Inactive browser keeps redirecting to unwanted sites

[Inactive] browser keeps redirecting to unwanted sites

Hi I am having trouble with my computer, Win 7, mainly the internet browser, I am with Talktalk.net but when I type in a search I do not get what I have asked for, I either get a survey site, a shopping comparison site or a business site.
I have ran malware bytes, log returns with no malicious files: but the computer will not allow me right click and copy the log, when I right click on a file the screen goes clear of all icons for a few seconds . I have tried to run dds tool several times now and it just hangs for around 1/2 hour so I can not complete the first 2 requirements that you asked for in the "read before you post " section.
could you please advice me on a way forward

 

Help

1. I can run malware bytes , the program finds nothing malicious, a log pops up but it will not allow me to copy it, I have tried finding the log file under the two suggested area's but a log file section does not exist in my drop down searches. I have uninstalled and re-installed the program but with the same results
2. The DDS scan does not ever complete its scan ,it gets to around 75% and the program stops responding, I have also tried uninstalling and reinstalling but the result is the same.

3. I read your advice and have downloaded avast, I did a root key scan at boot up, this ran for 14 hours and found lots of potential threats, mainly compression bombs, I chose option 2 to delete all although msg stating it did not have access to certain win files.

4. I have checked windows fire wall and this too seems to be corrupted, it is not on and then when I select to switch protection on I get an error file msg

Unfortunately these are the first steps you require to continue, is there anything else I can try, it has taken me around ten attempts to get to this site without being redirected[/B]

 

Finally got malware and DDS to run. results:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.30.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Wayne :: WAYNE-PC [administrator]

01/07/2013 07:18:43
mbam-log-2013-07-01 (07-18-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254580
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/03/2011 02:45:04
System Uptime: 02/07/2013 07:48:52 (2 hours ago)
.
Motherboard: ASRock | | G41C-S
Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz | CPUSocket | 2991/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 47.761 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP222: 16/06/2013 21:12:25 - C
RP224: 16/06/2013 21:58:01 - Malwarebytes Anti-Rootkit Restore Point
RP225: 27/06/2013 21:51:59 - Restore Operation
RP226: 28/06/2013 16:48:19 - avast! Free Antivirus Setup
RP227: 28/06/2013 18:09:02 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.6
Any Video Converter 2.7.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock InstantBoot v1.23
Auslogics Duplicate File Finder
Autorota Professional 2.13 (eval)
avast! Free Antivirus
AVG 2013
Battlefield Heroes
Battlefield Play4Free
BitTorrent
Bonjour
calibre
Company of Heroes
Compatibility Pack for the 2007 Office system
CyberLink PhotoDirector 3
Deus Ex Human Revolution
Download Navigator
Dropbox
Epson E-Web Print
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
EPSON SX130 Series Printer Uninstall
F.E.A.R. 2: Project Origin
Fallout 3
Football Manager 2012
Football Manager 2012 Editor
Football Manager 2013
Gears of War
Google Chrome
Google Earth
Google Update Helper
iBackuper 3.4.1
iCloud
iTunes
Java Auto Updater
Java(TM) 6 Update 33
Java(TM) 7 Update 5
JavaFX 2.1.1
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Location Finder
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenOffice.org 3.3
PDF Settings CS5
PictureMover
Platform
PunkBuster Services
QuickTime
Ravaged
Realtek Ethernet Controller Driver
Safari
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Singularity
SopCast 3.3.2
Source SDK Base 2007
Spotify
Spybot - Search & Destroy
SpywareBlaster 5.0
Steam
swMSM
System Requirements Lab
Tomb Raider: Legend
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
User's Guide EPSON SX130 Series
VIA Platform Device Manager
VLC media player 2.0.2
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live ID Sign-in Assistant
WinRAR 4.01 (32-bit)
Wolfenstein - Enemy Territory
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
28/06/2013 23:15:48, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2013 18:38:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
28/06/2013 18:38:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
28/06/2013 18:38:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
28/06/2013 18:38:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
28/06/2013 18:38:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
28/06/2013 18:38:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
28/06/2013 18:38:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2013 18:38:02, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
28/06/2013 18:11:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
27/06/2013 21:56:00, Error: Service Control Manager [7000] - The BrowserDefendert service failed to start due to the following error: The system cannot find the path specified.
27/06/2013 20:14:15, Error: Service Control Manager [7034] - The BrowserDefendert service terminated unexpectedly. It has done this 1 time(s).
27/06/2013 15:29:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
27/06/2013 15:29:55, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/07/2013 07:51:39, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
02/07/2013 07:51:39, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
02/07/2013 07:50:03, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x8004a025'. Restart your computer, and then restart the WMPNetworkSvc service.
02/07/2013 07:50:01, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
02/07/2013 07:49:37, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
02/07/2013 07:49:37, Error: Service Control Manager [7000] - The WebCake Desktop Updater service failed to start due to the following error: The system cannot find the file specified.
02/07/2013 07:49:30, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
02/07/2013 07:49:24, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
02/07/2013 07:49:05, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
01/07/2013 20:47:14, Error: Service Control Manager [7034] - The WebCake Desktop Updater service terminated unexpectedly. It has done this 1 time(s).
01/07/2013 20:46:26, Error: Service Control Manager [7034] - The PremierOpinion service terminated unexpectedly. It has done this 1 time(s).
01/07/2013 20:46:19, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611
