Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by User (administrator) on LAU_NEW on 28-03-2014 08:42:46
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
() C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-27] (AVAST Software)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/in-en.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYANwAwAEQAVgAtAFgAUgA0AEEANwAtADIANgBRAEMAUgAtAFcAMwBaADcAMwAtAEIAVwA0ADYAUgA"&"inst=NwA3AC0ANAAyADUANgAwADEANAAyADEALQBCAC0AQgBBAFIAOQBPACsAMQAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADQAKwAxAC0ARABEAFQAKwA2ADMAMQAxADYALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEUATgArADEALQBUAEIATgArADEALQBGAFUASQArADIALQBMADkAMABNAEoAKwAxAC0ARgA5ADAATQAxADIASgBUACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxAC0AVgBJAFAAMQAyACsAMQA"&"prod=90"&"ver=9.0.894
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1417001333-1801674531-839522115-1003\...\Run: [Media Finder] - "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll => C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
SearchScopes: HKCU - DefaultScope {0404E843-1A56-4EA5-8A83-B550A4CB2BDF} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
SearchScopes: HKCU - {0404E843-1A56-4EA5-8A83-B550A4CB2BDF} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=117380&tt=4912_7&babsrc=SP_ss&mntrId=70fa80a50000000000004061860ac8e8
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=DAT&o=15240&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FD&apn_dtid=YYYYYYYYMY&apn_uid=1A1C7D67-2E3D-4EB0-AA38-4A9691DACECA&apn_sauid=D79BF0FB-A5C2-4B9B-BC36-7FDE020B5E7B
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Big%20City%20Adventure%20-%20Sydney,%20Australia/Images/stg_drm.ocx
DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6}
http://192.168.1.5/IEPlugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://windowsupdate.microsoft.com/w...?1395910919765
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9}
http://192.168.1.5/vcredist_x86.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Dream%20Day%20Honeymoon/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default
FF NewTab:
www.google.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://isearch.babylon.com/?affID=117380&tt=4912_7&babsrc=HP_ss&mntrId=70fa80a50000000000004061860ac8e8
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom-1.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\sweetim.xml
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2012-12-12]
FF Extension: GamePlayLabs Plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\plugin2@gameplaylabs.com [2011-03-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-10-28]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-12-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\5.bin
FF Extension: My Web Search - C:\Program Files\MyWebSearch\bar\5.bin [2011-11-02]
FF HKLM\...\Firefox\Extensions: [{A6629839-6636-4998-95D6-2B0F52141861}] - C:\Program Files\Expresso\Firefox
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-18]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-25]
Chrome:
=======
CHR HomePage:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (GamePlayLabs Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX® Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (WOT) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-03-27]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-30]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-30]
CHR Extension: (AdBlock) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-30]
CHR HKLM\...\Chrome\Extension: [dhdmjeclekijlogbipdlifcmgoanoemm] - C:\Program Files\Expresso\source.crx [2011-12-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-09-27]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\User\Application Data\Media Finder\Extensions\mf_plugin_gc.crx [2010-09-27]
CHR HKLM\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Program Files\Browser Plugin\gplplugin.crx [2010-09-27]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-27] (AVAST Software)
R2 BitGuard; C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S4 MyWebSearchService; C:\Program Files\MyWebSearch\bar\5.bin\MWSSVC.EXE [34320 2011-11-02] (MyWebSearch.com)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-27] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-27] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-03-27] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-03-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-03-27] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-27] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-03-27] ()
S3 CSDriver; C:\WINDOWS\system32\drivers\CSDriver.sys [40623 2002-05-24] (Beijing Chinese Star Cyber Technology Limited)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 08:42 - 2014-03-28 08:43 - 00028579 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-28 08:42 - 2014-03-28 08:42 - 00000000 ____D () C:\FRST
2014-03-28 08:41 - 2014-03-28 08:40 - 01145856 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-28 08:34 - 2014-03-28 08:37 - 00243398 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2014-03-28 08:33 - 2014-03-28 08:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\User\Desktop\rkill.exe
2014-03-28 08:17 - 2014-03-28 08:43 - 00000280 _____ () C:\WINDOWS\Tasks\BitGuard.job
2014-03-27 17:21 - 2014-03-27 17:22 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DropboxMaster
2014-03-27 17:21 - 2014-03-27 17:21 - 00000000 ____D () C:\Program Files\Dropbox
2014-03-27 17:21 - 2014-03-27 17:21 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2014-03-27 17:20 - 2014-03-27 17:22 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Dropbox
2014-03-27 17:09 - 2014-03-27 17:20 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Desktop\DropboxInstallerAvast.exe
2014-03-27 17:06 - 2014-03-27 17:06 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-27 16:42 - 2014-03-27 16:42 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Oracle
2014-03-27 16:40 - 2014-03-27 16:40 - 00005724 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-03-27 16:40 - 2014-03-27 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-27 16:40 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-27 16:40 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-27 16:40 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-27 16:40 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-27 15:51 - 2014-03-28 08:18 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-27 15:50 - 2014-03-05 09:26 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-27 15:50 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-27 12:31 - 2014-02-20 13:05 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.scr
