wireless Inc.) C:\Windows\system32\Drivers\swiwdmbx64.sys
2013-08-02 13:11 - 2011-05-13 15:54 - 00258432 _____ (Sierra Wireless Incorporated) C:\Windows\system32\Drivers\swg3kser00.sys
2013-07-29 22:15 - 2013-07-29 22:15 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\DownLite
2013-07-29 22:13 - 2013-08-11 02:00 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Azureus
2013-07-29 22:13 - 2013-07-29 22:13 - 00001852 _____ C:\Users\Public\Desktop\Vuze.lnk
2013-07-29 22:13 - 2013-07-29 22:13 - 00000000 ____D C:\Users\gskainth\.swt
2013-07-29 22:12 - 2013-07-29 22:13 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-07-29 21:49 - 2013-07-29 21:49 - 00002956 _____ C:\Windows\System32\Tasks\{54BE7F6F-C6DB-43B5-9612-7310C4B132EE}
2013-07-29 21:49 - 2013-07-29 21:49 - 00002956 _____ C:\Windows\System32\Tasks\{40B03322-4137-4492-AB63-403BDBE67148}
2013-07-29 21:10 - 2013-08-07 07:54 - 00000000 ____D C:\Users\gskainth\Desktop\New folder
2013-07-28 23:08 - 2013-08-17 21:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 23:08 - 2013-08-17 19:13 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 23:08 - 2013-08-11 01:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-28 23:08 - 2013-07-28 23:08 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-28 23:08 - 2013-07-28 23:08 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-28 18:56 - 2013-07-28 20:23 - 07557120 _____ C:\Users\gskainth\Documents\Call Center.ssf
2013-07-28 18:56 - 2013-07-28 18:56 - 00000000 ____D C:\ProgramData\Business Management Systems
2013-07-28 01:09 - 2013-07-28 01:09 - 00000000 ____D C:\Users\gskainth\AppData\Local\Business_Management_Syste
2013-07-21 23:35 - 2013-08-11 01:25 - 00000000 ____D C:\Users\gskainth\AppData\Local\Google
2013-07-21 23:34 - 2013-07-21 23:35 - 00000000 ____D C:\Users\gskainth\AppData\Local\Deployment
2013-07-21 23:34 - 2013-07-21 23:34 - 00000000 ____D C:\Users\gskainth\AppData\Local\Apps\2.0
2013-07-21 21:22 - 2013-07-21 21:22 - 00000000 ____D C:\Users\gskainth\AppData\Local\{83C37563-7F13-4BDF-B64F-16E55EDEB4A1}

==================== One Month Modified Files and Folders =======

2013-08-17 22:10 - 2013-08-17 22:10 - 01575580 _____ (Farbar) C:\Users\gskainth\Downloads\FRST64.exe
2013-08-17 21:49 - 2013-05-27 18:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-17 21:31 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 21:31 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 21:24 - 2011-08-11 17:22 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-17 21:23 - 2013-07-28 23:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 21:22 - 2011-08-11 17:08 - 00000000 ____D C:\Users\gskainth\AppData\Local\VirtualStore
2013-08-17 21:22 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 21:22 - 2009-07-13 23:51 - 00086764 _____ C:\Windows\setupact.log
2013-08-17 20:11 - 2011-06-05 08:43 - 01085277 _____ C:\Windows\WindowsUpdate.log
2013-08-17 19:13 - 2013-07-28 23:08 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 18:15 - 2010-11-20 22:47 - 00385382 _____ C:\Windows\PFRO.log
2013-08-14 23:20 - 2013-08-14 23:20 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-08-14 22:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 21:32 - 2013-08-14 21:32 - 00071304 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-08-14 20:24 - 2009-07-14 00:13 - 00732510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 20:22 - 2013-08-14 20:21 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:21 - 2011-08-30 18:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 19:49 - 2013-08-14 19:49 - 00071304 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-08-14 19:45 - 2013-08-14 19:34 - 00000000 ____D C:\Users\gskainth\Desktop\RK_Quarantine
2013-08-12 23:54 - 2013-08-12 23:41 - 06651392 _____ C:\Users\gskainth\Desktop\Test_Landmarks completed_Excel.xls
2013-08-12 08:11 - 2009-07-13 23:45 - 00326560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-11 21:03 - 2013-08-11 21:02 - 00000000 ____D C:\Users\gskainth\Desktop\apartments from india
2013-08-11 20:23 - 2013-08-11 20:22 - 00000000 ____D C:\Users\gskainth\Desktop\landmark orderly ram
2013-08-11 20:19 - 2013-08-11 20:18 - 00000000 ____D C:\Users\gskainth\Desktop\winnipeg all original
2013-08-11 20:18 - 2013-08-11 20:18 - 00000000 ____D C:\Users\gskainth\Downloads\WinnipegAll
2013-08-11 20:17 - 2013-08-11 20:17 - 00973457 _____ C:\Users\gskainth\Downloads\WinnipegAll.zip
2013-08-11 20:15 - 2013-08-11 20:14 - 00000000 ____D C:\Users\gskainth\Desktop\winnipeg allmodiefied by india
2013-08-11 20:14 - 2013-08-11 20:14 - 01946102 _____ C:\Users\gskainth\Downloads\Test_Landmarks completed.csv
2013-08-11 20:14 - 2013-08-11 20:13 - 03583488 _____ C:\Users\gskainth\Downloads\Test_Landmarks completed.xls
2013-08-11 20:05 - 2013-08-11 20:05 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-08-11 20:05 - 2011-08-11 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-11 19:32 - 2013-08-11 19:28 - 00000000 ____D C:\Users\gskainth\Desktop\sorted data
2013-08-11 02:00 - 2013-07-29 22:13 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Azureus
2013-08-11 01:59 - 2012-01-13 23:25 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\SoftGrid Client
2013-08-11 01:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-11 01:39 - 2013-08-11 01:39 - 00000376 _____ C:\Windows\ODBC.INI
2013-08-11 01:38 - 2013-08-11 01:38 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-08-11 01:38 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2013-08-11 01:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system
2013-08-11 01:25 - 2013-07-28 23:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 01:25 - 2013-07-21 23:35 - 00000000 ____D C:\Users\gskainth\AppData\Local\Google
2013-08-11 00:40 - 2011-06-05 08:59 - 00001024 ___RH C:\Users\Public\Documents\NTILiveUpdateV9.dll
2013-08-11 00:40 - 2011-06-05 08:58 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll
2013-08-10 16:01 - 2012-01-13 05:50 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\VideoBuzz
2013-08-10 15:28 - 2013-08-10 15:28 - 00001268 _____ C:\Users\gskainth\Desktop\Revo Uninstaller.lnk
2013-08-10 15:28 - 2013-08-10 12:48 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-10 13:14 - 2013-08-10 10:50 - 00000000 ____D C:\Users\gskainth\Desktop\New folder (2)
2013-08-10 12:38 - 2012-01-13 05:50 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-10 12:29 - 2013-08-10 12:29 - 00003338 _____ C:\Windows\System32\Tasks\{768CC937-BBBF-494F-BC1B-B6F190365CAE}
2013-08-10 12:19 - 2013-08-10 12:19 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Optimizer Pro
2013-08-10 12:15 - 2011-08-11 17:08 - 00000000 ___HD C:\Users\gskainth
2013-08-10 12:14 - 2013-08-10 12:13 - 00002582 _____ C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-08-10 12:13 - 2013-08-02 23:40 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\WinRAR
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Program Files\WinRAR
2013-08-10 09:05 - 2013-08-10 09:02 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\gskainth\Documents\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-08-10 08:55 - 2013-08-10 08:55 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Oracle
2013-08-10 08:52 - 2013-08-10 08:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-10 08:52 - 2013-08-10 08:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-10 08:52 - 2013-04-21 12:48 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-10 08:52 - 2011-08-11 17:58 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-09 23:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-08 21:06 - 2013-08-08 21:06 - 00000000 ____D C:\Users\gskainth\AppData\Local\{AA39F34C-6F13-47FD-AE3F-071C5B8745A7}
2013-08-08 06:29 - 2013-08-08 06:27 - 00000000 ____D C:\Users\gskainth\AppData\Local\{3C2F7639-C843-4034-9793-32431ADABB51}
2013-08-07 22:13 - 2013-08-07 22:13 - 00012116 _____ C:\Users\gskainth\Desktop\employees.htm
2013-08-07 20:58 - 2013-08-07 20:58 - 00000000 ____D C:\Users\gskainth\AppData\Local\{6A67CCC3-A3C0-44AD-B8A2-D4BFE3FF6ED2}
2013-08-07 07:54 - 2013-07-29 21:10 - 00000000 ____D C:\Users\gskainth\Desktop\New folder
2013-08-06 22:41 - 2011-08-16 18:49 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Mozilla
2013-08-06 22:25 - 2013-07-07 19:49 - 00000000 ____D C:\Program Files (x86)\DRoster
2013-08-05 09:08 - 2009-07-14 00:08 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-04 17:18 - 2013-08-04 17:16 - 00000000 ____D C:\Users\gskainth\Desktop\schedules
2013-08-03 23:23 - 2013-08-03 23:21 - 01248931 _____ C:\Users\gskainth\Desktop\WinnipegAll.xlsx
2013-08-03 00:40 - 2013-07-06 09:46 - 00000000 ____D C:\ProgramData\firebird
2013-08-03 00:02 - 2013-08-03 00:02 - 00688992 ____R (Swearware) C:\Users\gskainth\Desktop\dds.com
2013-08-03 00:01 - 2013-08-03 00:01 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Malwarebytes
2013-08-03 00:00 - 2013-08-03 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 00:00 - 2013-08-03 00:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-02 13:13 - 2013-08-02 13:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Sierra Wireless
2013-08-02 13:12 - 2013-08-02 13:12 - 00002178 _____ C:\Users\Public\Desktop\Rogers Connection Manager.lnk
2013-08-02 13:12 - 2013-08-02 13:12 - 00000000 ____D C:\Program Files (x86)\Rogers
2013-08-02 13:12 - 2013-08-02 13:11 - 00000000 ____D C:\Program Files (x86)\Sierra Wireless Inc
2013-08-02 13:11 - 2013-08-02 13:11 - 00000000 ____D C:\ProgramData\Sierra Wireless
2013-07-29 22:15 - 2013-07-29 22:15 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\DownLite
2013-07-29 22:13 - 2013-07-29 22:13 - 00001852 _____ C:\Users\Public\Desktop\Vuze.lnk
2013-07-29 22:13 - 2013-07-29 22:13 - 00000000 ____D C:\Users\gskainth\.swt
2013-07-29 22:13 - 2013-07-29 22:12 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-07-29 21:49 - 2013-07-29 21:49 - 00002956 _____ C:\Windows\System32\Tasks\{54BE7F6F-C6DB-43B5-9612-7310C4B132EE}
2013-07-29 21:49 - 2013-07-29 21:49 - 00002956 _____ C:\Windows\System32\Tasks\{40B03322-4137-4492-AB63-403BDBE67148}
2013-07-28 23:08 - 2013-07-28 23:08 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-28 23:08 - 2013-07-28 23:08 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-28 20:23 - 2013-07-28 18:56 - 07557120 _____ C:\Users\gskainth\Documents\Call Center.ssf
2013-07-28 18:56 - 2013-07-28 18:56 - 00000000 ____D C:\ProgramData\Business Management Systems
2013-07-28 01:09 - 2013-07-28 01:09 - 00000000 ____D C:\Users\gskainth\AppData\Local\Business_Management_Syste
2013-07-26 00:13 - 2013-08-14 20:27 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 00:13 - 2013-08-14 20:27 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 00:13 - 2013-08-14 20:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 00:12 - 2013-08-14 20:27 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 22:35 - 2013-08-14 20:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 22:13 - 2013-08-14 20:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 22:13 - 2013-08-14 20:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 22:11 - 2013-08-14 20:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 22:11 - 2013-08-14 20:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 21:49 - 2013-08-14 20:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 21:39 - 2013-08-14 20:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 20:59 - 2013-08-14 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 04:25 - 2013-08-14 19:00 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 03:57 - 2013-08-14 19:00 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-21 23:35 - 2013-07-21 23:34 - 00000000 ____D C:\Users\gskainth\AppData\Local\Deployment
2013-07-21 23:34 - 2013-07-21 23:34 - 00000000 ____D C:\Users\gskainth\AppData\Local\Apps\2.0
2013-07-21 21:22 - 2013-07-21 21:22 - 00000000 ____D C:\Users\gskainth\AppData\Local\{83C37563-7F13-4BDF-B64F-16E55EDEB4A1}
2013-07-18 20:58 - 2013-08-14 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-18 20:41 - 2013-08-14 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 22:41

