PDA

View Full Version : Malware Removal Issues



Wooly12
2014-01-28, 04:37
Hello,

First off, many apologies if I missed any of the preliminary steps with regards to producing the required logs however this is where my problems begin.

So, I have the Amontize.installpath malware infecting my machine, I've read all the requirements that you fine folks need in order to help me but unfortunately I'm running on Windows 8.1 and can't get the DDS program to run on my machine. Error message states that the program "can't run in Compatibility Mode and the program will now exit."

I was able to run ERUNT and back up the registry.

So, not sure how I should proceed. I've haven't tried to install/run the aswMBR program because I wasn't sure if there was any point if I can't get DDS to run properly. Maybe it's a Windows 8 issue??

Any help you can offer me is greatly appreciated.

Mike

ken545
2014-01-30, 15:47
:snwelcome:

Hello Mike, lets try this program, DDS can be iffy on win 8

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.




Also aswMBR should run so give it a shot

Wooly12
2014-02-01, 03:55
aswMBR log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-30 23:32:03
-----------------------------
23:32:03.453 OS Version: Windows x64 6.2.9200
23:32:03.454 Number of processors: 4 586 0x1001
23:32:03.455 ComputerName: LAPTOP UserName: Wooly
23:32:03.556 Initialze error 1
23:33:49.372 AVAST engine defs: 14013001
23:35:50.040 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000001f
23:35:50.043 Disk 0 Vendor: Hitachi_HTS547575A9E384 JE4OA60A Size: 715404MB BusType: 11
23:35:50.080 Disk 0 MBR read successfully
23:35:50.083 Disk 0 MBR scan
23:35:50.087 Disk 0 unknown MBR code
23:35:50.091 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1
23:35:50.096 Disk 0 scanning C:\WINDOWS\system32\drivers
23:35:50.100 Service scanning
23:35:50.620 Modules scanning
23:35:50.624 Disk 0 trace - called modules:
23:35:50.631 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
23:35:50.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0000193a5e0]
23:35:50.640 3 CLASSPNP.SYS[fffff80000846abb] -> nt!IofCallDriver -> [0xffffe000018e5040]
23:35:50.646 5 amd_xata.sys[fffff80000775634] -> nt!IofCallDriver -> \Device\0000001f[0xffffe000018e9060]
23:35:50.653 AVAST engine scan C:\WINDOWS
23:35:50.658 AVAST engine scan C:\WINDOWS\system32
23:35:50.664 AVAST engine scan C:\WINDOWS\system32\drivers
23:35:50.669 AVAST engine scan C:\Users\Wooly
23:35:50.675 AVAST engine scan C:\ProgramData
23:35:50.680 Scan finished successfully
23:39:20.410 Disk 0 MBR has been saved successfully to "C:\Users\Wooly\Desktop\MBR.dat"
23:39:20.415 The log file has been saved successfully to "C:\Users\Wooly\Desktop\aswMBR.txt"

Wooly12
2014-02-01, 04:06
Hi Ken,

Thanks for your time!

I should also mention that I have scanned with both Malwarebytes & spybot and "fixed' the malware issues with both programs. Malwarebytes no longer detects it but Spybot does. (my version of malwarebytes was a free trial version and has since expired.

I ran the OTL scan last night with the intention of posting the logs immediately but I got distracted, so I decided to turn my computer off of the night and run another scan in the morning. I also realized that I didn't check a couple of the options in OTL you suggested in the first scan. So I ran another scan and only the OTL.txt appeared on my desktop, not the Extras.txt. I scoured my computer trying to located the OTL folder so I could get the Extras.txt but had no luck. Is there something else I can try to re-produce the Extras.txt?

I will provide the OTL log in the next post!

