Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

scan found rootkit autoChk.exe:BAK:$DATA

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » October 25th, 2013, 2:33 pm

I had run a rootkit scan and the above file turned up. I read in posts here that autoChk.exe:BAK should be removed and replaced by something else. I therefore am reluctant to try and remove it as it has the $DATA as well as BAKA. My computer has been much slower lately and consequently I have done several scans but the rootkit scan found this file and many others mostly associated with Microsoft Money Plus Sunset Edition. I will copy the DDS.txt and Attach.txt logs as well as the Rootkit scan. I have not had any error messages but the computer freezes when on the internet, in Microsoft word, and in my email (which is not Microsoft). This clears after a minute or two. I do not know what to do with the Rootkit scan and would appreciate your help. I understand that you wanted the scans pasted and not attached.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/12/08 6:51:27 PM
System Uptime: 10/25/13 11:43:58 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0YP944
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 90.465 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.984 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Advanced Audio FX Engine
Akamai NetSession Interface
Alarm Clock version 1.0
AM-DeadLink 4.6
America's Boating Course v3.2
Anti-Twin (Installation 4/29/13)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Media Player 4.1.9.95
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Awesome Duplicate Photo Finder v. 1.0.1
Belarc Advisor 8.3
Bitdefender 60-Second Virus Scanner
BoatU.S. Simulator Project
Bonjour
Broadcom Gigabit NetLink Controller
Browser Address Error Redirector
Canon Easy-WebPrint EX
Canon iP2700 series Printer Driver
Canon My Printer
Carbonite
CCleaner
Chessmaster 10th Edition
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CloneSpy 2.62
Coastal Explorer Express
CrystalDiskInfo 5.6.2
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell System Detect
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
Device Doctor v2.1
DiskCheckup v3.1
DriverUpdate
EDocs
Elevated Installer
EPSON Printer Software
EPSON Scan
FreeSizer v.1.0.0
FreeUndelete 2.1.36867.1
Garmin City Navigator North America NT 2014.10 Update
Garmin Communicator Plugin
Garmin Express
Garmin Express Tray
Garmin MapInstall
Garmin Update Service
Garmin USB Drivers
Google Chrome
Google Update Helper
HD Tune 2.55
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.06.03.0309)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
Internet Explorer (Enable DEP)
ITECIR Driver
iTuner
iTunes
Java 7 Update 45
Java Auto Updater
Juno Internet
K-Lite Mega Codec Pack 9.4.2
KeyScrambler
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Converter Pack
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Web Apps Browser Plugin
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Moffsoft FreeCalc
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
My Dell
Navionics World
NirSoft Wireless Network Watcher
Nitro Reader 3
Packed Chess Free
Picasa 3
PrimoPDF -- brought to you by Nitro PDF Software
Prism Video File Converter
QuickSet
QuickTime
Revo Uninstaller 1.95
RoboForm 7-9-2-5 (All Users)
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Search Protect by conduit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Should I Remove It
SketchUp 8
Skype™ 6.9
SMPlayer 0.8.6.0
SoftPerfect WiFi Guard version 1.0.2
SpeedBit Video Downloader
SpellForce 2 - Shadow Wars
Spybot - Search & Destroy
System Requirements Lab for Intel
TouchFreeze
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.6
vReveal 3
What's my computer doing 1.xx
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
WinZip 17.5
Xfire (remove only)
Xfire 2.0
Xfire Codec (remove only)
ZoneAlarm LTD Toolbar
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.45.2
Run by Wayne at 12:40:06 on 2013-10-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3573.1853 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Program Files\Packed Bytes\Packed Chess Free\PackedChessFreeServer.exe
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Wayne\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
C:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
C:\Users\Wayne\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Juno\exec.exe
C:\Windows\system32\vssvc.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&clie ... bd=5080813
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://my.juno.com/s/search?r=minisearch
uSearch Page = hxxp://my.juno.com/s/search?r=minisearch
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&clie ... bd=5080813
mSearch Page = hxxp://my.juno.com/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.juno.com/s/search?r=minisearch
uSearchURL,(Default) = hxxp://my.juno.com/s/search?r=minisearch
mSearchAssistant = hxxp://my.juno.com/s/search?r=minisearch
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll
BHO: Pop-up Blocker: {52706EF7-D7A2-49AD-A615-E903858CF284} - c:\program files\juno\qsacc\X1IEBHO.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Juno Toolbar Helper: {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - c:\program files\juno\UCReg.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Akamai NetSession Interface] "c:\users\wayne\appdata\local\akamai\netsession_win.exe"
uRun: [pdiface] c:\program files\bitdefender\60-second virus scanner\pdiface.exe -noshow
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [DellSystemDetect] c:\users\wayne\appdata\roaming\microsoft\windows\start menu\programs\dell\Dell System Detect.appref-ms
uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clear Fields - c:\program files\siber systems\ai roboform\RoboFormComClearFields.html
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Display All Images with Full Quality - "res://c:\program files\juno\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "res://c:\program files\juno\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Reset Fields - c:\program files\siber systems\ai roboform\RoboFormComResetFields.html
IE: RoboForm Editor - c:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: RoboForm Options - c:\program files\siber systems\ai roboform\RoboFormComOptions.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Set Fields - c:\program files\siber systems\ai roboform\RoboFormComSetFields.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
Trusted Zone: juno.com
TCP: NameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{70161D38-6DF1-4D89-8138-BC825099A03E} : DHCPNameServer = 69.26.64.253 69.26.64.254
TCP: Interfaces\{75065DA0-02FA-40D3-9637-5711D6973863} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{75065DA0-02FA-40D3-9637-5711D6973863} : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wayne\appdata\roaming\mozilla\firefox\profiles\x0bzg93y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?s=C7Ra206&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.basicseek.com/?tmp=nemo_resu ... &keywords=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nitro\reader 3\npdf.dll
FF - plugin: c:\program files\nitro\reader 3\npnitroie.dll
FF - plugin: c:\program files\nitro\reader 3\npnitromozilla.dll
FF - plugin: c:\users\wayne\appdata\roaming\mozilla\firefox\profiles\x0bzg93y.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-09-30 01:00; donottrackplus@abine.com; c:\users\wayne\appdata\roaming\mozilla\firefox\profiles\x0bzg93y.default\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-10-13 18:12; 2.0@disconnect.me; c:\users\wayne\appdata\roaming\mozilla\firefox\profiles\x0bzg93y.default\extensions\2.0@disconnect.me.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - fd45bfb8-b4a7-4a51-ad1e-c127044fa8ee
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-12 185688]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\nitro\reader 3\NitroPDFReaderDriverService3.exe [2013-2-13 196624]
R2 PackedChessFreeServer;Packed Chess Free Server;c:\program files\packed bytes\packed chess free\PackedChessFreeServer.exe [2012-3-6 25600]
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc --> c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc [?]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\rpcnet\bin\rpcld.exe --> c:\programdata\rpcnet\bin\rpcld.exe [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-10-24 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-10-24 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-10-24 171416]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-8-13 203264]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-1-4 173880]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\cltmngsvc.exe --> c:\program files\searchprotect\bin\CltMngSvc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-8-10 45288]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 107392]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-10-31 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 XFDriver;XFDriver;c:\program files\xfire2\XFDriver.sys [2013-8-19 16648]
.
=============== Created Last 30 ================
.
2013-10-25 03:35:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-25 03:09:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-25 00:34:51 -------- d-----w- c:\program files\HD Tune
2013-10-24 19:04:18 7796464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1de7dfc2-443c-4c62-9bde-a4838a4d6034}\mpengine.dll
2013-10-24 16:23:23 -------- d-----w- c:\program files\CrystalDiskInfo
2013-10-23 17:57:46 7796464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-20 03:22:32 -------- d-----w- c:\users\wayne\appdata\local\WinZip
2013-10-20 01:43:39 -------- d-----w- c:\users\wayne\appdata\roaming\Systweak
2013-10-19 04:39:21 -------- d-----w- c:\windows\system32\ShellExtBridge
2013-10-19 04:39:14 -------- d-----w- c:\program files\Moo0
2013-10-19 00:08:54 -------- d-----w- c:\program files\DiskCheckup
2013-10-18 16:43:03 -------- d-----w- c:\program files\MP3Gain
2013-10-18 14:47:43 718712 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2013-10-18 14:47:42 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c9f2d784-8174-4c78-909d-3aa51b8260cd}\gapaengine.dll
2013-10-17 20:02:24 0 ----a-w- c:\windows\system32\OLDEF6E.tmp
2013-10-17 20:02:16 0 ----a-w- c:\windows\system32\OLDD079.tmp
2013-10-17 20:02:08 0 ----a-w- c:\windows\system32\OLDB201.tmp
2013-10-17 20:02:02 0 ----a-w- c:\windows\system32\OLD982A.tmp
2013-10-17 20:01:53 0 ----a-w- c:\windows\system32\OLD7761.tmp
2013-10-17 20:01:43 0 ----a-w- c:\windows\system32\OLD4F51.tmp
2013-10-17 20:01:42 -------- d-----w- c:\windows\system32\SRSLabs
2013-10-17 19:25:52 -------- d-----r- c:\program files\Skype
2013-10-17 03:10:23 257144 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2013-10-14 21:35:17 -------- d-----w- c:\users\wayne\appdata\local\fontconfig
2013-10-14 21:33:39 -------- d-----w- c:\users\wayne\.smplayer
2013-10-14 21:31:43 -------- d-----w- c:\program files\SMPlayer
2013-10-11 13:24:04 0 ----a-w- c:\windows\system32\SET368F.tmp
2013-10-11 13:24:04 0 ----a-w- c:\windows\system32\SET342C.tmp
2013-10-11 13:24:00 0 ----a-w- c:\windows\system32\SET26EB.tmp
2013-10-11 13:24:00 0 ----a-w- c:\windows\system32\SET2504.tmp
2013-10-11 12:50:23 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-10-10 13:29:16 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 13:26:59 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-10-10 13:26:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-10-10 13:26:53 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-10-10 13:26:53 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-05 22:56:23 -------- d-----w- c:\program files\TouchFreeze
2013-09-30 00:41:05 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-09-30 00:41:04 -------- d-----w- c:\programdata\PCDr
2013-09-30 00:41:04 -------- d-----w- c:\program files\Dell Support Center
2013-09-30 00:40:39 -------- d-----w- c:\program files\My Dell
2013-09-30 00:32:48 -------- d-----w- c:\users\wayne\appdata\roaming\PCDr
.
==================== Find3M ====================
.
2013-10-25 15:46:21 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-10-25 15:45:44 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-10-25 15:45:40 69792 ----a-w- c:\windows\system32\rpcnet.dll
2013-10-09 15:56:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 15:56:26 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-25 14:09:31 69792 ------w- c:\windows\system32\rpcnet.exe