==================== End Of Log ============================

 

[randyhawk]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2013
Ran by gskainth at 2013-08-17 22:12:14
Running from C:\Users\gskainth\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


Acer Backup Manager (x32 Version: 3.0.0.85)
Acer Crystal Eye Webcam (x32 Version: 1.0.1510)
Acer ePower Management (x32 Version: 6.00.3006)
Acer eRecovery Management (x32 Version: 5.00.3002)
Acer Games (x32 Version: 1.0.2.4)
Acer Registration (x32 Version: 1.03.3004)
Acer ScreenSaver (x32 Version: 1.1.1130.2010)
Acer Updater (x32 Version: 1.02.3005)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Backup Manager V3 (x32 Version: 3.0.0.85)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Broadcom Card Reader Driver Installer (Version: 14.6.1.2)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.2)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
clear.fi (x32 Version: 1.0.1422.00)
clear.fi (x32 Version: 9.0.7418)
clear.fi Client (x32 Version: 1.00.3008)
ClockIt: Easy Schedule Creator V7.2.3 - Freeware - (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.4)
Dora's World Adventure (x32 Version: 2.2.0.95)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Firebird 2.5.0.26074 (Win32) (x32 Version: 2.5.0.26074)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.95)
Google Talk Plugin (x32 Version: 4.4.2.14502)
Google Update Helper (x32 Version: 1.3.21.153)
Identity Card (x32 Version: 1.00.3006)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2342)
Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Quest Heritage (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaEspresso (x32 Version: 1.0.1418_35759)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSI to redistribute MS VS2005 CRT libraries (x32 Version: 8.0.50727.42)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
MyWinLocker (Version: 4.0.14.11)
MyWinLocker 4 (x32 Version: 4.0.14.11)
MyWinLocker Suite (x32 Version: 4.0.14.11)
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)
NTI Media Maker 9 (x32 Version: 9.0.2.8942)
NVIDIA Control Panel 267.21 (Version: 267.21)
NVIDIA Graphics Driver 267.21 (Version: 267.21)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6329)
RegClean Pro (x32 Version: 6.21)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Rogers Connection Manager (x32 Version: 6.0.3321.5603)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
SanctionedMedia (HKCU Version: 4.5.0.0)
Shredder (Version: 2.0.8.7)
Shredder (x32 Version: 2.0.8.7)
Synaptics Pointing Device Driver (Version: 15.1.6.0)
The Weather Network (HKCU Version: 6.0.2.5)
Torchlight (x32 Version: 2.2.0.95)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Vuze (x32 Version: 5.0.0.0)
Welcome Center (x32 Version: 1.02.3102)
WIDCOMM Bluetooth Software (Version: 6.3.0.7300)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.31)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 5.00 beta 8 (64-bit) (Version: 5.00.8)
Yahoo! Detect (x32)
ZoneAlarm LTD Toolbar
Zuma's Revenge (x32 Version: 2.2.0.95)