Run by Wayne at 7:51:55 on 2013-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3519.2468 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Users\Wayne\AppData\Roaming\WebCake\WebCakeDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://talktalk.net/
uProxyServer = :0
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - c:\program files\epson software\e-web print\ewps_tb.dll
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - c:\program files\epson software\e-web print\ewps_tb.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - c:\program files\epson software\e-web print\ewps_tb.dll
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe "
uRun: [EPSON SX130 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihje.exe /fu "c:\users\wayne\appdata\local\temp\E_S9903.tmp" /EF "HKCU "
uRun: [AdobeBridge] <no file>
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe "
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe "
StartupFolder: c:\users\wayne\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{61BB5B76-AC84-44F8-8017-0D708A4772AE} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - <Clsid value has no data>
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs=
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-1-1 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-1-1 121856]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-7-1 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-7-1 1033688]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-6-27 681056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-24 187392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-3-24 1108480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PremierOpinion;PremierOpinion;c:\program files\premieropinion\pmservice.exe /service --> c:\program files\premieropinion\pmservice.exe [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-7-1 171928]
S2 WebCake Desktop Updater;WebCake Desktop Updater; "c:\program files\webcake\webcakedesktop.updater.exe" "c:\users\wayne\appdata\roaming\webcake\webcakedesktop.exe" --> c:\program files\webcake\WebCakeDesktop.Updater.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2013-3-14 404192]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-11-12 33792]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-2-1 14848]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-6-27 1326176]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-2-1 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-24 1343400]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\mif5ba~1\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-07-01 18:36:36 -------- d-----w- c:\programdata\Licenses
2013-07-01 18:36:28 -------- d-----w- c:\program files\SpywareBlaster
2013-07-01 07:09:29 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-07-01 07:09:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-01 07:03:58 -------- d-----w- c:\users\wayne\appdata\roaming\WebCake
2013-06-28 15:49:23 41664 ----a-w- c:\windows\avastSS.scr
2013-06-28 15:48:36 -------- d-----w- c:\program files\AVAST Software
2013-06-28 15:48:00 -------- d-----w- c:\programdata\AVAST Software
2013-06-27 18:59:24 -------- d-----w- c:\program files\Panda Security
2013-06-27 18:58:04 -------- d-----w- c:\users\wayne\appdata\roaming\Babylon
2013-06-26 06:58:13 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CARH9H9Q.exe
2013-06-26 06:57:38 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CATBQ3LJ.exe
2013-06-26 06:57:01 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CANPVZKI.exe
2013-06-26 06:56:24 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CAKNDHYD.exe
2013-06-26 06:55:41 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CAWU2T2N.exe
2013-06-26 06:55:05 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CA6ZDLEY.exe
2013-06-26 06:54:22 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CAA9FM7X.exe
2013-06-26 06:53:43 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CAQS6DB5.exe
2013-06-26 06:53:05 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122CATSC1TW.exe
2013-06-21 12:39:08 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[11].exe
2013-06-21 12:38:16 5386 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[10].exe
2013-06-21 12:37:23 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[9].exe
2013-06-21 12:36:28 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[8].exe
2013-06-21 12:35:42 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[7].exe
2013-06-21 12:34:37 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[6].exe
2013-06-21 08:40:39 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\FreeFLVConverterSetup-r107-n-bc[1].exe
2013-06-19 18:09:10 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[5].exe
2013-06-19 18:08:28 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[4].exe
2013-06-19 18:07:38 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[3].exe
2013-06-19 18:06:55 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[2].exe
2013-06-19 18:06:05 8192 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\Flash-PlayerV122[1].exe
2013-06-16 12:59:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-16 12:57:55 -------- d-----w- c:\users\wayne\appdata\local\Programs
2013-06-16 08:44:24 -------- d-----w- c:\program files\x264 Video Codec
2013-06-16 08:01:47 -------- d-----w- c:\windows\system32\searchplugins
2013-06-16 08:01:47 -------- d-----w- c:\windows\system32\Extensions
2013-06-14 08:21:07 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-14 08:21:07 -------- d-----w- c:\program files\iTunes
2013-06-14 08:21:07 -------- d-----w- c:\program files\iPod
2013-06-12 20:25:26 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 20:25:25 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-12 20:22:59 770648 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-06-12 20:22:59 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-12 14:55:36 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 14:55:24 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 14:55:21 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 14:55:20 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 14:55:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 14:55:20 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 14:55:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 14:55:19 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 14:55:17 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 14:55:16 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 14:55:16 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 14:55:15 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-06-12 14:26:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 14:26:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-01 02:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 02:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 9:12:06.86 ===============