2013-09-25 14:07:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-29 07:36:04 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:36 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-01 12:33:33 53894 ----a-w- c:\programdata\1375360384.bdinstall.bin
2013-08-01 12:01:27 53894 ----a-w- c:\programdata\1375358461.bdinstall.bin
2013-08-01 11:31:11 53894 ----a-w- c:\programdata\1375356644.bdinstall.bin
2013-08-01 11:00:55 53894 ----a-w- c:\programdata\1375354824.bdinstall.bin
2013-08-01 10:30:32 53894 ----a-w- c:\programdata\1375353008.bdinstall.bin
2013-08-01 10:00:18 53894 ----a-w- c:\programdata\1375351183.bdinstall.bin
2013-08-01 09:29:53 53893 ----a-w- c:\programdata\1375349363.bdinstall.bin
2013-08-01 08:59:33 53893 ----a-w- c:\programdata\1375347532.bdinstall.bin
2013-08-01 08:29:02 53893 ----a-w- c:\programdata\1375345716.bdinstall.bin
2013-08-01 07:58:38 53894 ----a-w- c:\programdata\1375343880.bdinstall.bin
2013-08-01 07:28:09 53894 ----a-w- c:\programdata\1375342061.bdinstall.bin
2013-08-01 06:57:48 53894 ----a-w- c:\programdata\1375340238.bdinstall.bin
2013-08-01 06:27:26 53894 ----a-w- c:\programdata\1375338421.bdinstall.bin
2013-08-01 05:57:08 53893 ----a-w- c:\programdata\1375336599.bdinstall.bin
2013-08-01 05:26:48 53894 ----a-w- c:\programdata\1375334778.bdinstall.bin
2013-08-01 04:56:27 53894 ----a-w- c:\programdata\1375332963.bdinstall.bin
2013-08-01 04:26:12 53894 ----a-w- c:\programdata\1375331144.bdinstall.bin
2013-08-01 03:55:54 53893 ----a-w- c:\programdata\1375329329.bdinstall.bin
2013-08-01 03:25:39 53894 ----a-w- c:\programdata\1375327512.bdinstall.bin
2013-08-01 03:16:32 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-08-01 02:55:21 53893 ----a-w- c:\programdata\1375325684.bdinstall.bin
2013-08-01 02:49:15 37376 ----a-w- c:\windows\system32\cdd.dll
2013-08-01 02:24:53 53894 ----a-w- c:\programdata\1375323863.bdinstall.bin
2013-08-01 01:54:33 53893 ----a-w- c:\programdata\1375322046.bdinstall.bin
2013-08-01 01:24:14 53894 ----a-w- c:\programdata\1375320228.bdinstall.bin
2013-08-01 00:53:57 53894 ----a-w- c:\programdata\1375318413.bdinstall.bin
2013-08-01 00:23:42 53892 ----a-w- c:\programdata\1375316598.bdinstall.bin
2013-07-31 23:53:28 53894 ----a-w- c:\programdata\1375314782.bdinstall.bin
2013-07-31 23:23:12 53894 ----a-w- c:\programdata\1375312968.bdinstall.bin
2013-07-31 22:52:57 53894 ----a-w- c:\programdata\1375311131.bdinstall.bin
2013-07-31 22:22:20 53894 ----a-w- c:\programdata\1375309315.bdinstall.bin
2013-07-31 21:52:04 53894 ----a-w- c:\programdata\1375307500.bdinstall.bin
2013-07-31 21:21:51 53894 ----a-w- c:\programdata\1375305685.bdinstall.bin
2013-07-31 20:51:36 53894 ----a-w- c:\programdata\1375303865.bdinstall.bin
2013-07-31 20:21:14 53893 ----a-w- c:\programdata\1375302050.bdinstall.bin
2013-07-31 19:50:59 53892 ----a-w- c:\programdata\1375300233.bdinstall.bin
2013-07-31 19:20:43 53894 ----a-w- c:\programdata\1375298412.bdinstall.bin
2013-07-31 18:50:22 53893 ----a-w- c:\programdata\1375296597.bdinstall.bin
2013-07-31 18:20:07 53893 ----a-w- c:\programdata\1375294783.bdinstall.bin
2013-07-31 17:49:54 53893 ----a-w- c:\programdata\1375292968.bdinstall.bin
2013-07-31 17:19:44 54051 ----a-w- c:\programdata\1375291149.bdinstall.bin
2013-07-31 16:49:16 54208 ----a-w- c:\programdata\1375289329.bdinstall.bin
2013-07-31 04:23:41 53899 ----a-w- c:\programdata\1375244579.bdinstall.bin
2013-07-31 03:53:09 53899 ----a-w- c:\programdata\1375242758.bdinstall.bin
2013-07-31 03:22:45 53894 ----a-w- c:\programdata\1375240938.bdinstall.bin
2013-07-31 02:52:28 53894 ----a-w- c:\programdata\1375239115.bdinstall.bin
2013-07-31 02:22:07 53894 ----a-w- c:\programdata\1375237301.bdinstall.bin
2013-07-31 01:51:52 53894 ----a-w- c:\programdata\1375235488.bdinstall.bin
2013-07-31 01:21:39 53894 ----a-w- c:\programdata\1375233675.bdinstall.bin
2013-07-31 00:51:26 53894 ----a-w- c:\programdata\1375231856.bdinstall.bin
2013-07-31 00:21:06 53894 ----a-w- c:\programdata\1375230043.bdinstall.bin
2013-07-30 23:50:53 53894 ----a-w- c:\programdata\1375228229.bdinstall.bin
2013-07-30 23:20:43 53894 ----a-w- c:\programdata\1375226416.bdinstall.bin
2013-07-30 22:50:29 53894 ----a-w- c:\programdata\1375224601.bdinstall.bin
2013-07-30 22:20:13 53894 ----a-w- c:\programdata\1375222779.bdinstall.bin
2013-07-30 21:49:49 53893 ----a-w- c:\programdata\1375220964.bdinstall.bin
2013-07-30 21:19:35 53894 ----a-w- c:\programdata\1375219147.bdinstall.bin
2013-07-30 20:49:19 53894 ----a-w- c:\programdata\1375217331.bdinstall.bin
2013-07-30 20:19:02 53893 ----a-w- c:\programdata\1375215516.bdinstall.bin
2013-07-30 19:48:47 53894 ----a-w- c:\programdata\1375213702.bdinstall.bin
2013-07-30 19:18:33 53893 ----a-w- c:\programdata\1375211889.bdinstall.bin
2013-07-30 18:48:20 53894 ----a-w- c:\programdata\1375210070.bdinstall.bin
2013-07-30 18:18:00 53894 ----a-w- c:\programdata\1375208254.bdinstall.bin
2013-07-30 17:47:42 53894 ----a-w- c:\programdata\1375206434.bdinstall.bin
2013-07-30 17:17:24 53894 ----a-w- c:\programdata\1375204608.bdinstall.bin
2013-07-30 16:46:58 53894 ----a-w- c:\programdata\1375202783.bdinstall.bin
2013-07-30 16:16:35 54051 ----a-w- c:\programdata\1375200969.bdinstall.bin
2013-07-30 15:46:20 54208 ----a-w- c:\programdata\1375199148.bdinstall.bin
2013-07-30 03:14:57 53899 ----a-w- c:\programdata\1375154069.bdinstall.bin
2013-07-30 02:44:39 53899 ----a-w- c:\programdata\1375152254.bdinstall.bin
2013-07-30 02:14:24 53899 ----a-w- c:\programdata\1375150435.bdinstall.bin
2013-07-30 01:44:05 53898 ----a-w- c:\programdata\1375148620.bdinstall.bin
2013-07-30 01:13:42 53898 ----a-w- c:\programdata\1375146785.bdinstall.bin
2013-07-30 00:43:07 53898 ----a-w- c:\programdata\1375144963.bdinstall.bin
2013-07-30 00:12:53 53897 ----a-w- c:\programdata\1375143149.bdinstall.bin
2013-07-29 23:42:39 53898 ----a-w- c:\programdata\1375141335.bdinstall.bin
.
============= FINISH: 12:40:58.64 ===============
Spybot Rootkit Scan:
// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Executable ADS","D:\Windows\System32\autochk.exe:BAK:$DATA"
File:"","D:\Recycler\S-1-5-21-842925246-2025429265-682008880-1013\com4"
File:"Invisible to Win32","D:\Recycler\S-1-5-21-842925246-2025429265-682008880-1013\com4\hidefiles\11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111\11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111\11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"
File:"Unknown ADS","C:\Users\Wayne\Documents\Photography\Video\Kimberley-VanIsl.avi:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Wayne\Documents\Photography\Video\VideoTape 2010\VideoTape 2010 2012_08_17_17_35_31.avi:TOC.WMV:$DATA"
File:"Unknown ADS","C:\Users\Wayne\Documents\Photography\Video\Sony Cam Download 2009 Mar\Sony Cam Download 2009 Mar 2009_03_03_14_52_06.avi:TOC.WMV:$DATA"
File:"No admin in ACL","C:\ProgramData\Rpcnet"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\2008Invoice.ntd"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\2008StmtPrvw.ntd"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\backup1.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\billstmt.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\blklnd.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\blkprt.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\bluedrop.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\blulnd.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\bluprt.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\c3line.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\cstmlist.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\deltmpl.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\graybar1.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\graybar2.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\graybox.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\grayline.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\graytwo.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\GREENDRP.GIF"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\gridsize.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\grnline.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\handle.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\harmp.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\harprd.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\harsrv.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\hline.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\land.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\learn.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\logo"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\logoblnk"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\logosave"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\logosavt"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\modcols.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\modfonts.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\modlines.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\modtmpl.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\moneyhlp.css"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\moneyprt.css"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\moveelem.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\new3line.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsl1.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsl2.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsl3.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsl4.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsl5.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsl6.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsl7.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsp1.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsp2.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsp3.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsp4.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsp5.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsp6.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newsp7.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newtmpl.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\newtmpl1.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\opentmpl.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\pickelem.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\picklogo.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\portrait.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingHori-house.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingHori-paperClip.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingHori-shopCart.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingHori-teddyBear.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingHori-wrench.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingVert-house.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingVert-paperClip.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingVert-shopCart.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingVert-teddyBears.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\repeatingVert-wrench.gif"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\rszeelem.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\savetmpl.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl1.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl10.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl11.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl2.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl3.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl4.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl5.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl6.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl7.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl8.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\srtmpl9.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tbhelp.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tbhlp.js"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tmpl1.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tmpl2.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tmpl3.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tmpl4.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tmpl5.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tmpl6.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tmpl7.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\tmpl8.htm"
File:"No admin in ACL","C:\ProgramData\Microsoft\Money\17.0\Invoice\zoom.htm"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am
Advertisement
Register to Remove