2014-03-27 12:30 - 2014-03-27 12:30 - 00000596 _____ () C:\Documents and Settings\User\Desktop\ERUNT.lnk
2014-03-27 12:30 - 2014-02-20 13:00 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\User\Desktop\erunt-setup.exe
2014-03-27 11:59 - 2014-03-27 17:03 - 00000000 ____D () C:\Documents and Settings\User\Desktop\27032014 Virus Removal Process
2014-03-06 09:03 - 2014-03-06 09:03 - 00000000 ____D () C:\WINDOWS\system32\searchplugins
2014-03-06 09:03 - 2014-03-06 09:03 - 00000000 ____D () C:\WINDOWS\system32\Extensions
==================== One Month Modified Files and Folders =======
2014-03-28 08:43 - 2014-03-28 08:42 - 00028579 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-28 08:43 - 2014-03-28 08:17 - 00000280 _____ () C:\WINDOWS\Tasks\BitGuard.job
2014-03-28 08:42 - 2014-03-28 08:42 - 00000000 ____D () C:\FRST
2014-03-28 08:40 - 2014-03-28 08:41 - 01145856 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-28 08:37 - 2014-03-28 08:34 - 00243398 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2014-03-28 08:33 - 2009-12-05 20:42 - 01741970 ____H () C:\WINDOWS\WindowsUpdate.log
2014-03-28 08:27 - 2014-03-28 08:33 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\User\Desktop\rkill.exe
2014-03-28 08:23 - 2014-02-18 14:52 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-28 08:18 - 2014-03-27 15:51 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 08:18 - 2014-02-20 11:48 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-28 08:18 - 2013-11-25 10:32 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1417001333-1801674531-839522115-1003.job
2014-03-28 08:18 - 2013-11-25 10:32 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1417001333-1801674531-839522115-1003.job
2014-03-28 08:18 - 2012-11-20 12:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-1801674531-839522115-1003.job
2014-03-28 08:18 - 2009-12-06 04:33 - 00000049 ____H () C:\WINDOWS\wiaservc.log
2014-03-28 08:18 - 2006-02-28 20:00 - 00013646 ____H () C:\WINDOWS\system32\wpa.dbl
2014-03-28 08:17 - 2013-11-25 10:29 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 08:17 - 2010-01-21 17:53 - 00000236 ____H () C:\WINDOWS\Tasks\OGALogon.job
2014-03-28 08:17 - 2009-12-05 20:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-27 18:02 - 2014-02-20 11:48 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-27 18:02 - 2009-12-05 20:50 - 00032622 ____H () C:\WINDOWS\SchedLgU.Txt
2014-03-27 18:02 - 2009-12-05 20:50 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-03-27 18:01 - 2011-04-23 10:27 - 00000232 ____H () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-03-27 17:50 - 2013-11-25 10:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 17:22 - 2014-03-27 17:21 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DropboxMaster
2014-03-27 17:22 - 2014-03-27 17:20 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Dropbox
2014-03-27 17:21 - 2014-03-27 17:21 - 00000000 ____D () C:\Program Files\Dropbox
2014-03-27 17:21 - 2014-03-27 17:21 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2014-03-27 17:20 - 2014-03-27 17:09 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Desktop\DropboxInstallerAvast.exe
2014-03-27 17:07 - 2014-02-18 14:53 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-03-27 17:06 - 2014-03-27 17:06 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-27 17:06 - 2014-02-18 14:28 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-03-27 17:06 - 2014-02-18 14:28 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-03-27 17:03 - 2014-03-27 11:59 - 00000000 ____D () C:\Documents and Settings\User\Desktop\27032014 Virus Removal Process
2014-03-27 17:03 - 2009-12-05 21:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 17:02 - 2013-10-24 08:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-27 17:02 - 2011-08-22 17:36 - 00000000 ____D () C:\Program Files\Yahoo!
2014-03-27 17:02 - 2009-12-06 04:30 - 01132046 ____H () C:\WINDOWS\setupapi.log
2014-03-27 16:45 - 2009-12-05 21:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-27 16:42 - 2014-03-27 16:42 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Oracle
2014-03-27 16:40 - 2014-03-27 16:40 - 00005724 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-03-27 16:40 - 2014-03-27 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-27 16:40 - 2009-12-05 21:13 - 00000000 ____D () C:\Program Files\Java
2014-03-27 16:38 - 2011-08-22 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-03-27 16:37 - 2011-08-22 17:42 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Yahoo!
2014-03-27 16:18 - 2010-02-10 17:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971468$
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-27 15:24 - 2014-02-20 16:46 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-27 13:20 - 2013-12-16 16:58 - 00000438 ____H () C:\WINDOWS\Tasks\Norton Security Scan for User.job
2014-03-27 13:17 - 2013-12-16 16:58 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-03-27 12:30 - 2014-03-27 12:30 - 00000596 _____ () C:\Documents and Settings\User\Desktop\ERUNT.lnk
2014-03-27 12:30 - 2014-02-21 08:21 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-03-27 12:30 - 2014-02-20 13:01 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-27 12:30 - 2014-02-20 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-03-27 08:55 - 2009-12-17 15:33 - 00055371 ____H () C:\WINDOWS\system32\VFP8Rerr.log
2014-03-24 10:26 - 2010-03-04 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-1801674531-839522115-1003.job
2014-03-17 08:53 - 2013-11-25 10:29 - 00001817 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-06 09:03 - 2014-03-06 09:03 - 00000000 ____D () C:\WINDOWS\system32\searchplugins
2014-03-06 09:03 - 2014-03-06 09:03 - 00000000 ____D () C:\WINDOWS\system32\Extensions
2014-03-05 09:26 - 2014-03-27 15:50 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-27 15:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-01 12:30 - 2014-02-20 11:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-01 12:30 - 2009-12-06 04:29 - 00000245 ___SH () C:\boot.ini
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphep6em.dll
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================