 

I will now download and run Farbar recovery

 

FARBAR results:

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-02] (Avanquest Software)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1108480 2009-11-25] (VIA Technologies, Inc.)
U3 mbr; \??\C:\Users\Wayne\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 09:33 - 2013-07-02 09:33 - 01372429 ____A (Farbar) C:\Users\Wayne\Desktop\FRST.exe
2013-07-02 09:33 - 2013-07-02 09:33 - 00000000 ____D C:\FRST
2013-07-02 09:19 - 2013-07-02 09:19 - 00018448 ____A C:\Users\Wayne\Desktop\DDS 2.txt
2013-07-02 09:19 - 2013-07-02 09:19 - 00013331 ____A C:\Users\Wayne\Desktop\Attach DDS.txt
2013-07-02 09:12 - 2013-07-02 09:12 - 00018448 ____A C:\Users\Wayne\Desktop\dds.txt
2013-07-02 09:12 - 2013-07-02 09:12 - 00013331 ____A C:\Users\Wayne\Desktop\attach.txt
2013-07-01 23:46 - 2013-07-01 23:46 - 00000000 ____A C:\Users\Wayne\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih_exe (1).t8uaoxj.partial
2013-07-01 23:44 - 2013-07-01 23:45 - 01035984 ____A (Solid State Networks) C:\Users\Wayne\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih_exe
2013-07-01 19:36 - 2013-07-01 19:39 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-07-01 19:36 - 2013-07-01 19:36 - 00001037 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-01 19:36 - 2013-07-01 19:36 - 00000000 ____D C:\ProgramData\Licenses
2013-07-01 08:09 - 2013-07-01 08:11 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-07-01 08:09 - 2013-07-01 08:09 - 00002119 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-01 08:09 - 2009-01-25 13:14 - 00015224 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean.exe
2013-07-01 08:05 - 2013-07-01 08:07 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\Wayne\Downloads\SpybotSD2.exe
2013-07-01 08:03 - 2013-07-01 08:04 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\WebCake
2013-06-28 16:50 - 2013-06-28 16:50 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-28 16:50 - 2013-05-09 09:58 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-06-28 16:49 - 2013-05-09 09:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-27 21:19 - 2013-06-27 21:19 - 00688992 ____R (Swearware) C:\Users\Wayne\Desktop\dds.com
2013-06-27 21:19 - 2013-06-27 21:19 - 00688992 ____A (Swearware) C:\Users\Wayne\Downloads\dds.com
2013-06-27 19:59 - 2013-06-27 19:59 - 00000000 ____D C:\Program Files\Panda Security
2013-06-27 19:59 - 2013-06-27 19:59 - 00000000 ____A C:\END
2013-06-27 19:58 - 2013-06-27 19:58 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Babylon
2013-06-17 22:11 - 2013-06-17 22:11 - 00000000 ____D C:\Users\Wayne\Documents\ProcAlyzer Dumps
2013-06-16 23:07 - 2013-06-16 23:07 - 00000000 ____A C:\Windows\EEventManager.INI
2013-06-16 21:32 - 2013-06-16 21:32 - 13169742 ____A C:\Users\Wayne\Downloads\mbar-1.06.0.1003.zip
2013-06-16 21:32 - 2013-06-16 21:32 - 00000000 ____D C:\Users\Wayne\Downloads\mbar-1.06.0.1003
2013-06-16 20:17 - 2012-07-21 21:33 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20130616-201713.backup
2013-06-16 14:15 - 2013-06-16 14:15 - 00000632 _RASH C:\Users\Wayne\ntuser.pol
2013-06-16 14:02 - 2013-06-27 15:36 - 00000079 ____A C:\Windows\wininit.ini
2013-06-16 13:59 - 2013-06-17 22:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-16 13:56 - 2013-06-16 13:57 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\Wayne\Downloads\spybot-2.1.exe
2013-06-16 11:17 - 2013-06-16 11:18 - 00004298 ____A C:\Users\Wayne\Downloads\1938756E36107B0A72659C9B4492D9D9B4DBACD8.torrent
2013-06-16 11:08 - 2013-06-16 11:08 - 00016058 ____A C:\Users\Wayne\Downloads\7F80123BB331F32B2287CC0AE3AB7A0884F17D4A.torrent
2013-06-16 11:04 - 2013-06-16 11:04 - 00026483 ____A C:\Users\Wayne\Downloads\287E273A2EE61097FC8BEC657EBD5223881A96AE.torrent
2013-06-16 09:44 - 2013-06-16 09:44 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Mozilla
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\Program Files\iTunes
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\Program Files\iPod
2013-06-12 21:25 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 21:25 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 21:25 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 21:25 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 21:25 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 21:25 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 21:23 - 2013-05-17 02:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:23 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 21:23 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 21:22 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 15:55 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 15:55 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 15:55 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 15:55 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 15:55 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 15:55 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 15:55 - 2013-05-08 06:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 15:55 - 2013-05-06 06:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 15:55 - 2013-05-06 06:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 15:55 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 15:55 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 15:55 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