Wooly12
2014-02-01, 04:07
OTL logfile created on: 2014-01-30 11:19:46 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wooly\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.45 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 77.70% Memory free
8.63 Gb Paging File | 6.80 Gb Available in Paging File | 78.72% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 249.11 Gb Total Space | 170.95 Gb Free Space | 68.62% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 268.33 Gb Free Space | 67.39% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Wooly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Wooly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV - (vToolbarUpdater17.3.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)


========== Driver Services (SafeList) ==========

DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgwfpa) -- C:\Windows\SysNative\drivers\avgwfpa.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys (ASUS)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgboota) -- C:\Windows\SysNative\drivers\avgboota.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (APXACC) -- C:\Windows\SysNative\drivers\appexDrv.sys (AppEx Networks Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F6C55799-F4EB-4CF5-A4BC-5B6627E1808F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2542621044-4009298089-582752254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKU\S-1-5-21-2542621044-4009298089-582752254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2542621044-4009298089-582752254-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKU\S-1-5-21-2542621044-4009298089-582752254-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2542621044-4009298089-582752254-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2542621044-4009298089-582752254-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files (x86)\BetterSurf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com: C:\Program Files (x86)\Better-Surf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-06 00:39:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha196.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha196\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta21.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff [2014-01-10 00:42:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