==================== Restore Points =========================

12-08-2013 01:05:25 Installed Compatibility Pack for the 2007 Office system
12-08-2013 03:09:14 Windows Update
13-08-2013 11:54:09 Windows Update
15-08-2013 00:50:30 before new anitvirus
15-08-2013 01:18:54 Malwarebytes Anti-Rootkit Restore Point
15-08-2013 01:20:02 Windows Update
15-08-2013 02:11:47 Malwarebytes Anti-Rootkit Restore Point
15-08-2013 04:54:42 Malwarebytes Anti-Rootkit Restore Point
17-08-2013 00:38:37 Malwarebytes Anti-Rootkit Restore Point
17-08-2013 23:14:08 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0881CD16-F197-40EB-9A11-57F1FC6A8B01} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {447B6BB2-9129-4CA8-B003-67CB8969EC60} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {4A077C2E-7D55-42A0-91A7-2288BE15148D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {4FCD36CB-7909-4E3B-92D1-1CFB13BD6963} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {5BF69BC3-5398-4387-BCB5-0F54B8B332E9} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe No File
Task: {5E2B6E9D-05FD-4762-9E35-83A133E1475F} - System32\Tasks\{40B03322-4137-4492-AB63-403BDBE67148} => D:\Office 2010 Toolkit - Run This.exe [2013-07-07] ()
Task: {7FCE88DD-3AB7-412A-991B-0035191263D9} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {A6562307-086E-4CDD-8649-4A11EE17B40D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {BCA5291D-E6B4-4F90-9C99-748F32A1216B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-28] (Google Inc.)
Task: {C1F103EE-31D9-465F-8A50-0CCD99987FBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: {CDBE609C-16DE-45B1-9285-0DE8D3824798} - System32\Tasks\{ADADD69E-1DBD-43B2-A63F-D47A8491D970} => c:\program files (x86)\mozilla firefox\firefox.exe No File
Task: {F6AE555A-544C-4D8F-BAF9-E7F08B71F3C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-28] (Google Inc.)
Task: {FC66AB26-05F4-40A8-8FE9-1ECCDC9AC4CA} - System32\Tasks\{54BE7F6F-C6DB-43B5-9612-7310C4B132EE} => D:\Office 2010 Toolkit - Run This.exe [2013-07-07] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2013 09:23:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 07:48:29 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/17/2013 06:16:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 05:34:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 01:29:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2013 07:41:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2013 06:08:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2013 08:01:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2013 10:28:18 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/15/2013 10:09:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/14/2013 08:19:16 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1314

Error: (08/14/2013 08:19:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1290

Error: (08/14/2013 08:19:13 PM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1290

Error: (08/14/2013 08:19:11 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1290

Error: (08/14/2013 08:19:11 PM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1290

Error: (08/14/2013 08:19:10 PM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1290

Error: (08/14/2013 06:50:31 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/14/2013 06:50:31 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/14/2013 06:50:25 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/14/2013 06:50:25 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (08/17/2013 09:23:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 07:48:29 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (08/17/2013 06:16:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 05:34:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2013 01:29:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2013 07:41:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2013 06:08:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2013 08:01:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2013 10:28:18 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (08/15/2013 10:09:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-08-02 15:24:12.021
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-02 15:24:11.928
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-02 13:13:01.325
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-02 13:13:01.263
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-11 23:19:23.635
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-11 23:19:23.589
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8043.86 MB
Available physical RAM: 5869.47 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13467.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:683.54 GB) (Free:623.2 GB) NTFS
Drive d: (Office.2010.Toolkit.and.EZ-Activ) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A3776C45)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Re-run FRST one more time and post new log.

 

[randyhawk]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2013
Ran by gskainth at 2013-08-18 17:04:07 Run:1
Running from C:\Users\gskainth\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: E - E:\autorun.exe
MountPoints2: {9e771140-fb9e-11e2-949d-c0f8da7f8ba8} - E:\WIN\setup.exe -ap
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: No Name - {02edb56b-9b33-435b-b7df-b2843273a694} - No File
BHO-x32: No Name - {6ec74131-08b2-4f67-a9bc-5914ef1edb97} - No File
Toolbar: HKCU - No Name - {6EC74131-08B2-4F67-A9BC-5914EF1EDB97} - No File
Toolbar: HKCU - No Name - {02EDB56B-9B33-435B-B7DF-B2843273A694} - No File
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98}
Task: {5BF69BC3-5398-4387-BCB5-0F54B8B332E9} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe No File
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e771140-fb9e-11e2-949d-c0f8da7f8ba8} => Key deleted successfully.
HKCR\CLSID\{9e771140-fb9e-11e2-949d-c0f8da7f8ba8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02edb56b-9b33-435b-b7df-b2843273a694} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02edb56b-9b33-435b-b7df-b2843273a694} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ec74131-08b2-4f67-a9bc-5914ef1edb97} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6ec74131-08b2-4f67-a9bc-5914ef1edb97} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97} => Value deleted successfully.
HKCR\CLSID\{6EC74131-08B2-4F67-A9BC-5914EF1EDB97} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{02EDB56B-9B33-435B-B7DF-B2843273A694} => Value deleted successfully.
HKCR\CLSID\{02EDB56B-9B33-435B-B7DF-B2843273A694} => Key not found.
HKCR\PROTOCOLS\Handler\Handler: msdaipp - No CLSID Value - => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\Handler-x32: msdaipp - No CLSID Value - => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Program Files (x86)\Google\Desktop\Install\{bda4f5ac-389f-645b-5c3c-87463bee4c98} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BF69BC3-5398-4387-BCB5-0F54B8B332E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BF69BC3-5398-4387-BCB5-0F54B8B332E9} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro_UPDATES => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key deleted successfully.
C:\Windows\Tasks\RegClean Pro_UPDATES.job => Moved successfully.

==== End of Fixlog ====

 

[Broni]

Re-run FRST one more time and post new log.

 

[randyhawk]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by gskainth (administrator) on 19-08-2013 08:24:26
Running from C:\Users\gskainth\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\IERA\IERA64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Pelmorex Media Inc.) C:\Users\gskainth\AppData\Local\The Weather Network\weathereye.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKCU\...\Run: [WeatherEye] - C:\Users\gskainth\AppData\Local\The Weather Network\WeatherEye.exe [310920 2012-08-30] (Pelmorex Media Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TRUUpdater] - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] - C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKU\Default\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} [x]
HKU\Guest\...\Run: [WeatherEye] - C:\Users\Guest\AppData\Local\The Weather Network\WeatherEye.exe [x]
HKU\Guest\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=10/08/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/stg_drm.ocx
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/armhelper.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 64.59.176.13 64.59.177.226
Tcpip\..\Interfaces\{00645C10-F0C3-4CAF-AC11-185A15DFB214}: [NameServer]64.71.255.198 64.71.255.253
Tcpip\..\Interfaces\{95EA9B33-E0E9-4C40-9C3E-BBF6200B7F8B}: [NameServer]64.71.255.198 64.71.255.253

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\gskainth\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\gskainth\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\gskainth\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: trtv3 - C:\Users\gskainth\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome:
=======
CHR HomePage: hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=CA&userid=a61b348d-26ad-4d75-8ae9-69f89f7bf682&searchtype=hp&installDate=18/05/2013
CHR RestoreOnStartup: "hxxp://www.google.ca/?gws_rd=cr", "hxxp://www.youtube.com/?ref=chrome-exp", "https://www.google.com", "hxxp://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN62689657425179121&UM=2", "hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=CA&userid=bc954267-2a17-17f7-44c5-68d23a6330e7&searchtype=hp&installDate=10/08/2013"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\gskainth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Torrent Search) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee\1.2.0.3_0
CHR Extension: (Google Docs) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (TV) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0
CHR Extension: (YouTube) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (PartyCloud) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko\4.1_0
CHR Extension: (YouTube Feed) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmclllfjjmmdmhjobjdgfnggfhljboa\1.3.4.1_0
CHR Extension: (Crazy Shooting) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbhccdddhenjmeamogpjhicnoffdood\1.0.0_0
CHR Extension: (Until AM) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.203_0
CHR Extension: (Traffic Talent) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgegdofhghiobhllaniipmplkbligpi\1_0
CHR Extension: (Gmail) - C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project)
R2 IERA; C:\Program Files (x86)\Sierra Wireless Inc\IERA\IERA64.exe [202096 2011-06-16] (Sierra Wireless, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-27] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-14] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-08-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.)
S3 libusb0; system32\drivers\libusb0.sys [x]
S3 SWUMX20; No ImagePath

==================== NetSvcs (Whitelisted) ===================

 

[randyhawk]