==================== One Month Modified Files and Folders ========

2013-07-02 09:33 - 2013-07-02 09:33 - 01372429 ____A (Farbar) C:\Users\Wayne\Desktop\FRST.exe
2013-07-02 09:33 - 2013-07-02 09:33 - 00000000 ____D C:\FRST
2013-07-02 09:33 - 2013-02-01 18:59 - 00354476 ____A C:\Windows\setupact.log
2013-07-02 09:26 - 2012-04-17 07:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 09:19 - 2013-07-02 09:19 - 00018448 ____A C:\Users\Wayne\Desktop\DDS 2.txt
2013-07-02 09:19 - 2013-07-02 09:19 - 00013331 ____A C:\Users\Wayne\Desktop\Attach DDS.txt
2013-07-02 09:12 - 2013-07-02 09:12 - 00018448 ____A C:\Users\Wayne\Desktop\dds.txt
2013-07-02 09:12 - 2013-07-02 09:12 - 00013331 ____A C:\Users\Wayne\Desktop\attach.txt
2013-07-02 09:03 - 2011-06-13 16:12 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 08:05 - 2011-03-24 20:49 - 00000000 ____D C:\ProgramData\MFAData
2013-07-02 07:56 - 2009-07-14 05:34 - 00014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 07:56 - 2009-07-14 05:34 - 00014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 07:49 - 2013-02-02 09:34 - 00027516 ____A C:\Windows\PFRO.log
2013-07-02 07:49 - 2011-06-13 16:12 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 07:49 - 2011-03-24 04:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 07:49 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 01:14 - 2013-01-15 12:12 - 00000000 ____D C:\Users\Wayne\Desktop\photos
2013-07-01 23:46 - 2013-07-01 23:46 - 00000000 ____A C:\Users\Wayne\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih_exe (1).t8uaoxj.partial
2013-07-01 23:45 - 2013-07-01 23:44 - 01035984 ____A (Solid State Networks) C:\Users\Wayne\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih_exe
2013-07-01 23:31 - 2011-03-24 04:16 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Adobe
2013-07-01 20:24 - 2011-03-24 22:06 - 00000000 ____D C:\Movies
2013-07-01 19:39 - 2013-07-01 19:36 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-07-01 19:36 - 2013-07-01 19:36 - 00001037 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-01 19:36 - 2013-07-01 19:36 - 00000000 ____D C:\ProgramData\Licenses
2013-07-01 11:57 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-01 08:11 - 2013-07-01 08:09 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-07-01 08:09 - 2013-07-01 08:09 - 00002119 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-01 08:07 - 2013-07-01 08:05 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\Wayne\Downloads\SpybotSD2.exe
2013-07-01 08:04 - 2013-07-01 08:03 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\WebCake
2013-06-28 18:38 - 2013-03-06 12:00 - 00189440 __ASH C:\Users\Wayne\Desktop\Thumbs.db
2013-06-28 16:50 - 2013-06-28 16:50 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-28 16:50 - 2009-07-14 03:04 - 00002577 ____A C:\Windows\System32\config.nt
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-28 08:11 - 2011-03-24 03:49 - 00739744 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 21:51 - 2011-03-24 03:44 - 01493746 ____A C:\Windows\WindowsUpdate.log
2013-06-27 21:19 - 2013-06-27 21:19 - 00688992 ____R (Swearware) C:\Users\Wayne\Desktop\dds.com
2013-06-27 21:19 - 2013-06-27 21:19 - 00688992 ____A (Swearware) C:\Users\Wayne\Downloads\dds.com
2013-06-27 19:59 - 2013-06-27 19:59 - 00000000 ____D C:\Program Files\Panda Security
2013-06-27 19:59 - 2013-06-27 19:59 - 00000000 ____A C:\END
2013-06-27 19:58 - 2013-06-27 19:58 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Babylon
2013-06-27 15:36 - 2013-06-16 14:02 - 00000079 ____A C:\Windows\wininit.ini
2013-06-27 15:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-24 00:33 - 2011-03-24 23:32 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\BitTorrent
2013-06-21 08:06 - 2012-05-29 19:23 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-17 22:11 - 2013-06-17 22:11 - 00000000 ____D C:\Users\Wayne\Documents\ProcAlyzer Dumps
2013-06-17 22:11 - 2013-06-16 13:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-16 23:07 - 2013-06-16 23:07 - 00000000 ____A C:\Windows\EEventManager.INI
2013-06-16 21:32 - 2013-06-16 21:32 - 13169742 ____A C:\Users\Wayne\Downloads\mbar-1.06.0.1003.zip
2013-06-16 21:32 - 2013-06-16 21:32 - 00000000 ____D C:\Users\Wayne\Downloads\mbar-1.06.0.1003
2013-06-16 20:17 - 2009-07-14 03:04 - 00448635 ___RA C:\Windows\System32\Drivers\etc\hosts.20130701-081446.backup
2013-06-16 14:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-16 14:15 - 2013-06-16 14:15 - 00000632 _RASH C:\Users\Wayne\ntuser.pol
2013-06-16 14:15 - 2011-03-24 03:45 - 00000000 ____D C:\users\Wayne
2013-06-16 14:15 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-16 14:05 - 2011-03-24 21:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-16 14:04 - 2012-02-20 15:53 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-16 13:57 - 2013-06-16 13:56 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\Wayne\Downloads\spybot-2.1.exe
2013-06-16 11:18 - 2013-06-16 11:17 - 00004298 ____A C:\Users\Wayne\Downloads\1938756E36107B0A72659C9B4492D9D9B4DBACD8.torrent
2013-06-16 11:08 - 2013-06-16 11:08 - 00016058 ____A C:\Users\Wayne\Downloads\7F80123BB331F32B2287CC0AE3AB7A0884F17D4A.torrent
2013-06-16 11:04 - 2013-06-16 11:04 - 00026483 ____A C:\Users\Wayne\Downloads\287E273A2EE61097FC8BEC657EBD5223881A96AE.torrent
2013-06-16 09:44 - 2013-06-16 09:44 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Mozilla
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\Program Files\iTunes
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\Program Files\iPod
2013-06-14 09:21 - 2012-09-18 17:19 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-14 09:21 - 2011-03-24 10:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-12 21:24 - 2011-03-24 04:07 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:26 - 2012-04-17 07:26 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 15:26 - 2011-05-13 07:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 12:42 - 2013-06-12 21:25 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 12:40 - 2013-06-12 21:25 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 12:40 - 2013-06-12 21:25 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 12:40 - 2013-06-12 21:25 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 12:40 - 2013-06-12 21:25 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 12:13 - 2013-06-12 21:25 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2011-12-21 16:14

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2013
Ran by Wayne at 2013-07-02 09:35:07
Running from C:\Users\Wayne\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Any Video Converter 2.7.0
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASRock InstantBoot v1.23
Auslogics Duplicate File Finder (Version: version 2.3)
Autorota Professional 2.13 (eval)
avast! Free Antivirus (Version: 8.0.1489.0)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 2013.0.2904)
Battlefield Heroes
Battlefield Play4Free
BitTorrent (Version: 7.8.0.29545)
Bonjour (Version: 3.0.0.10)
calibre (Version: 0.9.22)
Company of Heroes
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink PhotoDirector 3 (Version: 3.0.3618)
Deus Ex Human Revolution
Download Navigator (Version: 3.3.0)
Dropbox (HKCU Version: 1.6.16)
Epson Easy Photo Print 2 (Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0009)
Epson E-Web Print (Version: 1.12.0000)
EPSON Scan
EPSON SX130 Series Printer Uninstall
F.E.A.R. 2: Project Origin
Fallout 3 (Version: 1.00.0000)
Football Manager 2012
Football Manager 2012 Editor
Football Manager 2013
Gears of War (Version: 1.00.0000)
Google Chrome (Version: 27.0.1453.116)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
iBackuper 3.4.1 (Version: 3.4.1)
iCloud (Version: 2.1.2.8)
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 6 Update 33 (Version: 6.0.330)
Java(TM) 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog LeapPad Explorer Plugin (Version: 4.2.11.15696)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Location Finder (Version: 2.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
PDF Settings CS5 (Version: 10.0)
PictureMover (Version: 3.4.1.15)
Platform (Version: 1.34)
PunkBuster Services (Version: 0.990)
QuickTime (Version: 7.74.80.86)
Ravaged
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Safari (Version: 5.34.57.2)
Secunia PSI (3.0.0.2004) (Version: 3.0.0.2004)
Singularity
SopCast 3.3.2 (Version: 3.3.2)
Source SDK Base 2007
Spotify (HKCU Version: 0.8.5.1333.g822e0de8)
Spybot - Search & Destroy (Version: 2.1.20)
SpywareBlaster 5.0 (Version: 5.0.0)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab
Tomb Raider: Legend
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
User's Guide EPSON SX130 Series
VIA Platform Device Manager (Version: 1.34)
VLC media player 2.0.2 (Version: 2.0.2)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Wolfenstein - Enemy Territory
WOT for Internet Explorer (Version: 11.11.7.0)

==================== Restore Points =========================

16-06-2013 20:12:25 C
16-06-2013 20:58:01 Malwarebytes Anti-Rootkit Restore Point
27-06-2013 20:51:59 Restore Operation
28-06-2013 15:48:19 avast! Free Antivirus Setup
28-06-2013 17:09:02 avast! Free Antivirus Setup