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby melboy » October 26th, 2013, 6:38 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=============================================


OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » October 26th, 2013, 11:47 pm

I copied the results of the OTL.exe scan but could not send it as there were164571 characters which was over the allowed number of characters. I also found the Extras.txt was not minimized. I converted it to a Zip file but could not drag the file to this page. Can you suggest what I might do to get the information to you. Thank you
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby melboy » October 27th, 2013, 3:52 am

Attachment

  • Click Full Editor in the Quick Reply box.
  • Attach otl.txt & extras.txt to your next post by clicking the Upload Attachment feature

    Image
  • Click Choose file & browse to the files otl.txt & extras.txt on your desktop and click open.
  • Click Add the file and wait for it to upload.
  • Then click Submit along with the rest of your reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » October 27th, 2013, 7:57 pm

It looks like the files attached OK as the names appeared in "Posted Attachments". At present I am travelling from Ontario Canada to Florida by car and only check my email in the evening, hence the slow response on my part. I tried the "preview" but nothing came up. Submitting this anyway.
You do not have the required permissions to view the files attached to this post.
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » October 27th, 2013, 8:52 pm

When I submitted the reply I realized the files had not downloaded. I had waited several minutes but now I will wait at least 30 minutes befor submitting.
Extras.Txt
When I went through the process again, I had the same result. However, when I clicked on "OTL.Txt" it opened to the scan results. I will wait until I hear from you.
You do not have the required permissions to view the files attached to this post.
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby melboy » October 29th, 2013, 2:02 pm

Hi

There's a few bits to tidy up but those otherwise look okay. Rootkit scans can produce false positives.

AdwCleaner

Download AdwCleaner from HERE & save it to your desktop.

  • Right click AdwCleaner.exe and choose "Run as Administrator" to run it.
  • Click the Scan button.
  • When the scan finishes, click the Report button.
  • A logfile will open in notepad. Copy/paste to post the contents of the logfile in your next reply.
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner[R*].txt.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » October 30th, 2013, 12:07 pm

Thank you Melboy. Here is the logfile from the AdwCleaner scan.




# AdwCleaner v3.010 - Report created 30/10/2013 at 12:03:58
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Wayne - WAYNE-PC
# Running from : C:\Users\Wayne\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\ezmd9tjr.default\user.js
File Found : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\Extensions\plugin@yontoo.com.xpi
File Found : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\searchplugins\safesearch.xml
File Found : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\searchplugins\speedbit.xml
File Found : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\user.js
Folder Found : C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Folder Found C:\Program Files\file scout
Folder Found C:\Program Files\SearchPredict
Folder Found C:\Program Files\Searchprotect
Folder Found C:\Program Files\Speedbit Video Downloader
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Searchprotect
Folder Found C:\Users\Wayne\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\Wayne\AppData\LocalLow\Conduit
Folder Found C:\Users\Wayne\AppData\LocalLow\Inbox Toolbar
Folder Found C:\Users\Wayne\AppData\LocalLow\Toolbar4
Folder Found C:\Users\Wayne\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Users\Wayne\AppData\Roaming\file scout
Folder Found C:\Users\Wayne\AppData\Roaming\pccustubinstaller
Folder Found C:\Users\Wayne\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Wayne\AppData\Roaming\Systweak

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{23088CF8-EAF8-4BB3-A251-9BA61557AC75}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicSeek
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Found : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Found : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Found : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088CF8-EAF8-4BB3-A251-9BA61557AC75}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://my.juno.com/s/search?r=minisearch
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://my.juno.com/s/search?r=minisearch
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://my.juno.com/s/search?r=minisearch
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://my.juno.com/s/search?r=minisearch
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://home.speedbit.com/tab/?s=C7Ra205
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://my.juno.com/s/search?r=minisearch
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [] - hxxp://my.juno.com/s/search?r=minisearch

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "SpeedBit Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?s=C7Ra206&q=");
Line Found : user_pref("browser.search.order.1", "SpeedBit Search");
Line Found : user_pref("browser.search.selectedEngine", "SpeedBit Search");
Line Found : user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?s=C7Ra205");
Line Found : user_pref("extensions.crossrider.bic", "13b4a2c8cac19c6914d3bde229763e2a");
Line Found : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Found : user_pref("extentions.y2layers.installId", "fd45bfb8-b4a7-4a51-ad1e-c127044fa8ee");
Line Found : user_pref("speedbitvideodownloader.Var1", "0");
Line Found : user_pref("speedbitvideodownloader.Var10", "0");
Line Found : user_pref("speedbitvideodownloader.Var2", "0");
Line Found : user_pref("speedbitvideodownloader.Var3", "0");
Line Found : user_pref("speedbitvideodownloader.Var4", "0");
Line Found : user_pref("speedbitvideodownloader.Var5", "0");
Line Found : user_pref("speedbitvideodownloader.Var6", "0");
Line Found : user_pref("speedbitvideodownloader.Var7", "0");
Line Found : user_pref("speedbitvideodownloader.Var8", "0");
Line Found : user_pref("speedbitvideodownloader.Var9", "0");
Line Found : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "23/13/23/6/112");
Line Found : user_pref("speedbitvideodownloader.firstlaunch", "0");
Line Found : user_pref("speedbitvideodownloader.guid", "%7B737DEF49-898A-9B50-1EC8-8A07C365D89E%7D");
Line Found : user_pref("speedbitvideodownloader.userId", "%12");
Line Found : user_pref("speedbitvideodownloader_installed_version", "3.0.6");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [13464 octets] - [30/10/2013 12:03:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13525 octets] ##########
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby melboy » October 30th, 2013, 3:03 pm

AdwCleaner

  • Right click AdwCleaner.exe and choose "Run as Administrator" to run it.
  • Click the Scan button.
  • When the scan finishes, click the Clean button.
  • Click OK to the prompt and let AdwCleaner reboot the computer.
  • A logfile will open in notepad after reboot. Copy/paste to post the contents of the logfile in your next reply.
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner[S**].txt.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » October 30th, 2013, 7:21 pm

Good evening Melboy. Below is the logfile following your instructions and Cleaning after Scanning with AdwCleaner.