==================== One Month Created Files and Folders ========

2013-08-17 22:11 - 2013-08-17 22:11 - 00000000 ____D C:\FRST
2013-08-17 22:10 - 2013-08-17 22:10 - 01575580 _____ (Farbar) C:\Users\gskainth\Downloads\FRST64.exe
2013-08-14 23:20 - 2013-08-14 23:20 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-08-14 21:32 - 2013-08-14 21:32 - 00071304 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-08-14 20:27 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 20:27 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 20:27 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 20:27 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 20:27 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 20:27 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 20:27 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 20:27 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 20:27 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 20:27 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 20:27 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 20:27 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 20:27 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 20:27 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 20:21 - 2013-08-14 20:22 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 19:49 - 2013-08-14 19:49 - 00071304 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-08-14 19:34 - 2013-08-14 19:45 - 00000000 ____D C:\Users\gskainth\Desktop\RK_Quarantine
2013-08-14 19:00 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 19:00 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 19:00 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 19:00 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 19:00 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 19:00 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 19:00 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 19:00 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 19:00 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 19:00 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 19:00 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 19:00 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 19:00 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 19:00 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 18:59 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 18:59 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 18:59 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 18:59 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 18:59 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 18:59 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 18:59 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 18:59 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 18:59 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 18:59 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 18:59 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 18:59 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 18:59 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-12 23:41 - 2013-08-12 23:54 - 06651392 _____ C:\Users\gskainth\Desktop\Test_Landmarks completed_Excel.xls
2013-08-11 21:02 - 2013-08-11 21:03 - 00000000 ____D C:\Users\gskainth\Desktop\apartments from india
2013-08-11 20:22 - 2013-08-11 20:23 - 00000000 ____D C:\Users\gskainth\Desktop\landmark orderly ram
2013-08-11 20:18 - 2013-08-11 20:19 - 00000000 ____D C:\Users\gskainth\Desktop\winnipeg all original
2013-08-11 20:18 - 2013-08-11 20:18 - 00000000 ____D C:\Users\gskainth\Downloads\WinnipegAll
2013-08-11 20:17 - 2013-08-11 20:17 - 00973457 _____ C:\Users\gskainth\Downloads\WinnipegAll.zip
2013-08-11 20:14 - 2013-08-11 20:15 - 00000000 ____D C:\Users\gskainth\Desktop\winnipeg allmodiefied by india
2013-08-11 20:14 - 2013-08-11 20:14 - 01946102 _____ C:\Users\gskainth\Downloads\Test_Landmarks completed.csv
2013-08-11 20:13 - 2013-08-11 20:14 - 03583488 _____ C:\Users\gskainth\Downloads\Test_Landmarks completed.xls
2013-08-11 20:05 - 2013-08-11 20:05 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-08-11 19:28 - 2013-08-11 19:32 - 00000000 ____D C:\Users\gskainth\Desktop\sorted data
2013-08-11 01:39 - 2013-08-11 01:39 - 00000376 _____ C:\Windows\ODBC.INI
2013-08-11 01:38 - 2013-08-11 01:38 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-08-10 15:28 - 2013-08-10 15:28 - 00001268 _____ C:\Users\gskainth\Desktop\Revo Uninstaller.lnk
2013-08-10 12:48 - 2013-08-10 15:28 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-10 12:29 - 2013-08-10 12:29 - 00003338 _____ C:\Windows\System32\Tasks\{768CC937-BBBF-494F-BC1B-B6F190365CAE}
2013-08-10 12:19 - 2013-08-10 12:19 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Optimizer Pro
2013-08-10 12:13 - 2013-08-10 12:14 - 00002582 _____ C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\WinRAR
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Program Files\WinRAR
2013-08-10 10:50 - 2013-08-10 13:14 - 00000000 ____D C:\Users\gskainth\Desktop\New folder (2)
2013-08-10 09:02 - 2013-08-10 09:05 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\gskainth\Documents\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-08-10 08:55 - 2013-08-10 08:55 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Oracle
2013-08-10 08:52 - 2013-08-10 08:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-10 08:52 - 2013-08-10 08:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-08 21:06 - 2013-08-08 21:06 - 00000000 ____D C:\Users\gskainth\AppData\Local\{AA39F34C-6F13-47FD-AE3F-071C5B8745A7}
2013-08-08 06:27 - 2013-08-08 06:29 - 00000000 ____D C:\Users\gskainth\AppData\Local\{3C2F7639-C843-4034-9793-32431ADABB51}
2013-08-07 22:13 - 2013-08-07 22:13 - 00012116 _____ C:\Users\gskainth\Desktop\employees.htm
2013-08-07 20:58 - 2013-08-07 20:58 - 00000000 ____D C:\Users\gskainth\AppData\Local\{6A67CCC3-A3C0-44AD-B8A2-D4BFE3FF6ED2}
2013-08-04 17:16 - 2013-08-04 17:18 - 00000000 ____D C:\Users\gskainth\Desktop\schedules
2013-08-03 23:21 - 2013-08-03 23:23 - 01248931 _____ C:\Users\gskainth\Desktop\WinnipegAll.xlsx
2013-08-03 00:02 - 2013-08-03 00:02 - 00688992 ____R (Swearware) C:\Users\gskainth\Desktop\dds.com
2013-08-03 00:01 - 2013-08-03 00:01 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Malwarebytes
2013-08-03 00:00 - 2013-08-03 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 00:00 - 2013-08-03 00:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-03 00:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-02 23:40 - 2013-08-10 12:13 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-02 13:12 - 2013-08-02 13:12 - 00002178 _____ C:\Users\Public\Desktop\Rogers Connection Manager.lnk
2013-08-02 13:12 - 2013-08-02 13:12 - 00000000 ____D C:\Program Files (x86)\Rogers
2013-08-02 13:11 - 2013-08-02 13:13 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Sierra Wireless
2013-08-02 13:11 - 2013-08-02 13:12 - 00000000 ____D C:\Program Files (x86)\Sierra Wireless Inc
2013-08-02 13:11 - 2013-08-02 13:11 - 00000000 ____D C:\ProgramData\Sierra Wireless
2013-08-02 13:11 - 2011-05-28 13:45 - 00297472 _____ (Sierra Wireless Inc.) C:\Windows\system32\Drivers\swnc8ua3.sys
2013-08-02 13:11 - 2011-05-16 13:44 - 00109312 _____ (Sierra Wireless Inc.) C:\Windows\system32\Drivers\swiwdmbx64.sys
2013-08-02 13:11 - 2011-05-13 15:54 - 00258432 _____ (Sierra Wireless Incorporated) C:\Windows\system32\Drivers\swg3kser00.sys
2013-07-29 22:15 - 2013-07-29 22:15 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\DownLite
2013-07-29 22:13 - 2013-08-11 02:00 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Azureus
2013-07-29 22:13 - 2013-07-29 22:13 - 00001852 _____ C:\Users\Public\Desktop\Vuze.lnk
2013-07-29 22:13 - 2013-07-29 22:13 - 00000000 ____D C:\Users\gskainth\.swt
2013-07-29 22:12 - 2013-07-29 22:13 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-07-29 21:49 - 2013-07-29 21:49 - 00002956 _____ C:\Windows\System32\Tasks\{54BE7F6F-C6DB-43B5-9612-7310C4B132EE}
2013-07-29 21:49 - 2013-07-29 21:49 - 00002956 _____ C:\Windows\System32\Tasks\{40B03322-4137-4492-AB63-403BDBE67148}
2013-07-29 21:10 - 2013-08-07 07:54 - 00000000 ____D C:\Users\gskainth\Desktop\New folder
2013-07-28 23:08 - 2013-08-19 08:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-28 23:08 - 2013-08-19 08:13 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-28 23:08 - 2013-08-11 01:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-28 23:08 - 2013-07-28 23:08 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-28 23:08 - 2013-07-28 23:08 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-28 18:56 - 2013-07-28 20:23 - 07557120 _____ C:\Users\gskainth\Documents\Call Center.ssf
2013-07-28 18:56 - 2013-07-28 18:56 - 00000000 ____D C:\ProgramData\Business Management Systems
2013-07-28 01:09 - 2013-07-28 01:09 - 00000000 ____D C:\Users\gskainth\AppData\Local\Business_Management_Syste
2013-07-21 23:35 - 2013-08-11 01:25 - 00000000 ____D C:\Users\gskainth\AppData\Local\Google
2013-07-21 23:34 - 2013-07-21 23:35 - 00000000 ____D C:\Users\gskainth\AppData\Local\Deployment
2013-07-21 23:34 - 2013-07-21 23:34 - 00000000 ____D C:\Users\gskainth\AppData\Local\Apps\2.0
2013-07-21 21:22 - 2013-07-21 21:22 - 00000000 ____D C:\Users\gskainth\AppData\Local\{83C37563-7F13-4BDF-B64F-16E55EDEB4A1}