==================== Hosts content: ==========================
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are more than 1000 lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {06D69014-B7A1-48B2-8B18-8D156DF594E0} - System32\Tasks\AdobeAAMUpdater-1.0-Wayne-PC-Wayne => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {21B6B16E-549E-4B9A-980A-EE44580369C6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {27B10802-263F-44B7-A5D5-7FE3DFB3E3B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {2FD5180B-2089-46C7-951A-07F88073CF52} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {454EE79B-5515-4135-982E-BB1EC72C1526} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {47278851-9137-4679-98EC-442160F485F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-13] (Google Inc.)
Task: {82EC6927-3189-4C94-9614-16A556AEADCE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {8FE31A5A-9B09-45B2-96CC-A979CD5842EB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2689820159-702822217-135784562-1000
Task: {CC7153C4-82BA-4E27-83DD-8A2FE525BF80} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-12-24] (Microsoft Corporation)
Task: {D78338BF-9DEF-4B40-906E-31F85F662467} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-13] (Google Inc.)
Task: {DD9DCB64-2604-4C93-8657-757D7B6F4256} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {DFDF7866-29E4-404E-8F7B-E581450566F5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {E40B10DF-5CF1-49C5-AB2E-24AAE900E204} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2013 09:53:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {74312ab4-57d9-4f25-9c1c-dd24f0af17ad}

Error: (06/27/2013 09:53:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {ddfc9ba0-a60d-4e07-a927-542c1d8a9096}

Error: (06/27/2013 09:53:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {c231968d-933f-476e-bfd5-19cf0377cf1b}

Error: (06/27/2013 09:53:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Error: (06/27/2013 09:53:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Error: (06/27/2013 09:53:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Error: (06/27/2013 09:52:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service BrowserDefendert since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/16/2013 09:12:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6d760887-36b8-430d-b8b3-6a6a6f9b2a47}

Error: (06/16/2013 01:51:49 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/16/2013 09:46:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a4a7
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83b16
Exception code: 0x0000046b
Fault offset: 0x0000812f
Faulting process id: 0xd50
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3


System errors:
=============
Error: (07/02/2013 07:51:39 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/02/2013 07:51:39 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/02/2013 07:50:03 AM) (Source: WMPNetworkSvc) (User: )
Description: A new media server was not initialized because RegisterRunningDevice() encountered error '0x8004a025'. Restart your computer, and then restart the WMPNetworkSvc service.

Error: (07/02/2013 07:50:03 AM) (Source: WMPNetworkSvc) (User: )
Description: A new media server was not initialized because RegisterRunningDevice() encountered error '0x8004a025'. Restart your computer, and then restart the WMPNetworkSvc service.

Error: (07/02/2013 07:50:01 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (07/02/2013 07:49:37 AM) (Source: Service Control Manager) (User: )
Description: The WebCake Desktop Updater service failed to start due to the following error:
%%2

Error: (07/02/2013 07:49:37 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (07/02/2013 07:49:30 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (07/02/2013 07:49:24 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/02/2013 07:49:24 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (06/27/2013 09:53:14 PM) (Source: VSS)(User: )
Description: 0x800706ba, The RPC server is unavailable.


Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {74312ab4-57d9-4f25-9c1c-dd24f0af17ad}

Error: (06/27/2013 09:53:14 PM) (Source: VSS)(User: )
Description: 0x800706ba, The RPC server is unavailable.


Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {ddfc9ba0-a60d-4e07-a927-542c1d8a9096}

Error: (06/27/2013 09:53:14 PM) (Source: VSS)(User: )
Description: 0x800706ba, The RPC server is unavailable.


Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {c231968d-933f-476e-bfd5-19cf0377cf1b}

Error: (06/27/2013 09:53:14 PM) (Source: VSS)(User: )
Description: 0x800706ba, The RPC server is unavailable.

Error: (06/27/2013 09:53:14 PM) (Source: VSS)(User: )
Description: 0x800706ba, The RPC server is unavailable.

Error: (06/27/2013 09:53:14 PM) (Source: VSS)(User: )
Description: 0x800706ba, The RPC server is unavailable.

Error: (06/27/2013 09:52:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service BrowserDefendert since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/16/2013 09:12:24 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6d760887-36b8-430d-b8b3-6a6a6f9b2a47}

Error: (06/16/2013 01:51:49 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Defender since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/16/2013 09:46:41 AM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7601.175144ce7a4a7KERNELBASE.dll6.1.7601.1801550b83b160000046b0000812fd5001ce6a658bbbabe4C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dll4380442c-d661-11e2-9edb-00252270eb38