File not found (No name found) -- C:\PROGRAM FILES (X86)\BETTERSURF\BETTERSURFPLUS\FF
[2014-01-10 00:42:03 | 000,000,000 | ---D | M] (Video Player) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA21\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA196\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.ca/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: File Converter = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk\1.0.0.0_0\
CHR - Extension: From Dust = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj\0.0.0.23_0\
CHR - Extension: Google Docs = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Guitarist's Reference = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk\1_0\
CHR - Extension: Google Search = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Math Invaders = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfndgfelifpjlkcpbnjgegkbajimhmce\1.1_0\
CHR - Extension: AdBlock = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: Billabong Surf Theme = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjghdbnnficankmjeocglncagiippoc\1.0_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Little Alchemy = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: Google Maps = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: AVG SafeGuard = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.1.91_0\
CHR - Extension: LogMeIn = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1029_0\
CHR - Extension: Google Wallet = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: WiseStamp - Email Signatures for GMail\u2026 = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.31.0_0\
CHR - Extension: Gmail = C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-08-22 05:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ASUS Browser Extension x64) - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
O2 - BHO: (Better-Surf) - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll File not found
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll File not found
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll File not found
O3 - HKU\S-1-5-21-2542621044-4009298089-582752254-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-21-2542621044-4009298089-582752254-1001..\Run: [GoogleChromeAutoLaunch_649693071B51195AB0C95A7DDF61749B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-2542621044-4009298089-582752254-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Wooly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEB7F5B2-B64E-4BB2-BC5F-E9B5F7218A9D}: DhcpNameServer = 100.100.4.213
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF098801-453F-4EC3-83FA-7B89764CDC48}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-01-30 20:27:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wooly\Desktop\OTL.exe
[2014-01-27 18:21:57 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Wooly\Desktop\dds.scr
[2014-01-27 18:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2014-01-27 18:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014-01-27 18:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014-01-27 18:16:09 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Wooly\Desktop\erunt-setup.exe
[2014-01-24 11:39:20 | 000,000,000 | ---D | C] -- C:\Users\Wooly\Desktop\receipts
[2014-01-18 19:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2014-01-18 19:08:36 | 000,000,000 | R--D | C] -- C:\Users\Wooly\SkyDrive
[2014-01-18 19:05:03 | 000,000,000 | ---D | C] -- C:\Users\Wooly\AppData\Roaming\Identities
[2014-01-18 18:35:16 | 000,000,000 | --SD | C] -- C:\Users\Wooly\AppData\Roaming\Microsoft
[2014-01-18 18:35:16 | 000,000,000 | R--D | C] -- C:\Users\Wooly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014-01-18 18:35:16 | 000,000,000 | R--D | C] -- C:\Users\Wooly\Favorites
[2014-01-18 18:35:16 | 000,000,000 | R--D | C] -- C:\Users\Wooly\Documents
[2014-01-18 18:35:16 | 000,000,000 | R--D | C] -- C:\Users\Wooly\Desktop
[2014-01-18 18:35:16 | 000,000,000 | R--D | C] -- C:\Users\Wooly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014-01-18 18:35:16 | 000,000,000 | R--D | C] -- C:\Users\Wooly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\AppData\Local\Temporary Internet Files
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Templates
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Start Menu
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\SendTo
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Recent
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\PrintHood
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\NetHood
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Documents\My Videos
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Documents\My Pictures
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Documents\My Music
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\My Documents
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Local Settings
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\AppData\Local\History
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Cookies
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\Application Data
[2014-01-18 18:35:16 | 000,000,000 | -HSD | C] -- C:\Users\Wooly\AppData\Local\Application Data
[2014-01-18 18:35:16 | 000,000,000 | -H-D | C] -- C:\Users\Wooly\AppData
[2014-01-18 18:35:16 | 000,000,000 | ---D | C] -- C:\Users\Wooly\AppData\Local\Temp
[2014-01-18 18:35:16 | 000,000,000 | ---D | C] -- C:\Users\Wooly\AppData\Local\Microsoft
[2014-01-18 18:35:16 | 000,000,000 | ---D | C] -- C:\Users\Wooly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014-01-18 18:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2014-01-18 18:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014-01-18 18:28:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2014-01-18 18:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014-01-18 18:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014-01-18 18:28:03 | 000,000,000 | ---D | C] -- C:\AMD
[2014-01-18 18:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014-01-18 18:27:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014-01-18 18:25:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014-01-18 18:25:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014-01-18 18:23:38 | 000,075,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2014-01-18 18:23:25 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll
[2014-01-18 18:23:21 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2014-01-18 18:23:21 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2014-01-18 18:23:14 | 003,395,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2014-01-18 18:23:14 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014-01-18 18:23:14 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014-01-18 18:23:14 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-01-18 18:23:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll
[2014-01-18 18:23:14 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-01-18 18:23:14 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll
[2014-01-18 18:23:14 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe
[2014-01-18 18:23:04 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2014-01-18 18:23:04 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2014-01-18 18:22:59 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014-01-18 18:22:59 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2014-01-18 18:22:59 | 000,240,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2014-01-18 18:22:29 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014-01-18 18:22:29 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014-01-18 18:22:29 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014-01-18 18:22:29 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014-01-18 18:22:29 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014-01-18 18:22:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014-01-18 18:21:51 | 004,105,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014-01-18 18:21:51 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014-01-18 18:21:25 | 013,177,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014-01-18 18:21:25 | 011,674,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014-01-18 18:21:25 | 007,399,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014-01-18 18:21:25 | 002,896,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2014-01-18 18:21:25 | 002,570,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2014-01-18 18:21:25 | 002,266,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2014-01-18 18:21:25 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014-01-18 18:21:25 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014-01-18 18:21:25 | 001,843,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2014-01-18 18:21:25 | 001,816,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2014-01-18 18:21:25 | 001,765,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014-01-18 18:21:25 | 001,765,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2014-01-18 18:21:25 | 001,756,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2014-01-18 18:21:25 | 001,642,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2014-01-18 18:21:25 | 001,506,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2014-01-18 18:21:25 | 001,476,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2014-01-18 18:21:25 | 001,391,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2014-01-18 18:21:25 | 001,345,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2014-01-18 18:21:25 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014-01-18 18:21:25 | 000,922,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014-01-18 18:21:25 | 000,747,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2014-01-18 18:21:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2014-01-18 18:21:25 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2014-01-18 18:21:25 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2014-01-18 18:21:25 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2014-01-18 18:21:25 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2014-01-18 18:21:25 | 000,516,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014-01-18 18:21:25 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2014-01-18 18:21:25 | 000,382,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014-01-18 18:21:25 | 000,372,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2014-01-18 18:21:25 | 000,358,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2014-01-18 18:21:25 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2014-01-18 18:21:25 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2014-01-18 18:21:25 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2014-01-18 18:21:25 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2014-01-18 18:21:25 | 000,146,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2014-01-18 18:21:25 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014-01-18 18:21:25 | 000,086,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2014-01-18 18:21:25 | 000,039,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2014-01-18 18:21:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2014-01-18 18:21:25 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2014-01-18 18:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014-01-18 18:18:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014-01-18 18:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014-01-18 18:18:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014-01-18 18:17:23 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2014-01-18 18:17:22 | 000,778,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
[2014-01-18 18:17:22 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014-01-18 18:17:20 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014-01-18 18:17:20 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2014-01-18 18:17:19 | 001,166,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationNative_v0300.dll
[2014-01-13 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\Wooly\AppData\Roaming\Malwarebytes
[2014-01-13 21:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-13 21:58:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014-01-13 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-13 21:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-13 21:57:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Wooly\Desktop\mbam-setup-1.75.0.1300.exe
[2014-01-13 17:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014-01-13 17:33:20 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\SysNative\sdnclean64.exe
[2014-01-13 17:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014-01-13 17:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014-01-13 17:31:23 | 000,000,000 | ---D | C] -- C:\Users\Wooly\AppData\Local\Programs
[2014-01-13 17:31:02 | 040,658,208 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Wooly\Desktop\spybot-2.2.exe
[2014-01-10 00:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3