==================== One Month Modified Files and Folders =======

2013-08-19 08:16 - 2011-08-11 17:22 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-19 08:15 - 2013-07-28 23:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 08:15 - 2011-08-11 17:08 - 00000000 ____D C:\Users\gskainth\AppData\Local\VirtualStore
2013-08-19 08:13 - 2013-07-28 23:08 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-19 08:09 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-19 08:09 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-19 08:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 08:02 - 2009-07-13 23:51 - 00086932 _____ C:\Windows\setupact.log
2013-08-19 06:15 - 2011-06-05 08:43 - 01158535 _____ C:\Windows\WindowsUpdate.log
2013-08-19 05:49 - 2013-05-27 18:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-17 22:11 - 2013-08-17 22:11 - 00000000 ____D C:\FRST
2013-08-17 22:10 - 2013-08-17 22:10 - 01575580 _____ (Farbar) C:\Users\gskainth\Downloads\FRST64.exe
2013-08-17 18:15 - 2010-11-20 22:47 - 00385382 _____ C:\Windows\PFRO.log
2013-08-14 23:20 - 2013-08-14 23:20 - 00036680 _____ C:\Windows\system32\Drivers\mbamchameleon.sys
2013-08-14 22:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 21:32 - 2013-08-14 21:32 - 00071304 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-08-14 20:24 - 2009-07-14 00:13 - 00732510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 20:22 - 2013-08-14 20:21 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 20:21 - 2011-08-30 18:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 19:49 - 2013-08-14 19:49 - 00071304 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-08-14 19:45 - 2013-08-14 19:34 - 00000000 ____D C:\Users\gskainth\Desktop\RK_Quarantine
2013-08-12 23:54 - 2013-08-12 23:41 - 06651392 _____ C:\Users\gskainth\Desktop\Test_Landmarks completed_Excel.xls
2013-08-12 08:11 - 2009-07-13 23:45 - 00326560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-11 21:03 - 2013-08-11 21:02 - 00000000 ____D C:\Users\gskainth\Desktop\apartments from india
2013-08-11 20:23 - 2013-08-11 20:22 - 00000000 ____D C:\Users\gskainth\Desktop\landmark orderly ram
2013-08-11 20:19 - 2013-08-11 20:18 - 00000000 ____D C:\Users\gskainth\Desktop\winnipeg all original
2013-08-11 20:18 - 2013-08-11 20:18 - 00000000 ____D C:\Users\gskainth\Downloads\WinnipegAll
2013-08-11 20:17 - 2013-08-11 20:17 - 00973457 _____ C:\Users\gskainth\Downloads\WinnipegAll.zip
2013-08-11 20:15 - 2013-08-11 20:14 - 00000000 ____D C:\Users\gskainth\Desktop\winnipeg allmodiefied by india
2013-08-11 20:14 - 2013-08-11 20:14 - 01946102 _____ C:\Users\gskainth\Downloads\Test_Landmarks completed.csv
2013-08-11 20:14 - 2013-08-11 20:13 - 03583488 _____ C:\Users\gskainth\Downloads\Test_Landmarks completed.xls
2013-08-11 20:05 - 2013-08-11 20:05 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-08-11 20:05 - 2011-08-11 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-11 19:32 - 2013-08-11 19:28 - 00000000 ____D C:\Users\gskainth\Desktop\sorted data
2013-08-11 02:00 - 2013-07-29 22:13 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Azureus
2013-08-11 01:59 - 2012-01-13 23:25 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\SoftGrid Client
2013-08-11 01:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-11 01:39 - 2013-08-11 01:39 - 00000376 _____ C:\Windows\ODBC.INI
2013-08-11 01:38 - 2013-08-11 01:38 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-08-11 01:38 - 2010-11-21 02:16 - 00000000 ____D C:\Windows\ShellNew
2013-08-11 01:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system
2013-08-11 01:25 - 2013-07-28 23:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-11 01:25 - 2013-07-21 23:35 - 00000000 ____D C:\Users\gskainth\AppData\Local\Google
2013-08-11 00:40 - 2011-06-05 08:59 - 00001024 ___RH C:\Users\Public\Documents\NTILiveUpdateV9.dll
2013-08-11 00:40 - 2011-06-05 08:58 - 00001024 ___RH C:\Users\Public\Documents\NTIMMV9Acer.dll
2013-08-10 16:01 - 2012-01-13 05:50 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\VideoBuzz
2013-08-10 15:28 - 2013-08-10 15:28 - 00001268 _____ C:\Users\gskainth\Desktop\Revo Uninstaller.lnk
2013-08-10 15:28 - 2013-08-10 12:48 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-08-10 13:14 - 2013-08-10 10:50 - 00000000 ____D C:\Users\gskainth\Desktop\New folder (2)
2013-08-10 12:38 - 2012-01-13 05:50 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-10 12:29 - 2013-08-10 12:29 - 00003338 _____ C:\Windows\System32\Tasks\{768CC937-BBBF-494F-BC1B-B6F190365CAE}
2013-08-10 12:19 - 2013-08-10 12:19 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Optimizer Pro
2013-08-10 12:15 - 2011-08-11 17:08 - 00000000 ___HD C:\Users\gskainth
2013-08-10 12:14 - 2013-08-10 12:13 - 00002582 _____ C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-08-10 12:13 - 2013-08-02 23:40 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\WinRAR
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-10 12:11 - 2013-08-10 12:11 - 00000000 ____D C:\Program Files\WinRAR
2013-08-10 09:05 - 2013-08-10 09:02 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\gskainth\Documents\Microsoft Office 2007 Enterprise + Serial Key - {RedDragon}
2013-08-10 09:02 - 2013-08-10 09:02 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-08-10 08:55 - 2013-08-10 08:55 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Oracle
2013-08-10 08:52 - 2013-08-10 08:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-10 08:52 - 2013-08-10 08:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-10 08:52 - 2013-08-10 08:52 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-10 08:52 - 2013-04-21 12:48 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-10 08:52 - 2011-08-11 17:58 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-09 23:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-08 21:06 - 2013-08-08 21:06 - 00000000 ____D C:\Users\gskainth\AppData\Local\{AA39F34C-6F13-47FD-AE3F-071C5B8745A7}
2013-08-08 06:29 - 2013-08-08 06:27 - 00000000 ____D C:\Users\gskainth\AppData\Local\{3C2F7639-C843-4034-9793-32431ADABB51}
2013-08-07 22:13 - 2013-08-07 22:13 - 00012116 _____ C:\Users\gskainth\Desktop\employees.htm
2013-08-07 20:58 - 2013-08-07 20:58 - 00000000 ____D C:\Users\gskainth\AppData\Local\{6A67CCC3-A3C0-44AD-B8A2-D4BFE3FF6ED2}
2013-08-07 07:54 - 2013-07-29 21:10 - 00000000 ____D C:\Users\gskainth\Desktop\New folder
2013-08-06 22:41 - 2011-08-16 18:49 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Mozilla
2013-08-06 22:25 - 2013-07-07 19:49 - 00000000 ____D C:\Program Files (x86)\DRoster
2013-08-05 09:08 - 2009-07-14 00:08 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-04 17:18 - 2013-08-04 17:16 - 00000000 ____D C:\Users\gskainth\Desktop\schedules
2013-08-03 23:23 - 2013-08-03 23:21 - 01248931 _____ C:\Users\gskainth\Desktop\WinnipegAll.xlsx
2013-08-03 00:40 - 2013-07-06 09:46 - 00000000 ____D C:\ProgramData\firebird
2013-08-03 00:02 - 2013-08-03 00:02 - 00688992 ____R (Swearware) C:\Users\gskainth\Desktop\dds.com
2013-08-03 00:01 - 2013-08-03 00:01 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Malwarebytes
2013-08-03 00:00 - 2013-08-03 00:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-03 00:00 - 2013-08-03 00:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-02 13:13 - 2013-08-02 13:11 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\Sierra Wireless
2013-08-02 13:12 - 2013-08-02 13:12 - 00002178 _____ C:\Users\Public\Desktop\Rogers Connection Manager.lnk
2013-08-02 13:12 - 2013-08-02 13:12 - 00000000 ____D C:\Program Files (x86)\Rogers
2013-08-02 13:12 - 2013-08-02 13:11 - 00000000 ____D C:\Program Files (x86)\Sierra Wireless Inc
2013-08-02 13:11 - 2013-08-02 13:11 - 00000000 ____D C:\ProgramData\Sierra Wireless
2013-07-29 22:15 - 2013-07-29 22:15 - 00000000 ____D C:\Users\gskainth\AppData\Roaming\DownLite
2013-07-29 22:13 - 2013-07-29 22:13 - 00001852 _____ C:\Users\Public\Desktop\Vuze.lnk
2013-07-29 22:13 - 2013-07-29 22:13 - 00000000 ____D C:\Users\gskainth\.swt
2013-07-29 22:13 - 2013-07-29 22:12 - 00000000 ____D C:\Program Files (x86)\Vuze
2013-07-29 21:49 - 2013-07-29 21:49 - 00002956 _____ C:\Windows\System32\Tasks\{54BE7F6F-C6DB-43B5-9612-7310C4B132EE}
2013-07-29 21:49 - 2013-07-29 21:49 - 00002956 _____ C:\Windows\System32\Tasks\{40B03322-4137-4492-AB63-403BDBE67148}
2013-07-28 23:08 - 2013-07-28 23:08 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-28 23:08 - 2013-07-28 23:08 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-28 20:23 - 2013-07-28 18:56 - 07557120 _____ C:\Users\gskainth\Documents\Call Center.ssf
2013-07-28 18:56 - 2013-07-28 18:56 - 00000000 ____D C:\ProgramData\Business Management Systems
2013-07-28 01:09 - 2013-07-28 01:09 - 00000000 ____D C:\Users\gskainth\AppData\Local\Business_Management_Syste
2013-07-26 00:13 - 2013-08-14 20:27 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 00:13 - 2013-08-14 20:27 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 00:13 - 2013-08-14 20:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 00:12 - 2013-08-14 20:27 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 00:12 - 2013-08-14 20:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 22:35 - 2013-08-14 20:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 22:13 - 2013-08-14 20:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 22:13 - 2013-08-14 20:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 22:12 - 2013-08-14 20:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 22:11 - 2013-08-14 20:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 22:11 - 2013-08-14 20:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 21:49 - 2013-08-14 20:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 21:39 - 2013-08-14 20:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 20:59 - 2013-08-14 20:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 04:25 - 2013-08-14 19:00 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 03:57 - 2013-08-14 19:00 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-21 23:35 - 2013-07-21 23:34 - 00000000 ____D C:\Users\gskainth\AppData\Local\Deployment
2013-07-21 23:34 - 2013-07-21 23:34 - 00000000 ____D C:\Users\gskainth\AppData\Local\Apps\2.0
2013-07-21 21:22 - 2013-07-21 21:22 - 00000000 ____D C:\Users\gskainth\AppData\Local\{83C37563-7F13-4BDF-B64F-16E55EDEB4A1}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 22:41