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3519.09 MB
Available physical RAM: 1946.32 MB
Total Pagefile: 7034.4 MB
Available Pagefile: 5252.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:59.72 GB) NTFS
Drive d: (FM2013) (CDROM) (Total:1.34 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E5924DFA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by Wayne (administrator) on 03-07-2013 08:29:57
Running from C:\Users\Wayne\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PnkBstrB.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Location Finder\LocationFinder.exe
(WebCake LLC) C:\Users\Wayne\AppData\Roaming\WebCake\WebCakeDesktop.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r [1728512 2009-12-04] (VIA)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [121640 2006-11-06] (Microsoft Corporation)
HKCU\...\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE /FU "C:\Users\Wayne\AppData\Local\Temp\E_S9903.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [WebCake Desktop] "C:\Users\Wayne\AppData\Roaming\WebCake\WebCakeDesktop.exe" [47896 2013-06-21] (WebCake LLC)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [x]
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [ 2013-05-04] (Valve Corporation)
HKU\UpdatusUser\...\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE /FU "C:\Users\Wayne\AppData\Local\Temp\E_S9903.tmp" /EF "HKCU" [x] <===== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://talktalk.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=08B400252270EB38&affID=119357&tt=250613_gr2&tsp=4926
BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKCU -WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: linkscanner - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll "
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll "
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome:
=======
CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Web Assistant) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.100_0
CHR Extension: (Delta Toolbar) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (Iminent Toolbar) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\2.0.0.0_0
CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S3 GSService; C:\Windows\system32\GSService.exe [404192 2013-02-14] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2011-07-10] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [189248 2011-07-10] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)
S2 WebCake Desktop Updater; C:\Users\Wayne\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-06-21] (WebCake LLC)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
S2 PremierOpinion; C:\Program Files\PremierOpinion\pmservice.exe /service [x]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-02] (Avanquest Software)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1108480 2009-11-25] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 10:36 - 2013-07-02 10:36 - 00001488 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-07-02 09:35 - 2013-07-02 09:35 - 00020078 ____A C:\Users\Wayne\Desktop\Addition.txt
2013-07-02 09:33 - 2013-07-02 09:33 - 01372429 ____A (Farbar) C:\Users\Wayne\Desktop\FRST.exe
2013-07-02 09:33 - 2013-07-02 09:33 - 00000000 ____D C:\FRST
2013-07-02 09:19 - 2013-07-02 09:19 - 00018448 ____A C:\Users\Wayne\Desktop\DDS 2.txt
2013-07-02 09:19 - 2013-07-02 09:19 - 00013331 ____A C:\Users\Wayne\Desktop\Attach DDS.txt
2013-07-02 09:12 - 2013-07-02 09:12 - 00018448 ____A C:\Users\Wayne\Desktop\dds.txt
2013-07-02 09:12 - 2013-07-02 09:12 - 00013331 ____A C:\Users\Wayne\Desktop\attach.txt
2013-07-01 23:46 - 2013-07-01 23:46 - 00000000 ____A C:\Users\Wayne\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih_exe (1).t8uaoxj.partial
2013-07-01 23:44 - 2013-07-01 23:45 - 01035984 ____A (Solid State Networks) C:\Users\Wayne\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih_exe
2013-07-01 19:36 - 2013-07-01 19:39 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-07-01 19:36 - 2013-07-01 19:36 - 00001037 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-01 19:36 - 2013-07-01 19:36 - 00000000 ____D C:\ProgramData\Licenses
2013-07-01 08:09 - 2013-07-01 08:11 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-07-01 08:09 - 2013-07-01 08:09 - 00002119 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-01 08:09 - 2009-01-25 13:14 - 00015224 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean.exe
2013-07-01 08:05 - 2013-07-01 08:07 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\Wayne\Downloads\SpybotSD2.exe
2013-07-01 08:03 - 2013-07-01 08:04 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\WebCake
2013-06-28 16:50 - 2013-06-28 16:50 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-28 16:50 - 2013-05-09 09:58 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-06-28 16:49 - 2013-05-09 09:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-27 21:19 - 2013-06-27 21:19 - 00688992 ____R (Swearware) C:\Users\Wayne\Desktop\dds.com
2013-06-27 21:19 - 2013-06-27 21:19 - 00688992 ____A (Swearware) C:\Users\Wayne\Downloads\dds.com
2013-06-27 19:59 - 2013-06-27 19:59 - 00000000 ____D C:\Program Files\Panda Security
2013-06-27 19:59 - 2013-06-27 19:59 - 00000000 ____A C:\END
2013-06-27 19:58 - 2013-06-27 19:58 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Babylon
2013-06-17 22:11 - 2013-06-17 22:11 - 00000000 ____D C:\Users\Wayne\Documents\ProcAlyzer Dumps
2013-06-16 23:07 - 2013-06-16 23:07 - 00000000 ____A C:\Windows\EEventManager.INI
2013-06-16 21:32 - 2013-06-16 21:32 - 13169742 ____A C:\Users\Wayne\Downloads\mbar-1.06.0.1003.zip
2013-06-16 21:32 - 2013-06-16 21:32 - 00000000 ____D C:\Users\Wayne\Downloads\mbar-1.06.0.1003
2013-06-16 20:17 - 2012-07-21 21:33 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.20130616-201713.backup
2013-06-16 14:15 - 2013-06-16 14:15 - 00000632 _RASH C:\Users\Wayne\ntuser.pol
2013-06-16 14:02 - 2013-06-27 15:36 - 00000079 ____A C:\Windows\wininit.ini
2013-06-16 13:59 - 2013-06-17 22:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-16 13:56 - 2013-06-16 13:57 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\Wayne\Downloads\spybot-2.1.exe
2013-06-16 11:17 - 2013-06-16 11:18 - 00004298 ____A C:\Users\Wayne\Downloads\1938756E36107B0A72659C9B4492D9D9B4DBACD8.torrent
2013-06-16 11:08 - 2013-06-16 11:08 - 00016058 ____A C:\Users\Wayne\Downloads\7F80123BB331F32B2287CC0AE3AB7A0884F17D4A.torrent
2013-06-16 11:04 - 2013-06-16 11:04 - 00026483 ____A C:\Users\Wayne\Downloads\287E273A2EE61097FC8BEC657EBD5223881A96AE.torrent
2013-06-16 09:44 - 2013-06-16 09:44 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Mozilla
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\Program Files\iTunes
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\Program Files\iPod
2013-06-12 21:25 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 21:25 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 21:25 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 21:25 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 21:25 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 21:25 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 21:23 - 2013-05-17 02:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:23 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:23 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 21:23 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 21:22 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 15:55 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 15:55 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 15:55 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 15:55 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 15:55 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 15:55 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 15:55 - 2013-05-08 06:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 15:55 - 2013-05-06 06:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 15:55 - 2013-05-06 06:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 15:55 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 15:55 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 15:55 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