# AdwCleaner v3.010 - Report created 30/10/2013 at 18:58:43
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Wayne - WAYNE-PC
# Running from : C:\Users\Wayne\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Program Files\SearchPredict
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\Speedbit Video Downloader
Folder Deleted : C:\Users\Wayne\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Wayne\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Wayne\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Wayne\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Wayne\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Wayne\AppData\Roaming\file scout
Folder Deleted : C:\Users\Wayne\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Wayne\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Wayne\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
File Deleted : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\searchplugins\speedbit.xml
File Deleted : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\ezmd9tjr.default\user.js
File Deleted : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{23088CF8-EAF8-4BB3-A251-9BA61557AC75}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088CF8-EAF8-4BB3-A251-9BA61557AC75}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicSeek
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "SpeedBit Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?s=C7Ra206&q=");
Line Deleted : user_pref("browser.search.order.1", "SpeedBit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "SpeedBit Search");
Line Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?s=C7Ra205");
Line Deleted : user_pref("extensions.crossrider.bic", "13b4a2c8cac19c6914d3bde229763e2a");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "fd45bfb8-b4a7-4a51-ad1e-c127044fa8ee");
Line Deleted : user_pref("speedbitvideodownloader.Var1", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var10", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var2", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var3", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var4", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var5", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var6", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var7", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var8", "0");
Line Deleted : user_pref("speedbitvideodownloader.Var9", "0");
Line Deleted : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "23/13/23/6/112");
Line Deleted : user_pref("speedbitvideodownloader.firstlaunch", "0");
Line Deleted : user_pref("speedbitvideodownloader.guid", "%7B737DEF49-898A-9B50-1EC8-8A07C365D89E%7D");
Line Deleted : user_pref("speedbitvideodownloader.userId", "%12");
Line Deleted : user_pref("speedbitvideodownloader_installed_version", "3.0.6");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [13606 octets] - [30/10/2013 12:03:58]
AdwCleaner[R1].txt - [13667 octets] - [30/10/2013 18:50:59]
AdwCleaner[S0].txt - [13485 octets] - [30/10/2013 18:58:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13546 octets] ##########
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » October 30th, 2013, 8:06 pm

While in Adw Cleaner a dialogue box came up advising me on various ways to avoid unwanted toolbars etc. It advised that I could download "Hosts Anti PUP/adware through the Tools tab in Adw Cleaner. I did so but the download was all in French. I have tried to delete it but without success. It had mentioned that it would be easily removed if so desired. I have tried Windows uninstall and Revo Uninstaller and tried to delete directly from "Programs" but unsuccessfully. Can you help with the deletion?
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby melboy » October 31st, 2013, 6:18 pm

Hi

How is the computer running?


OTL

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, Notepad file will open.
    • OTL.txt <-- Will be opened
    • Please post the contents of this Notepad file in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » November 2nd, 2013, 12:55 am

Below is the OTL scan log. The only odd thing now with my computer is that the Speech Recognition program that comes with Windows cannot be removed from my desktop. Up to now I could remove it. Now I cannot find it in the start program list nor in the program files. I have not really had time to use the computer much, so I cannot say that it is speedier or not. After your last reply, I mistakenly thought that you were not going to do anything more. I apologize, as I had read that you wanted nothing done while you were investigating. Consequently, I did a Spybot scan and "cleaned" what was found. Do you want me to send the log of that scan or have I messed things up completely?

OTL logfile created on: 11/02/13 12:33:47 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wayne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: M/dd/yy

3.49 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 46.95% Memory free
7.19 Gb Paging File | 5.63 Gb Available in Paging File | 78.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.81 Gb Total Space | 89.88 Gb Free Space | 40.34% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.98 Gb Free Space | 39.84% Space Free | Partition Type: NTFS
Drive E: | 655.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WAYNE-PC | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/10/26 22:31:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe
PRC - [2013/10/04 20:05:42 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/09/25 10:09:31 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/08/12 10:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/29 14:32:09 | 001,221,384 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
PRC - [2013/07/29 14:32:06 | 000,259,376 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/07/15 17:50:00 | 000,685,936 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2013/06/05 02:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Wayne\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/23 11:33:16 | 034,220,352 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\DriverUpdate\DriverUpdate.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/12 13:19:38 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/02/13 05:02:50 | 000,196,624 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
PRC - [2012/07/24 20:26:54 | 000,040,960 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.exe
PRC - [2012/03/06 19:19:22 | 000,025,600 | ---- | M] (PackedBytes) -- C:\Program Files\Packed Bytes\Packed Chess Free\PackedChessFreeServer.exe
PRC - [2011/12/05 21:41:32 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/12/05 21:41:32 | 001,059,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/09/08 21:30:20 | 000,472,432 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/07/06 23:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/31 00:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 01:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/28 20:03:22 | 001,783,296 | ---- | M] (Juno, Inc.) -- C:\Program Files\Juno\exec.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/20 22:24:46 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Speech\Common\sapisvr.exe
PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 04:44:39 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/15 04:44:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:40:36 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/14 23:39:01 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/07/24 20:26:54 | 000,040,960 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.exe
MOD - [2012/07/24 20:26:54 | 000,034,304 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.dll
MOD - [2008/03/12 01:37:52 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Running] -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -- (rpcld)
SRV - [2013/10/09 11:56:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/25 10:09:31 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2013/09/23 16:21:47 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/12 10:12:38 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/07/29 14:32:09 | 001,221,384 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe -- (pdserv)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/12 13:19:38 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/02/13 05:02:50 | 000,196,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe -- (NitroReaderDriverReadSpool3)
SRV - [2012/03/06 19:19:22 | 000,025,600 | ---- | M] (PackedBytes) [Auto | Running] -- C:\Program Files\Packed Bytes\Packed Chess Free\PackedChessFreeServer.exe -- (PackedChessFreeServer)
SRV - [2011/12/05 21:41:32 | 004,426,384 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\stwrt.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2013/11/01 19:16:23 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67724CE7-503F-4295-A407-18088AD0CC6E}\MpKsld87168b7.sys -- (MpKsld87168b7)
DRV - [2013/11/01 19:07:44 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/06/18 22:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/03/14 15:36:22 | 000,016,648 | ---- | M] (XFire) [File_System | On_Demand | Stopped] -- C:\Program Files\Xfire2\XFDriver.sys -- (XFDriver)
DRV - [2012/07/27 01:07:10 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/07/27 01:06:35 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/12/14 20:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/08/10 16:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/08/30 04:26:34 | 000,257,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/03/08 11:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/03/08 18:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/09/22 07:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/03/13 07:41:12 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008/03/13 07:34:40 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/13 07:34:38 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/13 07:34:36 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/03/12 01:37:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/07/13 07:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DACA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Wayne\Desktop\Prisoner of Zelda
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&clie ... bd=5080813
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&clie ... bd=5080813
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B}: "URL" = http://search.juno.com/search?action=se ... box&query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: cleanprint%40formatdynamics.com:4.1.0
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:4.0.20130422
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://www.basicseek.com/?tmp=nemo_results_removelink&prt=bscsk50r1&keywords="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/14 19:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/10/04 20:06:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/23 16:21:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/23 16:21:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/23 16:21:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/23 16:21:01 | 000,000,000 | ---D | M]