==================== End Of Log ============================

 

[Broni]

Looks good

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[randyhawk]

ComboFix 13-08-19.02 - gskainth 19/08/2013 21:39:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8044.5771 [GMT -5:00]
Running from: c:\users\gskainth\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\gskainth\Documents\~WRL4086.tmp
c:\users\Public\Documents\NTILiveUpdateV9.dll
c:\users\Public\Documents\NTIMMV9Acer.dll
c:\windows\PFRO.log
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-07-20 to 2013-08-20 )))))))))))))))))))))))))))))))
.
.
2013-08-20 02:45 . 2013-08-20 02:45--------d-----w-c:\users\Guest\AppData\Local\temp
2013-08-20 02:45 . 2013-08-20 02:45--------d-----w-c:\users\Default\AppData\Local\temp
2013-08-18 03:11 . 2013-08-18 03:11--------d-----w-C:\FRST
2013-08-16 23:13 . 2013-07-15 08:349460976----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{D66DE19F-E4E0-4694-89A4-DE4F4C55E3F7}\mpengine.dll
2013-08-15 04:20 . 2013-08-15 04:2036680----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2013-08-15 01:21 . 2013-08-15 01:22--------d-----w-c:\windows\system32\MRT
2013-08-14 23:59 . 2013-07-09 05:033913664----a-w-c:\windows\SysWow64\ntoskrnl.exe
2013-08-14 23:59 . 2013-07-09 06:035550528----a-w-c:\windows\system32\ntoskrnl.exe
2013-08-14 23:59 . 2013-07-09 05:541732032----a-w-c:\windows\system32\ntdll.dll
2013-08-14 23:59 . 2013-07-09 05:53243712----a-w-c:\windows\system32\wow64.dll
2013-08-14 23:59 . 2013-07-09 05:033968960----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2013-08-14 23:59 . 2013-07-09 04:531292192----a-w-c:\windows\SysWow64\ntdll.dll
2013-08-14 23:59 . 2013-07-09 02:4914336----a-w-c:\windows\SysWow64\ntvdm64.dll
2013-08-14 23:59 . 2013-07-09 04:525120----a-w-c:\windows\SysWow64\wow32.dll
2013-08-14 23:59 . 2013-07-09 02:4925600----a-w-c:\windows\SysWow64\setup16.exe
2013-08-14 23:59 . 2013-07-09 02:497680----a-w-c:\windows\SysWow64\instnm.exe
2013-08-14 23:59 . 2013-07-09 02:492048----a-w-c:\windows\SysWow64\user.exe
2013-08-14 23:59 . 2013-07-06 06:031910208----a-w-c:\windows\system32\drivers\tcpip.sys
2013-08-14 23:59 . 2013-06-15 04:3239936----a-w-c:\windows\system32\drivers\tssecsrv.sys
2013-08-12 01:05 . 2013-08-12 01:05--------d-----w-c:\program files (x86)\MSECache
2013-08-11 06:38 . 2013-08-11 06:38--------d-----w-c:\program files (x86)\Microsoft ActiveSync
2013-08-10 17:48 . 2013-08-10 20:28--------d-----w-c:\program files (x86)\VS Revo Group
2013-08-10 17:19 . 2013-08-10 17:19--------d-----w-c:\users\gskainth\AppData\Roaming\Optimizer Pro
2013-08-10 17:11 . 2013-08-10 17:11--------d-----w-c:\program files\WinRAR
2013-08-10 14:02 . 2013-08-10 14:05--------d-----w-c:\program files (x86)\TornTV.com
2013-08-10 13:55 . 2013-08-10 13:55--------d-----w-c:\users\gskainth\AppData\Roaming\Oracle
2013-08-10 13:53 . 2013-08-10 13:53--------d-----w-c:\program files (x86)\Common Files\Java
2013-08-10 13:52 . 2013-08-10 13:5296168----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-10 13:52 . 2013-08-10 13:52--------d-----w-c:\program files (x86)\Java
2013-08-03 05:01 . 2013-08-03 05:01--------d-----w-c:\users\gskainth\AppData\Roaming\Malwarebytes
2013-08-03 05:00 . 2013-08-03 05:00--------d-----w-c:\programdata\Malwarebytes
2013-08-03 05:00 . 2013-08-03 05:00--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-03 05:00 . 2013-04-04 19:5025928----a-w-c:\windows\system32\drivers\mbam.sys
2013-08-03 05:00 . 2013-08-03 05:00--------d-----w-c:\users\gskainth\AppData\Local\Programs
2013-08-03 04:40 . 2013-08-10 17:13--------d-----w-c:\program files (x86)\Conduit
2013-08-02 18:12 . 2013-08-02 18:12--------d-----w-c:\program files (x86)\Rogers
2013-08-02 18:11 . 2011-05-16 18:44109312----a-w-c:\windows\system32\drivers\swiwdmbx64.sys
2013-08-02 18:11 . 2011-05-13 20:54258432----a-w-c:\windows\system32\drivers\swg3kser00.sys
2013-08-02 18:11 . 2011-05-28 18:45297472----a-w-c:\windows\system32\drivers\swnc8ua3.sys
2013-08-02 18:11 . 2013-08-02 18:13--------d-----w-c:\users\gskainth\AppData\Roaming\Sierra Wireless
2013-08-02 18:11 . 2013-08-02 18:12--------d-----w-c:\program files (x86)\Sierra Wireless Inc
2013-08-02 18:11 . 2013-08-02 18:11--------d-----w-c:\programdata\Sierra Wireless
2013-07-30 03:15 . 2013-07-30 03:15--------d-----w-c:\users\gskainth\AppData\Roaming\DownLite
2013-07-30 03:13 . 2013-07-30 03:13--------d-----w-c:\users\gskainth\.swt
2013-07-30 03:13 . 2013-08-11 07:00--------d-----w-c:\users\gskainth\AppData\Roaming\Azureus
2013-07-30 03:12 . 2013-07-30 03:13--------d-----w-c:\program files (x86)\Vuze
2013-07-29 04:08 . 2013-08-11 06:25--------d-----w-c:\program files (x86)\Google
2013-07-28 23:56 . 2013-07-28 23:56--------d-----w-c:\programdata\Business Management Systems
2013-07-28 06:09 . 2013-07-28 06:09--------d-----w-c:\users\gskainth\AppData\Local\Business_Management_Syste
2013-07-22 04:35 . 2013-08-11 06:25--------d-----w-c:\users\gskainth\AppData\Local\Google
2013-07-22 04:34 . 2013-07-22 04:34--------d-----w-c:\users\gskainth\AppData\Local\Apps
2013-07-22 04:34 . 2013-07-22 04:35--------d-----w-c:\users\gskainth\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 01:21 . 2011-08-30 23:0478161360----a-w-c:\windows\system32\MRT.exe
2013-08-10 13:52 . 2013-04-21 17:48867240----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-08-10 13:52 . 2011-08-11 22:58789416----a-w-c:\windows\SysWow64\deployJava1.dll
2013-07-12 03:07 . 2013-05-27 23:1871048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 03:07 . 2013-04-21 20:06692104----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-09 04:45 . 2013-08-14 23:5944032----a-w-c:\windows\apppatch\acwow64.dll
2013-07-01 15:55 . 2013-05-29 21:5883672----a-w-c:\windows\system32\drivers\avnetflt.sys
2013-06-05 03:34 . 2013-07-11 01:403153920----a-w-c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 01:40624128----a-w-c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 01:40509440----a-w-c:\windows\SysWow64\qedit.dll
2013-05-27 22:43 . 2013-05-27 22:4528600----a-w-c:\windows\system32\drivers\avkmgr.sys
2013-05-27 22:43 . 2013-05-27 22:45130016----a-w-c:\windows\system32\drivers\avipbb.sys
2013-05-27 22:43 . 2013-05-27 22:45100712----a-w-c:\windows\system32\drivers\avgntflt.sys
2013-05-27 22:21 . 2013-05-27 22:211054720----a-w-c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-27 22:21 . 2013-05-27 22:2197280----a-w-c:\windows\system32\mshtmled.dll
2013-05-27 22:21 . 2013-05-27 22:2192160----a-w-c:\windows\system32\SetIEInstalledDate.exe
2013-05-27 22:21 . 2013-05-27 22:21905728----a-w-c:\windows\system32\mshtmlmedia.dll
2013-05-27 22:21 . 2013-05-27 22:2181408----a-w-c:\windows\system32\icardie.dll
2013-05-27 22:21 . 2013-05-27 22:2177312----a-w-c:\windows\system32\tdc.ocx
2013-05-27 22:21 . 2013-05-27 22:21762368----a-w-c:\windows\system32\ieapfltr.dll
2013-05-27 22:21 . 2013-05-27 22:2173728----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-27 22:21 . 2013-05-27 22:21719360----a-w-c:\windows\SysWow64\mshtmlmedia.dll
2013-05-27 22:21 . 2013-05-27 22:2162976----a-w-c:\windows\system32\pngfilt.dll
2013-05-27 22:21 . 2013-05-27 22:2161952----a-w-c:\windows\SysWow64\tdc.ocx
2013-05-27 22:21 . 2013-05-27 22:21599552----a-w-c:\windows\system32\vbscript.dll
2013-05-27 22:21 . 2013-05-27 22:21523264----a-w-c:\windows\SysWow64\vbscript.dll
2013-05-27 22:21 . 2013-05-27 22:2152224----a-w-c:\windows\system32\msfeedsbs.dll
2013-05-27 22:21 . 2013-05-27 22:2151200----a-w-c:\windows\system32\imgutil.dll