==================== One Month Modified Files and Folders ========

2013-07-03 08:29 - 2013-02-01 18:59 - 00356380 ____A C:\Windows\setupact.log
2013-07-03 08:29 - 2011-06-13 16:12 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 08:29 - 2011-03-24 20:49 - 00000000 ____D C:\ProgramData\MFAData
2013-07-03 08:29 - 2011-03-24 04:17 - 00000000 ____D C:\Users\Wayne\AppData\Local\Adobe
2013-07-03 08:26 - 2012-04-17 07:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 08:22 - 2009-07-14 05:34 - 00014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 08:22 - 2009-07-14 05:34 - 00014752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 08:15 - 2011-03-24 04:38 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-03 08:15 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 21:03 - 2011-06-13 16:12 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 12:20 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-02 10:36 - 2013-07-02 10:36 - 00001488 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-07-02 09:35 - 2013-07-02 09:35 - 00020078 ____A C:\Users\Wayne\Desktop\Addition.txt
2013-07-02 09:33 - 2013-07-02 09:33 - 01372429 ____A (Farbar) C:\Users\Wayne\Desktop\FRST.exe
2013-07-02 09:33 - 2013-07-02 09:33 - 00000000 ____D C:\FRST
2013-07-02 09:19 - 2013-07-02 09:19 - 00018448 ____A C:\Users\Wayne\Desktop\DDS 2.txt
2013-07-02 09:19 - 2013-07-02 09:19 - 00013331 ____A C:\Users\Wayne\Desktop\Attach DDS.txt
2013-07-02 09:12 - 2013-07-02 09:12 - 00018448 ____A C:\Users\Wayne\Desktop\dds.txt
2013-07-02 09:12 - 2013-07-02 09:12 - 00013331 ____A C:\Users\Wayne\Desktop\attach.txt
2013-07-02 07:49 - 2013-02-02 09:34 - 00027516 ____A C:\Windows\PFRO.log
2013-07-02 01:14 - 2013-01-15 12:12 - 00000000 ____D C:\Users\Wayne\Desktop\photos
2013-07-01 23:46 - 2013-07-01 23:46 - 00000000 ____A C:\Users\Wayne\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih_exe (1).t8uaoxj.partial
2013-07-01 23:45 - 2013-07-01 23:44 - 01035984 ____A (Solid State Networks) C:\Users\Wayne\Downloads\install_flashplayer11x32ax_gtbd_chrd_dn_aaa_aih_exe
2013-07-01 23:31 - 2011-03-24 04:16 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Adobe
2013-07-01 20:24 - 2011-03-24 22:06 - 00000000 ____D C:\Movies
2013-07-01 19:39 - 2013-07-01 19:36 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-07-01 19:36 - 2013-07-01 19:36 - 00001037 ____A C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-07-01 19:36 - 2013-07-01 19:36 - 00000000 ____D C:\ProgramData\Licenses
2013-07-01 08:11 - 2013-07-01 08:09 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-07-01 08:09 - 2013-07-01 08:09 - 00002119 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-01 08:07 - 2013-07-01 08:05 - 36364784 ____A (Safer-Networking Ltd. ) C:\Users\Wayne\Downloads\SpybotSD2.exe
2013-07-01 08:04 - 2013-07-01 08:03 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\WebCake
2013-06-28 18:38 - 2013-03-06 12:00 - 00189440 __ASH C:\Users\Wayne\Desktop\Thumbs.db
2013-06-28 16:50 - 2013-06-28 16:50 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-28 16:50 - 2013-06-28 16:50 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-28 16:50 - 2009-07-14 03:04 - 00002577 ____A C:\Windows\System32\config.nt
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\ProgramData\AVAST Software
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Program Files\AVAST Software
2013-06-28 08:11 - 2011-03-24 03:49 - 00739744 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 21:51 - 2011-03-24 03:44 - 01493746 ____A C:\Windows\WindowsUpdate.log
2013-06-27 21:19 - 2013-06-27 21:19 - 00688992 ____R (Swearware) C:\Users\Wayne\Desktop\dds.com
2013-06-27 21:19 - 2013-06-27 21:19 - 00688992 ____A (Swearware) C:\Users\Wayne\Downloads\dds.com
2013-06-27 19:59 - 2013-06-27 19:59 - 00000000 ____D C:\Program Files\Panda Security
2013-06-27 19:59 - 2013-06-27 19:59 - 00000000 ____A C:\END
2013-06-27 19:58 - 2013-06-27 19:58 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Babylon
2013-06-27 15:36 - 2013-06-16 14:02 - 00000079 ____A C:\Windows\wininit.ini
2013-06-27 15:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-24 00:33 - 2011-03-24 23:32 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\BitTorrent
2013-06-21 08:06 - 2012-05-29 19:23 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-17 22:11 - 2013-06-17 22:11 - 00000000 ____D C:\Users\Wayne\Documents\ProcAlyzer Dumps
2013-06-17 22:11 - 2013-06-16 13:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-16 23:07 - 2013-06-16 23:07 - 00000000 ____A C:\Windows\EEventManager.INI
2013-06-16 21:32 - 2013-06-16 21:32 - 13169742 ____A C:\Users\Wayne\Downloads\mbar-1.06.0.1003.zip
2013-06-16 21:32 - 2013-06-16 21:32 - 00000000 ____D C:\Users\Wayne\Downloads\mbar-1.06.0.1003
2013-06-16 20:17 - 2009-07-14 03:04 - 00448635 ___RA C:\Windows\System32\Drivers\etc\hosts.20130701-081446.backup
2013-06-16 14:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-16 14:15 - 2013-06-16 14:15 - 00000632 _RASH C:\Users\Wayne\ntuser.pol
2013-06-16 14:15 - 2011-03-24 03:45 - 00000000 ____D C:\users\Wayne
2013-06-16 14:15 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-16 14:05 - 2011-03-24 21:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-16 14:04 - 2012-02-20 15:53 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-16 13:57 - 2013-06-16 13:56 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\Wayne\Downloads\spybot-2.1.exe
2013-06-16 11:18 - 2013-06-16 11:17 - 00004298 ____A C:\Users\Wayne\Downloads\1938756E36107B0A72659C9B4492D9D9B4DBACD8.torrent
2013-06-16 11:08 - 2013-06-16 11:08 - 00016058 ____A C:\Users\Wayne\Downloads\7F80123BB331F32B2287CC0AE3AB7A0884F17D4A.torrent
2013-06-16 11:04 - 2013-06-16 11:04 - 00026483 ____A C:\Users\Wayne\Downloads\287E273A2EE61097FC8BEC657EBD5223881A96AE.torrent
2013-06-16 09:44 - 2013-06-16 09:44 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Windows\System32\searchplugins
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Windows\System32\Extensions
2013-06-16 09:01 - 2013-06-16 09:01 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Mozilla
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\Program Files\iTunes
2013-06-14 09:21 - 2013-06-14 09:21 - 00000000 ____D C:\Program Files\iPod
2013-06-14 09:21 - 2012-09-18 17:19 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-14 09:21 - 2011-03-24 10:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-12 21:24 - 2011-03-24 04:07 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 15:26 - 2012-04-17 07:26 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 15:26 - 2011-05-13 07:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 12:42 - 2013-06-12 21:25 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 12:40 - 2013-06-12 21:25 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 12:40 - 2013-06-12 21:25 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 12:40 - 2013-06-12 21:25 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 12:40 - 2013-06-12 21:25 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 12:13 - 2013-06-12 21:25 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2011-12-21 16:14

==================== End Of Log ============================

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013
Ran by Wayne at 2013-07-04 08:21:29 Run:1
Running from C:\Users\Wayne\Desktop
Boot Mode: Normal

==============================================

Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

RogueKiller V8.6.2 [Jul 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Wayne [Admin rights]
Mode : Remove -- Date : 07/04/2013 08:35:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\ProgramData\Microsoft\Media Tools\plugins\pl-b2e730376325753834d77280c183157b.dll [x] ->
[SUSP PATH][WHITELIST] explorer.exe -- C:\ProgramData\Microsoft\Media Tools\plugins\pl-b2e730376325753834d77280c183157b.dll [x] ->
[SUSP PATH] WebCakeDesktop.exe -- C:\Users\Wayne\AppData\Roaming\WebCake\WebCakeDesktop.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : WebCake Desktop ( "C:\Users\Wayne\AppData\Roaming\WebCake\WebCakeDesktop.exe" [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2689820159-702822217-135784562-1000\[...]\Run : WebCake Desktop ( "C:\Users\Wayne\AppData\Roaming\WebCake\WebCakeDesktop.exe" [7]) -> [0x2] The system cannot find the file specified.
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer 0) -> NOT REMOVED, USE PROXYFIX
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] $NtUninstallKB17020$ : C:\Windows\$NtUninstallKB17020$ >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] 211190978 : C:\Windows\$NtUninstallKB17020$\211190978 >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][File] 211190978 : C:\Windows\$NtUninstallKB17020$\211190978 [-] --> DELETED
[ZeroAccess][File] @ : C:\Windows\$NtUninstallKB17020$\2761484004\@ [-] --> DELETED
[ZeroAccess][File] Desktop.ini : C:\Windows\$NtUninstallKB17020$\2761484004\Desktop.ini [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Windows\$NtUninstallKB17020$\2761484004\L\00000004.@ [-] --> DELETED
[ZeroAccess][File] 201d3dde : C:\Windows\$NtUninstallKB17020$\2761484004\L\201d3dde [-] --> DELETED
[ZeroAccess][File] 6715e287 : C:\Windows\$NtUninstallKB17020$\2761484004\L\6715e287 [-] --> DELETED
[ZeroAccess][File] 76603ac3 : C:\Windows\$NtUninstallKB17020$\2761484004\L\76603ac3 [-] --> DELETED
[ZeroAccess][File] xadqgnnk : C:\Windows\$NtUninstallKB17020$\2761484004\L\xadqgnnk [-] --> DELETED
[ZeroAccess][Folder] L : C:\Windows\$NtUninstallKB17020$\2761484004\L [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\Windows\$NtUninstallKB17020$\2761484004\U\00000004.@ [-] --> DELETED
[ZeroAccess][File] 00000008.@ : C:\Windows\$NtUninstallKB17020$\2761484004\U\00000008.@ [-] --> DELETED
[ZeroAccess][File] 000000cb.@ : C:\Windows\$NtUninstallKB17020$\2761484004\U\000000cb.@ [-] --> DELETED
[ZeroAccess][File] 80000000.@ : C:\Windows\$NtUninstallKB17020$\2761484004\U\80000000.@ [-] --> DELETED
[ZeroAccess][File] 80000032.@ : C:\Windows\$NtUninstallKB17020$\2761484004\U\80000032.@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\Windows\$NtUninstallKB17020$\2761484004\U [-] --> DELETED
[ZeroAccess][Folder] 2761484004 : C:\Windows\$NtUninstallKB17020$\2761484004 [-] --> REMOVED AT REBOOT
[ZeroAccess][Folder] $NtUninstallKB17020$ : C:\Windows\$NtUninstallKB17020$ [-] --> REMOVED AT REBOOT

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts|ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 826efb7eb83f516d96a0e3ed6ec43e54
[BSP] 4aa5b9eb750d2bc6e05fcab9d6afa5ed : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07042013_083515.txt >>
RKreport[0]_S_07042013_083434.txt

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.04.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Wayne :: WAYNE-PC [administrator]

04/07/2013 11:08:44
mbar-log-2013-07-04 (11-08-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 262874
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16618

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.991000 GHz
Memory total: 3690029056, free: 2059395072

Downloaded database version: v2013.07.04.04
Initializing...
------------ Kernel report ------------
07/04/2013 11:08:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86315030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-4\
Lower Device Object: 0xffffffff85e4f030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86315030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86315d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86315030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e4f750, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85e4f030, DeviceName: \Device\Ide\IdeDeviceP2T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E5924DFA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/05/2013 09:00:12 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (These may be legitimate)!

* C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpEvMsg.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpAsDesc.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpClient.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpCmdRun.exe => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpOAV.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpRTP.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MSASCui.exe => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpLics.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MsMpRes.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpAsDesc.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpClient.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpCmdRun.exe => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpCommu.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpOAV.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpRTP.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MSASCui.exe => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpCom.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpLics.dll => <Unknown Target> [File]
* C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpRes.dll => <Unknown Target> [File]

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15453 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 07/05/2013 09:32:00 PM
Execution time: 0 hours(s), 31 minute(s), and 48 seconds(s)

 

Combofix is still causing me problems, it runs to the blue screen but just hangs, or it runs to completion but does not offer a log? Must be something I'm doing wrong will try again today