[2013/06/23 16:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions
[2013/05/23 19:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\ezmd9tjr.default\extensions
[2013/10/30 19:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions
[2013/07/08 13:00:13 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/05/10 10:13:37 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/03/28 16:27:43 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\clickclean@hotcleaner.com
[2013/09/30 01:00:31 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\donottrackplus@abine.com
[2012/01/04 00:04:04 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\keyscrambler@qfx.software.corporation
[2013/10/30 19:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\staged
[2013/10/13 18:12:09 | 001,097,649 | ---- | M] () (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\2.0@disconnect.me.xpi
[2012/10/29 12:47:00 | 000,009,489 | ---- | M] () (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\cleanprint@formatdynamics.com.xpi
[2013/10/30 19:22:16 | 000,212,472 | ---- | M] () (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\info@priceblink.com.xpi
[2013/10/25 12:56:56 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2013/10/10 14:39:28 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\x0bzg93y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/23 16:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/23 16:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/23 16:21:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/29 12:34:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/19 03:54:30 | 000,371,904 | ---- | M] (Navionics) -- C:\Program Files\mozilla firefox\plugins\npNavIn.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/25 15:03:35 | 000,450,558 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15469 more lines...
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll (Juno, Inc.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Juno Toolbar Helper) - {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\Juno\UCReg.dll (Juno, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Wayne\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKCU..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe (Bitdefender)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clear Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\Juno\qsacc\appres.dll (Juno, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\Juno\qsacc\appres.dll (Juno, Inc.)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Reset Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: juno.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70161D38-6DF1-4D89-8138-BC825099A03E}: DhcpNameServer = 65.32.5.111 65.32.5.112 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75065DA0-02FA-40D3-9637-5711D6973863}: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75065DA0-02FA-40D3-9637-5711D6973863}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Seagull_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Seagull_1920x1200.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/06/20 11:53:20 | 003,895,296 | R--- | M] (Ubi Soft Entertainment) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/04/27 11:29:08 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0c050070-4f5e-11e1-9593-0021706d34b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c050070-4f5e-11e1-9593-0021706d34b6}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{f6437df3-88b2-11e1-bb3c-0021706d34b6}\Shell - "" = AutoRun
O33 - MountPoints2\{f6437df3-88b2-11e1-bb3c-0021706d34b6}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/30 19:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2013/10/30 12:03:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/28 07:59:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2013/10/26 22:31:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe
[2013/10/25 14:39:58 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Documents\ProcAlyzer Dumps
[2013/10/25 13:40:41 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Wayne\Desktop\dds.com
[2013/10/24 23:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/10/24 23:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/10/24 23:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/24 23:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/24 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2013/10/24 20:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2013/10/24 12:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013/10/24 12:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2013/10/19 23:22:32 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Local\WinZip
[2013/10/19 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/10/19 23:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/10/19 23:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/10/19 21:43:39 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Documents\Downloads
[2013/10/19 00:39:35 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0
[2013/10/19 00:39:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\ShellExtBridge
[2013/10/19 00:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Moo0
[2013/10/18 20:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
[2013/10/18 20:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\DiskCheckup
[2013/10/18 18:02:15 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Documents\People
[2013/10/18 12:43:04 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013/10/18 12:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013/10/18 12:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2013/10/17 16:01:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2013/10/17 15:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/10/17 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/10/17 15:25:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/10/14 17:35:17 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Local\fontconfig
[2013/10/14 17:33:39 | 000,000,000 | ---D | C] -- C:\Users\Wayne\.smplayer
[2013/10/14 17:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
[2013/10/14 17:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\SMPlayer
[2013/10/05 18:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TouchFreeze
[2013/10/05 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\TouchFreeze
[2013/09/19 16:07:29 | 006,046,632 | ---- | C] (Absolute Software Corp.) -- C:\Users\Wayne\AppData\Local\Setup.exe
[28 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/01 23:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/01 23:53:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/01 23:12:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/01 23:12:37 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013/11/01 19:14:00 | 000,650,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/01 19:14:00 | 000,128,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/01 19:09:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 19:09:01 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/01 19:07:58 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/11/01 19:07:44 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/01 19:07:38 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013/11/01 19:06:54 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/01 19:06:38 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/01 19:06:00 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013/11/01 13:07:38 | 019,959,808 | ---- | M] () -- C:\Users\Wayne\Documents\MYMONE_2011~9 Backup.mny
[2013/11/01 13:07:35 | 004,724,116 | R--- | M] () -- C:\Users\Wayne\Documents\June04-2008MYMONE~9 Backup_2013-11-01_130725.mbf
[2013/11/01 12:46:41 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/11/01 08:56:27 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2013/10/31 09:48:47 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2013/10/30 18:57:22 | 004,688,442 | R--- | M] () -- C:\Users\Wayne\Documents\June04-2008MYMONE~9 Backup_2013-10-30_185713.mbf
[2013/10/30 12:02:34 | 001,060,070 | ---- | M] () -- C:\Users\Wayne\Desktop\adwcleaner.exe
[2013/10/30 10:33:37 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/10/26 22:31:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe
[2013/10/26 21:31:37 | 000,267,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/25 21:37:06 | 005,003,342 | R--- | M] () -- C:\Users\Wayne\Documents\June04-2008MYMONE~9 Backup_2013-10-25_213657.mbf
[2013/10/25 18:14:18 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/25 15:03:35 | 000,450,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/25 13:40:44 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Wayne\Desktop\dds.com
[2013/10/24 23:43:15 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/21 15:41:02 | 000,572,922 | ---- | M] () -- C:\Users\Wayne\Desktop\Boat Show tickets.pdf
[2013/10/19 23:17:20 | 000,001,802 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/10/19 00:23:46 | 000,002,627 | ---- | M] () -- C:\Users\Wayne\Desktop\Microsoft Office Word 2007.lnk
[2013/10/18 12:41:25 | 000,667,344 | ---- | M] () -- C:\Users\Wayne\Desktop\mp3gain-win-1_2_5.exe
[2013/10/17 17:12:33 | 000,001,828 | ---- | M] () -- C:\Users\Wayne\Desktop\Microsoft Security Essentials.lnk
[2013/10/16 23:11:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2013/10/16 22:32:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2013/10/16 16:37:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/05 18:39:23 | 000,082,714 | ---- | M] () -- C:\Users\Wayne\Documents\British Airways Points.JPG
[2013/10/04 20:40:33 | 000,035,965 | ---- | M] () -- C:\Users\Wayne\Documents\Properties-General.JPG
[2013/10/04 20:37:56 | 000,037,723 | ---- | M] () -- C:\Users\Wayne\Documents\Properties-Resources.JPG
[2013/10/04 20:35:55 | 000,046,526 | ---- | M] () -- C:\Users\Wayne\Documents\Properties-Driver.JPG
[28 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/01 13:07:35 | 004,724,116 | R--- | C] () -- C:\Users\Wayne\Documents\June04-2008MYMONE~9 Backup_2013-11-01_130725.mbf
[2013/10/30 18:57:22 | 004,688,442 | R--- | C] () -- C:\Users\Wayne\Documents\June04-2008MYMONE~9 Backup_2013-10-30_185713.mbf
[2013/10/30 12:02:26 | 001,060,070 | ---- | C] () -- C:\Users\Wayne\Desktop\adwcleaner.exe
[2013/10/26 21:31:19 | 000,267,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/25 21:37:06 | 005,003,342 | R--- | C] () -- C:\Users\Wayne\Documents\June04-2008MYMONE~9 Backup_2013-10-25_213657.mbf
[2013/10/24 23:43:52 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/10/24 23:43:52 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/10/24 23:43:51 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/10/24 23:43:15 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/10/24 23:43:15 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/21 15:41:00 | 000,572,922 | ---- | C] () -- C:\Users\Wayne\Desktop\Boat Show tickets.pdf
[2013/10/19 23:17:17 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/10/18 12:41:03 | 000,667,344 | ---- | C] () -- C:\Users\Wayne\Desktop\mp3gain-win-1_2_5.exe
[2013/10/17 17:12:33 | 000,001,828 | ---- | C] () -- C:\Users\Wayne\Desktop\Microsoft Security Essentials.lnk
[2013/10/16 23:11:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2013/10/16 22:32:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2013/10/05 18:39:21 | 000,082,714 | ---- | C] () -- C:\Users\Wayne\Documents\British Airways Points.JPG
[2013/10/04 20:40:31 | 000,035,965 | ---- | C] () -- C:\Users\Wayne\Documents\Properties-General.JPG
[2013/10/04 20:37:54 | 000,037,723 | ---- | C] () -- C:\Users\Wayne\Documents\Properties-Resources.JPG
[2013/10/04 20:35:52 | 000,046,526 | ---- | C] () -- C:\Users\Wayne\Documents\Properties-Driver.JPG
[2013/08/01 08:33:33 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375360384.bdinstall.bin
[2013/08/01 08:01:27 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375358461.bdinstall.bin