Wooly12
2014-02-01, 04:08
========== Files - Modified Within 30 Days ==========

[2014-01-30 23:16:20 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-01-30 23:16:20 | 000,735,932 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-01-30 23:16:20 | 000,139,816 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-01-30 23:16:02 | 000,000,423 | ---- | M] () -- C:\Users\Wooly\AppData\Roaming\sp_data.sys
[2014-01-30 23:15:50 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-01-30 23:15:44 | 000,002,299 | ---- | M] () -- C:\Users\Wooly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014-01-30 23:13:14 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-01-30 23:11:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-01-30 23:11:09 | 2101,096,447 | -HS- | M] () -- C:\hiberfil.sys
[2014-01-30 22:11:36 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-30 20:27:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wooly\Desktop\OTL.exe
[2014-01-30 20:27:01 | 000,201,187 | ---- | M] () -- C:\Users\Wooly\Desktop\Malware instructions.png
[2014-01-27 18:21:58 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Wooly\Desktop\dds.scr
[2014-01-27 18:17:09 | 000,001,116 | ---- | M] () -- C:\Users\Wooly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014-01-27 18:16:57 | 000,000,936 | ---- | M] () -- C:\Users\Wooly\Desktop\NTREGOPT.lnk
[2014-01-27 18:16:57 | 000,000,917 | ---- | M] () -- C:\Users\Wooly\Desktop\ERUNT.lnk
[2014-01-27 18:16:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Wooly\Desktop\erunt-setup.exe
[2014-01-24 11:49:06 | 000,335,784 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014-01-18 19:10:58 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-01-18 18:50:13 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014-01-18 18:50:13 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014-01-18 18:49:52 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014-01-18 18:23:38 | 000,075,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imagehlp.dll
[2014-01-18 18:23:25 | 000,787,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll
[2014-01-18 18:23:21 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll
[2014-01-18 18:23:21 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll
[2014-01-18 18:23:14 | 003,395,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll
[2014-01-18 18:23:14 | 000,848,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014-01-18 18:23:14 | 000,695,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014-01-18 18:23:14 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-01-18 18:23:14 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll
[2014-01-18 18:23:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-01-18 18:23:14 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll
[2014-01-18 18:23:14 | 000,138,240 | ---- | M] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014-01-18 18:23:14 | 000,103,936 | ---- | M] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014-01-18 18:23:14 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe
[2014-01-18 18:23:04 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scrrun.dll
[2014-01-18 18:23:04 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scrrun.dll
[2014-01-18 18:22:59 | 000,615,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014-01-18 18:22:59 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2014-01-18 18:22:59 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2014-01-18 18:22:29 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014-01-18 18:22:29 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014-01-18 18:22:29 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014-01-18 18:22:29 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014-01-18 18:22:29 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014-01-18 18:22:29 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014-01-18 18:21:51 | 004,105,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014-01-18 18:21:51 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014-01-18 18:21:25 | 013,177,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014-01-18 18:21:25 | 011,674,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014-01-18 18:21:25 | 007,399,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2014-01-18 18:21:25 | 002,896,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2014-01-18 18:21:25 | 002,570,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2014-01-18 18:21:25 | 002,266,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2014-01-18 18:21:25 | 002,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014-01-18 18:21:25 | 002,140,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2014-01-18 18:21:25 | 001,843,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Display.dll
[2014-01-18 18:21:25 | 001,816,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Display.dll
[2014-01-18 18:21:25 | 001,765,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2014-01-18 18:21:25 | 001,765,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2014-01-18 18:21:25 | 001,756,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2014-01-18 18:21:25 | 001,642,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2014-01-18 18:21:25 | 001,506,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2014-01-18 18:21:25 | 001,476,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2014-01-18 18:21:25 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2014-01-18 18:21:25 | 001,345,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2014-01-18 18:21:25 | 001,302,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2014-01-18 18:21:25 | 000,922,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll
[2014-01-18 18:21:25 | 000,747,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcli.dll
[2014-01-18 18:21:25 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2014-01-18 18:21:25 | 000,637,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2014-01-18 18:21:25 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2014-01-18 18:21:25 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2014-01-18 18:21:25 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2014-01-18 18:21:25 | 000,516,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014-01-18 18:21:25 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2014-01-18 18:21:25 | 000,382,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2014-01-18 18:21:25 | 000,372,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2014-01-18 18:21:25 | 000,358,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcomp.dll
[2014-01-18 18:21:25 | 000,325,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2014-01-18 18:21:25 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2014-01-18 18:21:25 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dcomp.dll
[2014-01-18 18:21:25 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2014-01-18 18:21:25 | 000,146,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\SerCx2.sys
[2014-01-18 18:21:25 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014-01-18 18:21:25 | 000,086,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2014-01-18 18:21:25 | 000,039,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\intelpep.sys
[2014-01-18 18:21:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredentialMigrationHandler.dll
[2014-01-18 18:21:25 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredentialMigrationHandler.dll
[2014-01-15 19:46:15 | 000,121,281 | ---- | M] () -- C:\Users\Wooly\Desktop\JanetteBundic.pdf
[2014-01-14 21:10:18 | 000,001,592 | ---- | M] () -- C:\Users\Wooly\Desktop\mbam - Shortcut.lnk
[2014-01-13 21:58:16 | 000,001,133 | ---- | M] () -- C:\Users\Wooly\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014-01-13 21:57:08 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Wooly\Desktop\mbam-setup-1.75.0.1300.exe
[2014-01-13 21:07:24 | 000,001,126 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014-01-13 17:33:24 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014-01-13 17:31:11 | 040,658,208 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Wooly\Desktop\spybot-2.2.exe
[2014-01-10 00:42:50 | 000,000,233 | ---- | M] () -- C:\extensions.ini
[2014-01-06 14:31:05 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014-01-06 14:31:05 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014-01-05 19:06:58 | 000,000,706 | ---- | M] () -- C:\Users\Wooly\Desktop\Movies & TV - Shortcut.lnk

========== Files Created - No Company Name ==========

[2014-01-30 20:27:01 | 000,201,187 | ---- | C] () -- C:\Users\Wooly\Desktop\Malware instructions.png
[2014-01-27 18:17:09 | 000,001,116 | ---- | C] () -- C:\Users\Wooly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014-01-27 18:16:57 | 000,000,936 | ---- | C] () -- C:\Users\Wooly\Desktop\NTREGOPT.lnk
[2014-01-27 18:16:57 | 000,000,917 | ---- | C] () -- C:\Users\Wooly\Desktop\ERUNT.lnk
[2014-01-18 19:10:58 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-01-18 19:05:13 | 000,001,442 | ---- | C] () -- C:\Users\Wooly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014-01-18 18:49:52 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014-01-18 18:39:43 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014-01-18 18:35:16 | 000,000,352 | ---- | C] () -- C:\Users\Wooly\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014-01-18 18:35:16 | 000,000,334 | ---- | C] () -- C:\Users\Wooly\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014-01-18 18:35:04 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014-01-18 18:35:04 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014-01-18 18:23:14 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014-01-18 18:23:14 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014-01-15 19:46:15 | 000,121,281 | ---- | C] () -- C:\Users\Wooly\Desktop\JanetteBundic.pdf
[2014-01-14 21:10:18 | 000,001,592 | ---- | C] () -- C:\Users\Wooly\Desktop\mbam - Shortcut.lnk
[2014-01-13 21:58:16 | 000,001,133 | ---- | C] () -- C:\Users\Wooly\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014-01-13 21:07:24 | 000,001,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014-01-13 17:33:24 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014-01-13 17:33:24 | 000,001,379 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014-01-05 19:06:58 | 000,000,706 | ---- | C] () -- C:\Users\Wooly\Desktop\Movies & TV - Shortcut.lnk
[2013-12-13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013-12-13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013-12-13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013-12-13 10:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013-12-13 10:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013-12-13 10:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013-10-19 17:31:58 | 000,000,017 | ---- | C] () -- C:\Users\Wooly\AppData\Local\resmon.resmoncfg
[2013-10-17 13:52:19 | 000,698,249 | ---- | C] () -- C:\Users\Wooly\AppData\Local\soulseek-client.dat.1382046739016
[2013-08-22 07:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 07:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 06:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-21 23:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 19:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 15:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 15:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013-08-14 16:40:08 | 000,003,003 | ---- | C] () -- C:\Program Files (x86)\WebCakeLayers.crx
[2013-07-18 16:18:42 | 000,698,249 | ---- | C] () -- C:\Users\Wooly\AppData\Local\soulseek-client.dat.1374193122525
[2013-07-17 23:10:18 | 000,693,658 | ---- | C] () -- C:\Users\Wooly\AppData\Local\soulseek-client.dat.1374131418653
[2013-05-28 16:43:00 | 000,000,423 | ---- | C] () -- C:\Users\Wooly\AppData\Roaming\sp_data.sys
[2012-09-21 10:09:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-08-04 17:42:20 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012-08-04 17:42:20 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012-07-25 12:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012-07-25 12:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012-05-10 15:35:16 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-11-13 23:38:19 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-11-13 23:38:19 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 01:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 18:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 01:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014-01-18 18:39:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2014-01-18 18:39:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-05-31 09:34:42 | 000,000,000 | ---D | M] -- C:\Users\Wooly\AppData\Roaming\.BitTornado
[2013-07-22 21:04:15 | 000,000,000 | ---D | M] -- C:\Users\Wooly\AppData\Roaming\ASUS
[2013-05-28 16:43:15 | 000,000,000 | ---D | M] -- C:\Users\Wooly\AppData\Roaming\ASUS WebStorage
[2013-11-25 17:58:39 | 000,000,000 | ---D | M] -- C:\Users\Wooly\AppData\Roaming\AVG
[2013-10-19 14:29:40 | 000,000,000 | ---D | M] -- C:\Users\Wooly\AppData\Roaming\AVG2014
[2014-01-30 20:33:43 | 000,000,000 | ---D | M] -- C:\Users\Wooly\AppData\Roaming\FileZilla
[2013-10-19 14:28:56 | 000,000,000 | ---D | M] -- C:\Users\Wooly\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Wooly\SkyDrive:ms-properties