2013-05-27 22:21 . 2013-05-27 22:2148640----a-w-c:\windows\SysWow64\mshtmler.dll
2013-05-27 22:21 . 2013-05-27 22:2148640----a-w-c:\windows\system32\mshtmler.dll
2013-05-27 22:21 . 2013-05-27 22:21452096----a-w-c:\windows\system32\dxtmsft.dll
2013-05-27 22:21 . 2013-05-27 22:21441856----a-w-c:\windows\system32\html.iec
2013-05-27 22:21 . 2013-05-27 22:2138400----a-w-c:\windows\SysWow64\imgutil.dll
2013-05-27 22:21 . 2013-05-27 22:21361984----a-w-c:\windows\SysWow64\html.iec
2013-05-27 22:21 . 2013-05-27 22:21281600----a-w-c:\windows\system32\dxtrans.dll
2013-05-27 22:21 . 2013-05-27 22:2127648----a-w-c:\windows\system32\licmgr10.dll
2013-05-27 22:21 . 2013-05-27 22:21270848----a-w-c:\windows\system32\iedkcs32.dll
2013-05-27 22:21 . 2013-05-27 22:21247296----a-w-c:\windows\system32\webcheck.dll
2013-05-27 22:21 . 2013-05-27 22:21235008----a-w-c:\windows\system32\url.dll
2013-05-27 22:21 . 2013-05-27 22:2123040----a-w-c:\windows\SysWow64\licmgr10.dll
2013-05-27 22:21 . 2013-05-27 22:21226304----a-w-c:\windows\system32\elshyph.dll
2013-05-27 22:21 . 2013-05-27 22:21216064----a-w-c:\windows\system32\msls31.dll
2013-05-27 22:21 . 2013-05-27 22:21197120----a-w-c:\windows\system32\msrating.dll
2013-05-27 22:21 . 2013-05-27 22:21185344----a-w-c:\windows\SysWow64\elshyph.dll
2013-05-27 22:21 . 2013-05-27 22:21173568----a-w-c:\windows\system32\ieUnatt.exe
2013-05-27 22:21 . 2013-05-27 22:21167424----a-w-c:\windows\system32\iexpress.exe
2013-05-27 22:21 . 2013-05-27 22:21158720----a-w-c:\windows\SysWow64\msls31.dll
2013-05-27 22:21 . 2013-05-27 22:211509376----a-w-c:\windows\system32\inetcpl.cpl
2013-05-27 22:21 . 2013-05-27 22:21150528----a-w-c:\windows\SysWow64\iexpress.exe
2013-05-27 22:21 . 2013-05-27 22:21149504----a-w-c:\windows\system32\occache.dll
2013-05-27 22:21 . 2013-05-27 22:21144896----a-w-c:\windows\system32\wextract.exe
2013-05-27 22:21 . 2013-05-27 22:211441280----a-w-c:\windows\SysWow64\inetcpl.cpl
2013-05-27 22:21 . 2013-05-27 22:211400416----a-w-c:\windows\system32\ieapfltr.dat
2013-05-27 22:21 . 2013-05-27 22:21138752----a-w-c:\windows\SysWow64\wextract.exe
2013-05-27 22:21 . 2013-05-27 22:2113824----a-w-c:\windows\system32\mshta.exe
2013-05-27 22:21 . 2013-05-27 22:21137216----a-w-c:\windows\SysWow64\ieUnatt.exe
2013-05-27 22:21 . 2013-05-27 22:21136192----a-w-c:\windows\system32\iepeers.dll
2013-05-27 22:21 . 2013-05-27 22:21135680----a-w-c:\windows\system32\IEAdvpack.dll
2013-05-27 22:21 . 2013-05-27 22:2112800----a-w-c:\windows\SysWow64\mshta.exe
2013-05-27 22:21 . 2013-05-27 22:2112800----a-w-c:\windows\system32\msfeedssync.exe
2013-05-27 22:21 . 2013-05-27 22:21110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2013-05-27 22:21 . 2013-05-27 22:21102912----a-w-c:\windows\system32\inseng.dll
2013-05-27 22:20 . 2013-05-27 22:209728---ha-w-c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:205632---ha-w-c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:204096---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:204096---ha-w-c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:203072---ha-w-c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:203072---ha-w-c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:209728---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:20648192----a-w-c:\windows\system32\d3d10level9.dll
2013-05-27 22:20 . 2013-05-27 22:20604160----a-w-c:\windows\SysWow64\d3d10level9.dll
2013-05-27 22:20 . 2013-05-27 22:205632---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:205632---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:205632---ha-w-c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:20522752----a-w-c:\windows\system32\XpsGdiConverter.dll
2013-05-27 22:20 . 2013-05-27 22:20465920----a-w-c:\windows\system32\WMPhoto.dll
2013-05-27 22:20 . 2013-05-27 22:20417792----a-w-c:\windows\SysWow64\WMPhoto.dll
2013-05-27 22:20 . 2013-05-27 22:203928064----a-w-c:\windows\system32\d2d1.dll
2013-05-27 22:20 . 2013-05-27 22:20364544----a-w-c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-27 22:20 . 2013-05-27 22:20363008----a-w-c:\windows\system32\dxgi.dll
2013-05-27 22:20 . 2013-05-27 22:203584---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:203584---ha-w-c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:203419136----a-w-c:\windows\SysWow64\d2d1.dll
2013-05-27 22:20 . 2013-05-27 22:20333312----a-w-c:\windows\system32\d3d10_1core.dll
2013-05-27 22:20 . 2013-05-27 22:203072---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:203072---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:20296960----a-w-c:\windows\system32\d3d10core.dll
2013-05-27 22:20 . 2013-05-27 22:20293376----a-w-c:\windows\SysWow64\dxgi.dll
2013-05-27 22:20 . 2013-05-27 22:202776576----a-w-c:\windows\system32\msmpeg2vdec.dll
2013-05-27 22:20 . 2013-05-27 22:202565120----a-w-c:\windows\system32\d3d10warp.dll
2013-05-27 22:20 . 2013-05-27 22:202560---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:202560---ha-w-c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-27 22:20 . 2013-05-27 22:20249856----a-w-c:\windows\SysWow64\d3d10_1core.dll
2013-05-27 22:20 . 2013-05-27 22:20245248----a-w-c:\windows\system32\WindowsCodecsExt.dll
2013-05-27 22:20 . 2013-05-27 22:202284544----a-w-c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-27 22:20 . 2013-05-27 22:20221184----a-w-c:\windows\system32\UIAnimation.dll
2013-05-27 22:20 . 2013-05-27 22:20220160----a-w-c:\windows\SysWow64\d3d10core.dll
2013-05-27 22:20 . 2013-05-27 22:20207872----a-w-c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-27 22:20 . 2013-05-27 22:201988096----a-w-c:\windows\SysWow64\d3d10warp.dll
2013-05-27 22:20 . 2013-05-27 22:20194560----a-w-c:\windows\system32\d3d10_1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\users\gskainth\AppData\Local\The Weather Network\WeatherEye.exe" [2012-08-30 310920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2011-11-03 329072]
"WatcherHelper"="c:\program files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe" [2011-08-04 140656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys;c:\windows\SYSNATIVE\DRIVERS\swg3kser00.sys [x]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx64.sys;c:\windows\SYSNATIVE\DRIVERS\swiwdmbx64.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8ua3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IERA;Sierra Wireless Error Reporting Agent;c:\program files (x86)\Sierra Wireless Inc\IERA\IERA64.exe;c:\program files (x86)\Sierra Wireless Inc\IERA\IERA64.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 12:131173456----a-w-c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-27 03:07]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29 04:08]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29 04:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:23444752----a-w-c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=CA&userid=bc954267-2a17-17f7-44c5-68d23a6330e7&searchtype=ds&q={searchTerms}&installDate=10/08/2013
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 64.59.176.13 64.59.177.226
TCP: Interfaces\{00645C10-F0C3-4CAF-AC11-185A15DFB214}: NameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{95EA9B33-E0E9-4C40-9C3E-BBF6200B7F8B}: NameServer = 64.71.255.198 64.71.255.253
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RegClean Pro_is1 - c:\program files (x86)\RegClean Pro\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-19 21:47:45
ComboFix-quarantined-files.txt 2013-08-20 02:47
.
Pre-Run: 668,133,990,400 bytes free
Post-Run: 669,431,959,552 bytes free
.
- - End Of File - - 2EF5E3F0FCCD61F24A0245EEC5E672D2