[2013/08/01 07:31:11 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375356644.bdinstall.bin
[2013/08/01 07:00:55 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375354824.bdinstall.bin
[2013/08/01 06:30:32 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375353008.bdinstall.bin
[2013/08/01 06:00:18 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375351183.bdinstall.bin
[2013/08/01 05:29:53 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375349363.bdinstall.bin
[2013/08/01 04:59:33 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375347532.bdinstall.bin
[2013/08/01 04:29:02 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375345716.bdinstall.bin
[2013/08/01 03:58:38 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375343880.bdinstall.bin
[2013/08/01 03:28:09 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375342061.bdinstall.bin
[2013/08/01 02:57:48 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375340238.bdinstall.bin
[2013/08/01 02:27:26 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375338421.bdinstall.bin
[2013/08/01 01:57:08 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375336599.bdinstall.bin
[2013/08/01 01:26:48 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375334778.bdinstall.bin
[2013/08/01 00:56:27 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375332963.bdinstall.bin
[2013/08/01 00:26:12 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375331144.bdinstall.bin
[2013/07/31 23:55:54 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375329329.bdinstall.bin
[2013/07/31 23:25:39 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375327512.bdinstall.bin
[2013/07/31 22:55:21 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375325684.bdinstall.bin
[2013/07/31 22:24:53 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375323863.bdinstall.bin
[2013/07/31 21:54:33 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375322046.bdinstall.bin
[2013/07/31 21:24:14 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375320228.bdinstall.bin
[2013/07/31 20:53:57 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375318413.bdinstall.bin
[2013/07/31 20:23:42 | 000,053,892 | ---- | C] () -- C:\ProgramData\1375316598.bdinstall.bin
[2013/07/31 19:53:28 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375314782.bdinstall.bin
[2013/07/31 19:23:12 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375312968.bdinstall.bin
[2013/07/31 18:52:57 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375311131.bdinstall.bin
[2013/07/31 18:22:20 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375309315.bdinstall.bin
[2013/07/31 17:52:04 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375307500.bdinstall.bin
[2013/07/31 17:21:51 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375305685.bdinstall.bin
[2013/07/31 16:51:36 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375303865.bdinstall.bin
[2013/07/31 16:21:14 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375302050.bdinstall.bin
[2013/07/31 15:50:59 | 000,053,892 | ---- | C] () -- C:\ProgramData\1375300233.bdinstall.bin
[2013/07/31 15:20:43 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375298412.bdinstall.bin
[2013/07/31 14:50:22 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375296597.bdinstall.bin
[2013/07/31 14:20:07 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375294783.bdinstall.bin
[2013/07/31 13:49:54 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375292968.bdinstall.bin
[2013/07/31 13:19:44 | 000,054,051 | ---- | C] () -- C:\ProgramData\1375291149.bdinstall.bin
[2013/07/31 12:49:16 | 000,054,208 | ---- | C] () -- C:\ProgramData\1375289329.bdinstall.bin
[2013/07/31 00:23:41 | 000,053,899 | ---- | C] () -- C:\ProgramData\1375244579.bdinstall.bin
[2013/07/30 23:53:09 | 000,053,899 | ---- | C] () -- C:\ProgramData\1375242758.bdinstall.bin
[2013/07/30 23:22:45 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375240938.bdinstall.bin
[2013/07/30 22:52:28 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375239115.bdinstall.bin
[2013/07/30 22:22:07 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375237301.bdinstall.bin
[2013/07/30 21:51:52 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375235488.bdinstall.bin
[2013/07/30 21:21:39 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375233675.bdinstall.bin
[2013/07/30 20:51:26 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375231856.bdinstall.bin
[2013/07/30 20:21:06 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375230043.bdinstall.bin
[2013/07/30 19:50:53 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375228229.bdinstall.bin
[2013/07/30 19:20:43 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375226416.bdinstall.bin
[2013/07/30 18:50:29 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375224601.bdinstall.bin
[2013/07/30 18:20:13 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375222779.bdinstall.bin
[2013/07/30 17:49:49 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375220964.bdinstall.bin
[2013/07/30 17:19:35 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375219147.bdinstall.bin
[2013/07/30 16:49:19 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375217331.bdinstall.bin
[2013/07/30 16:19:02 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375215516.bdinstall.bin
[2013/07/30 15:48:47 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375213702.bdinstall.bin
[2013/07/30 15:18:33 | 000,053,893 | ---- | C] () -- C:\ProgramData\1375211889.bdinstall.bin
[2013/07/30 14:48:20 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375210070.bdinstall.bin
[2013/07/30 14:18:00 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375208254.bdinstall.bin
[2013/07/30 13:47:42 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375206434.bdinstall.bin
[2013/07/30 13:17:24 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375204608.bdinstall.bin
[2013/07/30 12:46:58 | 000,053,894 | ---- | C] () -- C:\ProgramData\1375202783.bdinstall.bin
[2013/07/30 12:16:35 | 000,054,051 | ---- | C] () -- C:\ProgramData\1375200969.bdinstall.bin
[2013/07/30 11:46:20 | 000,054,208 | ---- | C] () -- C:\ProgramData\1375199148.bdinstall.bin
[2013/07/29 23:14:57 | 000,053,899 | ---- | C] () -- C:\ProgramData\1375154069.bdinstall.bin
[2013/07/29 22:44:39 | 000,053,899 | ---- | C] () -- C:\ProgramData\1375152254.bdinstall.bin
[2013/07/29 22:14:24 | 000,053,899 | ---- | C] () -- C:\ProgramData\1375150435.bdinstall.bin
[2013/07/29 21:44:05 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375148620.bdinstall.bin
[2013/07/29 21:13:42 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375146785.bdinstall.bin
[2013/07/29 20:43:07 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375144963.bdinstall.bin
[2013/07/29 20:12:53 | 000,053,897 | ---- | C] () -- C:\ProgramData\1375143149.bdinstall.bin
[2013/07/29 19:42:39 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375141335.bdinstall.bin
[2013/07/29 19:12:24 | 000,053,899 | ---- | C] () -- C:\ProgramData\1375139518.bdinstall.bin
[2013/07/29 18:41:59 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375137695.bdinstall.bin
[2013/07/29 18:11:45 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375135875.bdinstall.bin
[2013/07/29 17:41:26 | 000,053,895 | ---- | C] () -- C:\ProgramData\1375134062.bdinstall.bin
[2013/07/29 17:11:11 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375132244.bdinstall.bin
[2013/07/29 16:40:51 | 000,053,897 | ---- | C] () -- C:\ProgramData\1375130424.bdinstall.bin
[2013/07/29 16:10:35 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375128611.bdinstall.bin
[2013/07/29 15:40:22 | 000,053,899 | ---- | C] () -- C:\ProgramData\1375126793.bdinstall.bin
[2013/07/29 15:10:04 | 000,053,897 | ---- | C] () -- C:\ProgramData\1375124978.bdinstall.bin
[2013/07/29 14:39:49 | 000,053,898 | ---- | C] () -- C:\ProgramData\1375123161.bdinstall.bin
[2013/07/29 14:09:32 | 000,054,052 | ---- | C] () -- C:\ProgramData\1375121341.bdinstall.bin
[2013/07/29 13:39:06 | 000,054,208 | ---- | C] () -- C:\ProgramData\1375119519.bdinstall.bin
[2013/07/26 13:03:11 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2013/07/08 12:46:16 | 000,103,832 | ---- | C] () -- C:\Users\Wayne\GoToAssistDownloadHelper.exe
[2013/06/27 19:41:54 | 000,052,610 | ---- | C] () -- C:\ProgramData\1372376475.bdinstall.bin
[2013/06/18 01:17:09 | 000,000,474 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/23 19:31:26 | 000,052,495 | ---- | C] () -- C:\ProgramData\1369351853.bdinstall.bin
[2013/05/16 15:57:42 | 000,047,976 | ---- | C] () -- C:\ProgramData\1368734245.bdinstall.bin
[2013/05/15 21:20:38 | 000,028,622 | ---- | C] () -- C:\ProgramData\1368667175.bdinstall.bin
[2013/05/14 16:29:31 | 000,017,587 | ---- | C] () -- C:\ProgramData\1368563364.bdinstall.bin
[2013/05/14 16:29:15 | 000,017,650 | ---- | C] () -- C:\ProgramData\1368563340.bdinstall.bin
[2013/05/14 16:24:41 | 000,047,656 | ---- | C] () -- C:\ProgramData\1368563009.bdinstall.bin
[2013/04/20 12:50:00 | 000,027,503 | ---- | C] () -- C:\Users\Wayne\AppData\Roaming\UserTile.png
[2012/12/28 17:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/12/11 13:07:59 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/10/31 20:08:01 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/10/31 11:22:24 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/10/31 11:22:24 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/10/31 11:22:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012/10/31 11:22:23 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/27 01:07:10 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012/07/27 01:06:35 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012/07/27 00:37:10 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/07/23 14:21:33 | 000,109,256 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/07/23 14:21:33 | 000,090,824 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/07/16 13:10:40 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/14 20:46:11 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/05/14 20:46:11 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/05/14 20:46:11 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/05/14 20:46:11 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/05/14 20:46:11 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/05/14 20:46:11 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/05/14 20:46:11 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/05/14 20:46:11 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/05/14 20:46:11 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/05/14 20:46:11 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/05/14 20:46:11 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/05/14 20:46:11 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/05/14 20:46:11 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/05/14 20:46:11 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/05/14 20:46:11 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/14 20:46:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/01/02 15:20:22 | 000,000,680 | ---- | C] () -- C:\Users\Wayne\AppData\Local\d3d9caps.dat
[2011/12/29 15:11:15 | 000,012,288 | ---- | C] () -- C:\Users\Wayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 18:55:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/28 18:55:18 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2011/12/28 18:54:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/28 18:54:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/28 18:21:31 | 000,001,834 | ---- | C] () -- C:\Users\Wayne\AppData\Roaming\install.dat
[2011/12/28 17:15:28 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011/12/28 17:13:58 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/02/20 01:56:38 | 000,001,538 | ---- | C] () -- C:\Users\Wayne\.recently-used.xbel