< End of report >

ken545
2014-02-01, 12:13
Good Morning,

You only get the extras log on the first run of OTL and unless you saved it its most likely gone

soulseek <--- You need to uninstall this if you can, any form of P2P (File Sharing) is very dangerous, your downloading that file from and unknown source and not all but most contain malware of one sort or another, it's like playing Russian Roulette Malwarewise . There usually designed to circumvent your firewall and any security programs you have installed letting the bad guys in. I would never allow any form of file sharing on any of my systems

Your still infected with BETTERSURF , Adblock may be preventing the adds but its still there and needs to go


I just want to see this report first

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Wooly12
2014-02-03, 03:57
Ok, soulseek is gone, thanks for the heads-up on that.

I knew bettersurf was an issue and appreciate your help with it.

There aren't any programs in the AdwCleaner log that I need to keep. I only recognize the AVG Secure Search & Security Toolbar. All the others are suspicious.

Thanks again.



# AdwCleaner v3.018 - Report created 02/02/2014 at 17:09:34
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Wooly - LAPTOP
# Running from : C:\Users\Wooly\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Searchprotect
Folder Found C:\Users\Wooly\AppData\Local\SwvUpdater
Folder Found C:\Users\Wooly\AppData\LocalLow\Conduit
Folder Found C:\Users\Wooly\AppData\LocalLow\PriceGong

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Wooly\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5330 octets] - [02/02/2014 17:09:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5390 octets] ##########

ken545
2014-02-03, 05:02
You can keep AVG if you wish, its a add on when you install AVG antivirus

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.




http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Wooly12
2014-02-04, 07:00
Here ya go.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8.1 x64
Ran by Wooly on 2014-02-03 at 20:45:49.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Wooly\appdata\local\cre"



~~~ Chrome

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-02-03 at 20:51:24.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken545
2014-02-04, 13:02
Good Morning,

Lets fix these with OTL. When you add this script into OTL, make sure you get it all , it has to start with :OTL and end with [reboot] or the fix wont work. Post the log from the fix and then run a new scan with OTL and post the new log as well



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files (x86)\BetterSurf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com: C:\Program Files (x86)\Better-Surf\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha196.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha196\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta21.net: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff [2014-01-10 00:42:03 | 000,000,000 | ---D | M]
File not found (No name found) -- C:\PROGRAM FILES (X86)\BETTERSURF\BETTERSURFPLUS\FF
[2014-01-10 00:42:03 | 000,000,000 | ---D | M] (Video Player) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA21\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA196\FF
O2 - BHO: (Better-Surf) - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll File not found
[2014-01-10 00:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3
[2013-07-18 16:18:42 | 000,698,249 | ---- | C] () -- C:\Users\Wooly\AppData\Local\soulseek-client.dat.1374193122525
[2013-07-17 23:10:18 | 000,693,658 | ---- | C] () -- C:\Users\Wooly\AppData\Local\soulseek-client.dat.1374131418653


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

Wooly12
2014-02-05, 07:07
Here ya go Ken.

Thanks again for all your help.

Fix Scan:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com deleted successfully.
File C:\Program Files (x86)\BetterSurf\ff not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com deleted successfully.
File C:\Program Files (x86)\Better-Surf\ff not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha196.net deleted successfully.
File C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha196\ff not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta21.net deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff\chrome\content\icons\default folder moved successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff\chrome\content\icons folder moved successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff\chrome\content folder moved successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff\chrome folder moved successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ff folder moved successfully.
Folder C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA21\FF\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}\ deleted successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ie folder moved successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21\ch folder moved successfully.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta21 folder moved successfully.
C:\Program Files (x86)\VideoPlayerV3 folder moved successfully.
C:\Users\Wooly\AppData\Local\soulseek-client.dat.1374193122525 moved successfully.
C:\Users\Wooly\AppData\Local\soulseek-client.dat.1374131418653 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Wooly\Desktop\cmd.bat deleted successfully.
C:\Users\Wooly\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: Public

User: Wooly

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Public

User: Wooly
->Temp folder emptied: 118692431 bytes
->Temporary Internet Files folder emptied: 414368164 bytes
->Google Chrome cache emptied: 344184291 bytes
->Flash cache emptied: 1271 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9539366 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 846.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02042014_203234

Files\Folders moved on Reboot...
C:\Users\Wooly\AppData\Local\Microsoft\Windows\INetCache\IE\APZDYVY7\free2paid-upgrade-campaign14[1].htm moved successfully.
C:\Users\Wooly\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File\Folder C:\WINDOWS\temp\32.0.1700.107_32.0.1700.102_chrome_updater.exe5137f24 not found!
C:\WINDOWS\temp\chrome_installer.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545
2014-02-05, 13:03
First run Malwarebytes and make sure to remove all that it finds, then run a new scan with OTL and post the log please

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Wooly12
2014-02-07, 07:34
Malwarebytes did not detect anything. I used Malwarebytes to try and resolve this issues a few weeks ago. (I can provide logs if you'd like) It removed some of the issues but not all. I was getting clean scans with malwarebytes but the problems consisted. Spybot was able to detect the problem though and that is what brought me here to the forums.

Anyway, again, this scan didn't show anything but I'm not convinced my system is trouble free.

Thanks again for your help Ken.


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.07.02

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Wooly :: LAPTOP [administrator]

2014-02-06 9:17:19 PM
mbam-log-2014-02-06 (21-17-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210708
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ken545
2014-02-07, 12:44
Good Morning,

Run a scan with Spybot and if it detects Amontize.installpath post the log so I can see where it is.

When you say you dont think your trouble free, whats going on to make you think that ? You did have some garbage we removed like Bettersurf and conduit that can be a nuisance, lets see what Spybot finds and we can run other scanners and tools if need be.

Wooly12
2014-02-10, 03:06
Hey Ken,

I guess I was being a bit over dramatic with my "still having issues" comment. The problem I was referring to was the Amontize.installpath but it seems to be taken care of. I ran spybot, cleaned the issues and ran another scan. The log for the last scan is below.

Search results from Spybot - Search & Destroy

2014-02-09 4:52:51 PM
Scan took 00:30:04.
2 items found.


Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent


--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2014-01-13 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-02-05 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-01-09 Includes\Malware-005.sbi (*)
2014-01-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-01-14 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-02-05 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-02-05 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

ken545
2014-02-10, 05:39
Great,

Any other issues ?

ken545
2014-02-12, 13:03
Good Morning,

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Wooly12
2014-02-13, 09:24
Nope, there doesn't seem to be an other issues.

Thanks again for all your help Ken, I really appreciate it.

ken545
2014-02-13, 13:34
Your welcome Mike,

Take care,

Ken :)