 

[Broni]

Looks good.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[randyhawk]

Its better, but I use chrome and when I start chrome there are 2 extra tabs these are
http://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN62689657425179121&UM=2
and
http://search.snapdo.com/?st=hp&q=

 

[Broni]

Go ahead with my last reply.
It should fix the issue.

 

[randyhawk]

# AdwCleaner v2.306 - Logfile created 08/19/2013 at 22:55:26
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : gskainth - DUFFYSTAXI-PC
# Boot Mode : Normal
# Running from : C:\Users\gskainth\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Users\gskainth\AppData\Local\PackageAware
Folder Deleted : C:\Users\gskainth\AppData\Local\SanctionedMedia
Folder Deleted : C:\Users\gskainth\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\gskainth\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\gskainth\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\gskainth\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\gskainth\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\gskainth\AppData\Roaming\iWin
Folder Deleted : C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Users\gskainth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\gskainth\AppData\Roaming\optimizer pro

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SanctionedMedia
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291326
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299872
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\gskainth\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2570] : homepage = "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=CA&userid=a61b348d-26ad-4[...]
Deleted [l.3534] : urls_to_restore_on_startup = [ "hxxp://www.google.ca/?gws_rd=cr", "hxxp://www.youtube.com/?re[...]

*************************

AdwCleaner[R1].txt - [6998 octets] - [19/08/2013 22:54:51]
AdwCleaner[S1].txt - [6630 octets] - [19/08/2013 22:55:26]

########## EOF - C:\AdwCleaner[S1].txt - [6690 octets] ##########

 

[randyhawk]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Home Premium x64
Ran by gskainth on 19/08/2013 at 23:04:49.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho637E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho66B6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCB49.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD2A7.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE01E.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\gskainth\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\gskainth\appdata\local\software"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{00C7FC3D-DE0F-4F25-8EC7-CD486662742A}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{0F5CBC96-DFF4-4083-B10F-27278BCC7700}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{18FC8031-B09A-44D9-A6D3-A0658F6488C8}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{1A8B878B-26F5-498D-9A5B-947F451AAC84}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{2432EC14-B8F0-455B-936D-4C16DF99F534}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{39CE5EBD-E173-4AC0-960F-988E80D1AE34}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{3C2F7639-C843-4034-9793-32431ADABB51}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{5962BFAD-FCD9-47E8-AFEB-242E219C45D8}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{6429F909-A669-4509-8D2E-E4BEE595D933}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{662DEC51-4A9B-4C38-847C-93A94749AF96}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{6A67CCC3-A3C0-44AD-B8A2-D4BFE3FF6ED2}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{723B47EE-FC14-40BF-8174-61A217293143}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{7A05ECF9-7C7C-4F50-A0F5-80A3C2ED18EF}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{7A719ADD-E7A7-407C-A25A-C90A805F77DC}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{83C37563-7F13-4BDF-B64F-16E55EDEB4A1}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{86099CEE-A734-4119-AC7B-2F6E31089AF5}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{92B58BBC-FC44-4186-8388-DDA935555E4B}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{96F06B3D-8E8F-426A-B159-067484827207}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{A9C6AF58-B9B0-4B52-A5C2-9E180BBCE1FB}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{A9F35F71-B6F4-4503-8973-0CF01D899FBA}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{AA39F34C-6F13-47FD-AE3F-071C5B8745A7}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{B17BCEF7-30F0-47C4-9936-02B0A27D7496}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{C6083DB7-371D-4C3B-BCEC-39DF5DEB12ED}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{C81489C1-5B47-4116-B411-01DC5C12DC82}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{CD39820C-5CA3-438E-9FC5-CC1BDFB6CDEC}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{D48CBC16-415F-4143-B964-CC58EEFB1B8F}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{DCEC4B2D-264C-4AE1-95DB-48363FFF7F12}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{EC045448-6B9B-4CAD-9C9B-598C1D3A9944}
Successfully deleted: [Empty Folder] C:\Users\gskainth\appdata\local\{F8E3B9C9-B070-43B0-9842-4277D642F9C4}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/08/2013 at 23:10:39.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~