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/19 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Absolute Software
[2012/12/11 22:27:58 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\aignes
[2012/01/04 10:55:59 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\BOXEE
[2013/10/30 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\CheckPoint
[2012/02/15 22:51:16 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\CloneSpy
[2013/10/16 22:12:49 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Device Doctor
[2013/02/20 12:18:29 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Downloaded Installations
[2012/06/08 09:13:05 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Easy Duplicate Finder
[2012/05/27 11:59:53 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\EPSON
[2013/02/20 12:20:52 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\FileOpen
[2013/07/08 17:05:16 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Garmin
[2012/08/29 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Leadertech
[2013/02/22 14:56:18 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\MotionDSP
[2013/02/20 12:20:52 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Nitro
[2013/07/10 22:10:28 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Nitro PDF
[2013/02/09 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\OfficeRecovery
[2012/10/29 14:12:28 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\OpenDNS Updater
[2013/05/01 22:17:20 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Oracle
[2012/10/12 23:50:29 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Packed Chess Free
[2012/10/12 23:48:25 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\PackedBytes
[2013/09/29 20:32:50 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\PCDr
[2013/10/06 11:52:52 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\PrimoPDF
[2012/01/04 00:27:06 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\QFX Software
[2013/02/22 00:27:05 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\SmartDraw
[2012/12/11 12:52:46 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\SystemRequirementsLab
[2012/11/10 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:862BDB1A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:56E2E879

< End of report >
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby melboy » November 2nd, 2013, 7:11 am

I did a Spybot scan and "cleaned" what was found. Do you want me to send the log of that scan or have I messed things up completely?
Yes, please post that.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: scan found rootkit autoChk.exe:BAK:$DATA

Unread postby onewerld » November 2nd, 2013, 10:42 pm

Here is the log of the Spybot scan. Again I apologize.

Search results from Spybot - Search & Destroy

11/01/13 10:07:52 AM
Scan took 00:29:22.
33 items found.

Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Media Player: [SBI $E48560B4] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Office\12.0\Word\File MRU

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinZip: [SBI $1059E532] Number of times run (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Nico Mak Computing\WinZip\rrs\Opened

WinZip: [SBI $E95B93ED] Add files directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Nico Mak Computing\WinZip\directories\AddDir

WinZip: [SBI $9EC1EAC6] Add files directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Nico Mak Computing\WinZip\directories\gzAddDir

WinZip: [SBI $214A5C12] Destination directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2197121875-2235798609-2757172567-1000\Software\Nico Mak Computing\WinZip\directories\gzExtractTo

Cache: [SBI $49804B54] Browser: Cache (24) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)



--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-10-24 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-10-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-22 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-22 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-10-01 Includes\TrojansC-03.sbi (*)
2013-10-22 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)
onewerld
Regular Member
 
Posts: 16
Joined: October 25th, 2013, 11:38 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 73 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware