Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect errors plus other bugs I think


  • This topic is locked This topic is locked
5 replies to this topic

#1 sac2ia

sac2ia

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 06 June 2013 - 04:42 PM

Working on this computer, and it had the  pc virus 2013 malware on it. I think i removed it but I still have other issues, like when i click on a search link, it goes to another site, i then have to click back and then click on the link again and it will go. Please help!!!!



BC AdBot (Login to Remove)

 


#2 sac2ia

sac2ia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 06 June 2013 - 04:51 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.17.2
Run by Leonquad at 14:47:56 on 2013-06-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.862 [GMT -7:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\lxdwcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Users\Leonquad\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFUpdater.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Leonquad\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Leonquad\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={B45F1B81-C30B-11E2-924B-0030673F0150}
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={B45F1B81-C30B-11E2-924B-0030673F0150}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>
uURLSearchHooks: {bb45ef8e-1e36-4535-a017-ec908fb1e335} - <orphaned>
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - LocalServer32 - <no file>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - c:\program files\lesstabs\ie32\LessTabsClientIE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - c:\program files\brand affinity technologies\fantapper player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GetSavin 5.0: {A85ADCBD-9330-4B40-8BA9-02221154D1D5} - LocalServer32 - <no file>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Get Lyrics: {AF5B5C22-498A-4239-9A51-82BDD99C6A44} - c:\program files\getlyrics\getlrcs.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\leonquad\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
uRun: [NETGEARGenie] "c:\program files\netgear genie\bin\NETGEARGenie.exe" -mini -redirect
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [IsolatedStorage] rundll32 "c:\users\leonquad\appdata\local\{cabc5da8-626a-408b-90ee-2d60601e5139}\isolatedstorage\wpkkot.dll",DllRegisterServer
uRun: [SmileboxTray] "c:\users\leonquad\appdata\roaming\smilebox\SmileboxTray.exe"
uRun: [Driver Manager] c:\program files\driver manager\driver manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
StartupFolder: c:\users\leonquad\appdata\roaming\micros~1\windows\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\users\leonquad\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\leonquad\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\leonquad\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\users\leonquad\appdata\roaming\micros~1\windows\startm~1\programs\startup\nassch~1.lnk - c:\program files\buffalo\nasnavi\nassche.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download Link Using Mega Manager... - \\Leon-pc\n\Megaupload\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2349F2A8-E9B5-407F-A798-B7F3A5ED64EC} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: linkscanner - <Clsid value has no data>
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leonquad\appdata\roaming\mozilla\firefox\profiles\7laojnbu.default-1369862611009\
FF - plugin: c:\progra~1\mif5ba~1\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\leonquad\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\leonquad\appdata\local\roblox\versions\version-6ca07d14e2274822\NPRobloxProxy.dll
FF - plugin: c:\users\leonquad\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\leonquad\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\leonquad\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-05-17 13:21; lesstabs@lesstabs.com; c:\program files\mozilla firefox\extensions\lesstabs@lesstabs.com
FF - ExtSQL: 2013-05-17 20:59; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - ExtSQL: 2013-05-17 21:13; GetLyrcis@levaddons.com; c:\program files\getlyrics\FF
FF - ExtSQL: 2013-06-04 20:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\leonquad\appdata\roaming\mozilla\firefox\profiles\7laojnbu.default-1369862611009\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2012-11-02 12:54; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-9-25 16064]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-2-20 15672]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-2-26 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-2-14 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 37664]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-2 574272]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-2-19 282624]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-5-27 32808]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-4-20 238952]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2013-2-20 821592]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-3 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-3 701512]
R2 NasPmService;NAS PM Service;c:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 --> c:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=297 -dto=3 -dluc=0 -dmin=1 -dmax=2 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=292 -pmin=1 -pmax=2 -pflc=0 [?]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-9-24 195400]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-9-25 224960]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\tablet\wacom\WTabletServicePro.exe [2013-4-29 522040]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2013-2-20 20336]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-4-20 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-3 22856]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2013-2-20 30640]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2013-2-20 19832]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2013-2-19 1418184]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-2-27 4937264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-3-18 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-3-18 8456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-13 49088]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 FTSvc;Fantapper Player Update Service;c:\program files\brand affinity technologies\fantapper updater\FantapperUpdater.exe [2013-1-23 16896]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2013-4-12 137488]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-4-29 12272]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-3 40776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-2 14848]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-9-23 1074720]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-9-23 1358360]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-9-23 166528]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-4-21 12984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-2 49664]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-4-29 70640]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-4-29 13296]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-19 1343400]
.
=============== Created Last 30 ================
.
2013-06-03 23:29:18    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-03 23:29:18    --------    d-----w-    c:\users\leonquad\appdata\roaming\Malwarebytes
2013-06-03 23:29:13    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-03 23:29:12    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-03 23:29:12    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-03 23:24:16    421    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-05-31 03:52:38    --------    d-----w-    c:\programdata\MAGIX
2013-05-31 03:48:53    --------    d-----w-    c:\users\leonquad\appdata\roaming\MAGIX
2013-05-31 03:48:28    --------    d-----w-    c:\program files\MyPC Backup
2013-05-29 21:03:22    693648    ----a-w-    c:\program files\gtUninstall GamingWonderland.dll
2013-05-29 21:03:22    174024    ----a-w-    c:\program files\gtres.dll
2013-05-29 21:00:43    168344    ----a-w-    c:\program files\4wres.dll
2013-05-29 20:59:27    172456    ----a-w-    c:\program files\64res.dll
2013-05-29 20:54:27    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-27 22:21:23    --------    d-----w-    c:\program files\Uninstaller
2013-05-27 22:18:23    --------    d-----w-    c:\users\leonquad\appdata\local\Programs
2013-05-27 22:18:13    --------    d-----w-    c:\users\leonquad\appdata\local\DownloadTerms
2013-05-25 18:37:55    --------    d-----w-    c:\users\leonquad\appdata\roaming\RealNetworks
2013-05-22 18:16:51    --------    d-----w-    c:\users\leonquad\appdata\local\Smilebox
2013-05-22 18:16:12    --------    d-----w-    c:\users\leonquad\appdata\roaming\Smilebox
2013-05-18 04:13:45    --------    d-----w-    c:\program files\Free Download Manager
2013-05-18 04:13:12    --------    d-----w-    c:\program files\GetLyrics
2013-05-18 04:05:00    --------    d-----w-    c:\program files\xVidly
2013-05-18 04:04:02    --------    d-----w-    c:\users\leonquad\appdata\local\DDMSettings
2013-05-18 03:57:45    --------    d-----w-    c:\program files\common files\DivX Shared
2013-05-18 03:56:36    --------    d-----w-    c:\program files\DivX
2013-05-18 03:55:48    --------    d-----w-    c:\programdata\DivX
2013-05-17 20:24:52    --------    d-----w-    c:\users\leonquad\appdata\roaming\player
2013-05-17 20:24:52    --------    d-----w-    c:\program files\Tuguu SL
2013-05-17 20:21:23    --------    d-----w-    c:\program files\LessTabs
2013-05-15 13:25:41    40960    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-15 13:25:41    186368    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-15 13:25:40    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-15 13:25:34    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 13:25:34    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 13:25:27    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 13:25:27    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 13:25:27    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-13 15:01:30    --------    d-----w-    C:\SearchProtect
2013-05-11 01:11:02    446464    ----a-w-    c:\windows\system32\HHActiveX.dll
2013-05-11 01:11:01    --------    d-----w-    c:\program files\Manual
2013-05-10 07:57:26    187456    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-05-10 07:57:26    187456    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-08 03:03:52    --------    d-----w-    c:\program files\Tango
2013-05-08 03:03:44    --------    d-----w-    c:\users\leonquad\appdata\local\tango
.
==================== Find3M  ====================
.
2013-05-20 21:37:01    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-05-15 15:58:09    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 15:58:09    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-18 03:20:58    23872    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2013-04-13 04:45:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 15:44:27    444952    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-04-12 15:44:27    109080    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-04-12 13:45:29    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-05 13:30:30    12984    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-04-05 05:28:24    1767424    ----a-w-    c:\windows\system32\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-04-02 14:09:52    4550656    ----a-w-    c:\windows\system32\GPhotos.scr
2013-03-26 18:25:51    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-26 18:25:51    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-26 18:25:51    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-23 01:09:28    354656    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-19 05:04:13    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16    69632    ----a-w-    c:\windows\system32\smss.exe
2013-03-15 05:46:27    892704    ----a-w-    c:\windows\system32\nvdispgenco3231422.dll
2013-03-15 05:46:27    13088000    ----a-w-    c:\windows\system32\nvwgf2um.dll
2013-03-15 05:46:27    1012512    ----a-w-    c:\windows\system32\nvdispco3231422.dll
.
============= FINISH: 14:48:48.84 ===============
 

 

Attached Files



#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:45 PM

Posted 07 June 2013 - 06:36 PM

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 sac2ia

sac2ia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 09 June 2013 - 02:43 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013
Ran by Leonquad (administrator) on 09-06-2013 00:40:33
Running from C:\Users\Leonquad\Downloads
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Teruten) C:\Windows\system32\FsUsbExService.Exe
( ) C:\Windows\system32\lxdwcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(IObit) C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
() C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ooVoo LLC) C:\Program Files\ooVoo\ooVoo.exe
(Smilebox, Inc.) C:\Users\Leonquad\AppData\Roaming\Smilebox\SmileboxTray.exe
(PC Drivers Headquarters) C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
(Dropbox, Inc.) C:\Users\Leonquad\AppData\Roaming\Dropbox\bin\Dropbox.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\NASNAVI\nassche.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Google) C:\Users\Leonquad\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM\...\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart [4474832 2012-12-25] (IObit)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [61440 2008-01-21] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [Google Update] "C:\Users\Leonquad\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-23] (Google Inc.)
HKCU\...\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [491840 2013-04-18] (IObit)
HKCU\...\Run: [NETGEARGenie] "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect [1041736 2012-10-16] ()
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18706176 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized [34929728 2013-05-01] (ooVoo LLC)
HKCU\...\Run: [IsolatedStorage] rundll32 "C:\Users\Leonquad\AppData\Local\{CABC5DA8-626A-408B-90EE-2D60601E5139}\IsolatedStorage\wpkkot.dll",DllRegisterServer [534016 2013-05-30] (Autodesk, Inc.)
HKCU\...\Run: [SmileboxTray] "C:\Users\Leonquad\AppData\Roaming\Smilebox\SmileboxTray.exe" [305448 2013-05-24] (Smilebox, Inc.)
HKCU\...\Run: [Driver Manager] C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false [3544440 2013-02-26] (PC Drivers Headquarters)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: N - N:\LaunchU3.exe
MountPoints2: {de8b020e-ce8d-11e1-9136-0030673f0150} - N:\LaunchU3.exe
Startup: C:\Users\Leonquad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\Leonquad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Leonquad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Leonquad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={B45F1B81-C30B-11E2-924B-0030673F0150}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={B45F1B81-C30B-11E2-924B-0030673F0150}
URLSearchHook: (No Name) - {e9df9360-97f8-4690-afe6-996c80790da4} -  No File
URLSearchHook: (No Name) - {bb45ef8e-1e36-4535-a017-ec908fb1e335} -  No File
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (Brand Affinity Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: GetSavin 5.0 - {A85ADCBD-9330-4B40-8BA9-02221154D1D5} -  No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Get Lyrics - {AF5B5C22-498A-4239-9A51-82BDD99C6A44} - C:\Program Files\GetLyrics\getlrcs.dll (LEV Addons)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL (IObit)
BHO: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MIF5BA~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU -No Name - {E9DF9360-97F8-4690-AFE6-996C80790DA4} -  No File
Toolbar: HKCU -Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKCU -No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} -  No File
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Leonquad\AppData\Roaming\Mozilla\Firefox\Profiles\7laojnbu.default-1369862611009
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TopArcadeHits - C:\Users\Leonquad\AppData\Roaming\Mozilla\Firefox\Profiles\7laojnbu.default-1369862611009\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
FF Extension: No Name - C:\Users\Leonquad\AppData\Roaming\Mozilla\Firefox\Profiles\7laojnbu.default-1369862611009\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR Extension: (Oovoo Toolbar) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.6.42519_0
CHR Extension: (LessTabs) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.1.0_0
CHR Extension: (Online HD TV) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih\1.2_0
CHR Extension: () - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Skype Click to Call) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0
CHR Extension: (Get Lyrics) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\meppmgfehplfblhnjfikekckcngogbai\1.111_0
CHR Extension: (Amazing Coupons) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0
CHR Extension: (FBPHOTOZOOM) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Fantapper) - C:\Users\Leonquad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\2.0.7_0

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1418184 2013-02-19] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [151656 2012-03-30] (Microsoft Corp.)
S3 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [16896 2013-01-23] (Brand Affinity Technologies)
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [137488 2012-12-17] (Futuremark Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
R2 lxdw_device; C:\Windows\system32\lxdwcoms.exe [594600 2009-10-16] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NasPmService; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [251760 2012-03-18] (BUFFALO INC.)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195400 2012-09-24] (NETGEAR)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [224960 2012-09-25] ()
S3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1074720 2012-08-30] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1358360 2012-08-30] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-03-22] (Safer-Networking Ltd.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [522040 2013-02-08] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-02-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-02-14] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-20] (AVG Technologies)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] ()
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [20336 2012-01-05] (IObit)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [12272 2012-12-19] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-06-03] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2012-11-11] (CACE Technologies, Inc.)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16064 2012-09-25] (Macrium Software)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [30640 2012-07-05] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2013-04-05] ()
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [19832 2012-07-05] (IObit.com)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [70640 2012-12-19] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)
S3 cpuz136; No ImagePath
S3 Maplom; No ImagePath
S3 MaplomL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-09 00:40 - 2013-06-09 00:40 - 01358673 ____A (Farbar) C:\Users\Leonquad\Downloads\FRST.exe
2013-06-09 00:40 - 2013-06-09 00:40 - 00000000 ____D C:\FRST
2013-06-08 18:51 - 2013-06-08 18:51 - 00003940 ____A C:\Windows\PFRO.log
2013-06-08 18:51 - 2013-06-08 18:51 - 00000056 ____A C:\Windows\setupact.log
2013-06-08 18:51 - 2013-06-08 18:51 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 15:54 - 2013-06-08 15:54 - 00221092 ___AH C:\Windows\System32\mlfcache.dat
2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\ProgramData\Trymedia
2013-06-06 20:49 - 2013-06-06 20:49 - 00149322 ____A C:\Users\Leonquad\Documents\cc_20130606_204953.reg
2013-06-06 20:45 - 2013-06-06 20:45 - 04378864 ____A (Piriform Ltd) C:\Users\Leonquad\Downloads\ccsetup402.exe
2013-06-06 20:45 - 2013-06-06 20:45 - 00001004 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-06 20:45 - 2013-06-06 20:45 - 00000000 ____D C:\Program Files\CCleaner
2013-06-06 20:41 - 2013-06-06 20:48 - 28434792 ____A C:\Users\Leonquad\Downloads\The_Great_Gatsby_2013_TS_XviD_MP3_MiLLEMNiUM.avi.part
2013-06-06 20:41 - 2013-06-06 20:41 - 00000000 ____A C:\Users\Leonquad\Downloads\The_Great_Gatsby_2013_TS_XviD_MP3_MiLLEMNiUM.avi
2013-06-06 16:07 - 2013-06-06 16:40 - 00020670 ____A C:\Users\Leonquad\Desktop\JRT.txt
2013-06-06 16:00 - 2013-06-06 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-06 15:59 - 2013-06-06 15:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Leonquad\Downloads\JRT.exe
2013-06-06 15:59 - 2013-06-06 15:59 - 00000000 ____D C:\JRT
2013-06-06 14:51 - 2013-06-06 14:51 - 00005115 ____A C:\Users\Leonquad\Desktop\attach.zip
2013-06-06 14:49 - 2013-06-06 14:49 - 00028458 ____A C:\Users\Leonquad\Desktop\dds.txt
2013-06-06 14:49 - 2013-06-06 14:49 - 00015574 ____A C:\Users\Leonquad\Desktop\attach.txt
2013-06-06 14:47 - 2013-06-06 14:47 - 00688992 ____R (Swearware) C:\Users\Leonquad\Downloads\dds.com
2013-06-04 20:20 - 2013-06-04 20:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Leonquad\Downloads\tdsskiller.exe
2013-06-03 16:29 - 2013-06-03 16:30 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-03 16:29 - 2013-06-03 16:29 - 00001106 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-03 16:29 - 2013-06-03 16:29 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\Malwarebytes
2013-06-03 16:29 - 2013-06-03 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-03 16:29 - 2013-06-03 16:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-03 16:29 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-03 16:24 - 2013-06-03 16:24 - 00026771 ____A C:\AdwCleaner[S1].txt
2013-06-03 16:24 - 2013-06-03 16:24 - 00000421 ____A C:\Windows\DeleteOnReboot.bat
2013-06-03 16:23 - 2013-06-03 16:23 - 00632031 ____A C:\Users\Leonquad\Desktop\AdwCleaner.exe
2013-06-03 16:22 - 2013-06-03 16:28 - 00003220 ____A C:\Users\Leonquad\Desktop\Rkill.txt
2013-06-03 16:21 - 2013-06-03 16:21 - 10284816 ____A (Malwarebytes Corporation                                    ) C:\Users\Leonquad\Desktop\mbam-setup.exe
2013-06-03 16:20 - 2013-06-03 16:20 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Leonquad\Desktop\rkill.exe
2013-06-01 10:12 - 2013-06-01 10:12 - 00000798 ____A C:\Users\Leonquad\Desktop\Internet Security Pro.lnk
2013-05-31 11:26 - 2013-06-08 18:52 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-31 07:56 - 2013-05-31 08:20 - 258852047 ____A C:\Users\Leonquad\Desktop\graduation.wmv
2013-05-31 05:11 - 2013-05-31 05:11 - 00138963 ____A C:\Users\Leonquad\Downloads\Attachments_2013531(1).zip
2013-05-31 05:07 - 2013-05-31 05:12 - 00000000 ____D C:\Users\Leonquad\Desktop\ben and sara
2013-05-31 05:06 - 2013-05-31 05:06 - 06631378 ____A C:\Users\Leonquad\Downloads\Attachments_2013531.zip
2013-05-31 04:45 - 2013-05-31 06:05 - 00000000 ____D C:\Users\Leonquad\Desktop\mrsgross
2013-05-30 23:36 - 2013-05-30 23:48 - 36642726 ____A C:\Users\Leonquad\Desktop\Pictures_Video.avi
2013-05-30 22:28 - 2013-05-30 22:30 - 14934041 ____A C:\Users\Leonquad\Desktop\test ss.wmv
2013-05-30 20:53 - 2013-05-30 20:53 - 00000000 ____D C:\Users\Leonquad\Documents\MAGIX
2013-05-30 20:52 - 2013-05-30 22:12 - 00000000 ____D C:\ProgramData\MAGIX
2013-05-30 20:48 - 2013-06-06 14:53 - 00000000 ____D C:\Program Files\MyPC Backup
2013-05-30 20:48 - 2013-05-30 22:12 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\MAGIX
2013-05-30 20:48 - 2013-05-30 20:48 - 03832032 ____A (MAGIX AG) C:\Users\Leonquad\Downloads\slideshow_maker_2_4mb.exe
2013-05-30 19:38 - 2013-05-30 19:38 - 05271552 ____A C:\Users\Leonquad\Downloads\Pstory.msi
2013-05-30 19:38 - 2013-05-30 19:38 - 00584600 ____A C:\Users\Leonquad\Downloads\cbsidlm-tr1_13-Magix_Slideshow_Maker-SEO-10907281-1.exe
2013-05-30 19:37 - 2013-05-30 19:37 - 06167552 ____A (VisionGem Co., Ltd.                                         ) C:\Users\Leonquad\Downloads\FreeSlideshowMaker.exe
2013-05-30 19:36 - 2013-05-30 19:36 - 00822608 ____A (Smilebox, Inc.) C:\Users\Leonquad\Downloads\SmileboxInstaller-1.exe
2013-05-30 19:36 - 2013-05-30 19:36 - 00584600 ____A C:\Users\Leonquad\Downloads\cbsidlm-tr1_13-Magix_Slideshow_Maker-SEO-10907281.exe
2013-05-29 22:15 - 2013-05-29 22:15 - 00116824 ____A C:\Users\Leonquad\Desktop\Wondershare DVD Slideshow Builder For Win & Mac - Mac Slideshow Software to Create FANTASTIC Slideshow.htm
2013-05-29 22:15 - 2013-05-29 22:15 - 00000000 ____D C:\Users\Leonquad\Desktop\Wondershare DVD Slideshow Builder For Win & Mac - Mac Slideshow Software to Create FANTASTIC Slideshow_files
2013-05-29 15:23 - 2013-05-29 15:23 - 00000000 ____A C:\asc_rdflag
2013-05-29 14:23 - 2013-05-29 14:24 - 00000000 ____D C:\Users\Leonquad\Desktop\Old Firefox Data
2013-05-29 14:03 - 2012-06-05 01:28 - 00693648 ____A (MindSpark) C:\Program Files\gtUninstall GamingWonderland.dll
2013-05-29 14:03 - 2012-06-05 01:28 - 00174024 ____A () C:\Program Files\gtres.dll
2013-05-29 14:00 - 2012-06-01 18:00 - 00168344 ____A () C:\Program Files\4wres.dll
2013-05-29 13:59 - 2012-08-05 11:55 - 00172456 ____A () C:\Program Files\64res.dll
2013-05-27 15:18 - 2013-06-08 18:52 - 00000374 ____A C:\Windows\Tasks\Sing Along Update.job
2013-05-26 12:01 - 2013-05-26 12:01 - 00001253 ____A C:\Users\Leonquad\Desktop\Skype.lnk
2013-05-25 11:37 - 2013-05-25 11:37 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\RealNetworks
2013-05-25 11:35 - 2013-05-30 23:50 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\DivX
2013-05-24 04:26 - 2013-05-24 04:26 - 00000020 __ASH C:\Users\TEMP.Leonquad-PC\ntuser.ini
2013-05-24 04:26 - 2013-05-24 04:26 - 00000000 ____D C:\users\TEMP.Leonquad-PC
2013-05-24 04:26 - 2013-03-16 21:42 - 00000000 ____D C:\Users\TEMP.Leonquad-PC\AppData\Roaming\IObit
2013-05-24 04:26 - 2012-10-13 14:56 - 00000000 ____D C:\Users\TEMP.Leonquad-PC\AppData\Roaming\TuneUp Software
2013-05-24 04:26 - 2012-09-23 11:43 - 00000000 ____D C:\Users\TEMP.Leonquad-PC\AppData\LocalGoogle
2013-05-24 04:26 - 2012-09-23 11:43 - 00000000 ____D C:\Users\TEMP.Leonquad-PC\AppData\Local\Google
2013-05-22 11:16 - 2013-06-06 13:31 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\Smilebox
2013-05-22 11:16 - 2013-05-22 11:28 - 00000000 ____D C:\Users\Leonquad\AppData\Local\Smilebox
2013-05-22 11:16 - 2013-05-22 11:16 - 00001884 ____A C:\Users\Leonquad\Desktop\Smilebox.lnk
2013-05-22 11:16 - 2013-05-22 11:16 - 00000000 ____D C:\Users\Leonquad\Documents\My Smilebox Creations
2013-05-17 21:14 - 2013-05-17 21:14 - 00001034 ____A C:\Users\Leonquad\Desktop\xVidly.lnk
2013-05-17 21:13 - 2013-06-08 20:55 - 00000368 ____A C:\Windows\Tasks\Get Lyrics Update.job
2013-05-17 21:13 - 2013-05-17 21:14 - 00000000 ____D C:\Program Files\Free Download Manager
2013-05-17 21:13 - 2013-05-17 21:13 - 00000000 ____D C:\Program Files\GetLyrics
2013-05-17 21:11 - 2013-05-17 21:12 - 00143552 ____A (Jottix) C:\Users\Leonquad\Downloads\xvidly_setup(2).exe
2013-05-17 21:05 - 2013-05-17 21:14 - 00000000 ____D C:\Program Files\xVidly
2013-05-17 21:04 - 2013-05-17 21:04 - 00143552 ____A (Jottix) C:\Users\Leonquad\Downloads\xvidly_setup(1).exe
2013-05-17 21:04 - 2013-05-17 21:04 - 00000000 ____D C:\Users\Leonquad\AppData\Local\DDMSettings
2013-05-17 21:03 - 2013-05-17 21:04 - 00143560 ____A (Jottix) C:\Users\Leonquad\Downloads\xvidly_setup.exe
2013-05-17 20:59 - 2013-05-17 20:59 - 00001591 ____A C:\Users\Leonquad\Desktop\DivX Movies.lnk
2013-05-17 20:58 - 2013-05-17 20:58 - 00001161 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-05-17 20:58 - 2013-05-17 20:58 - 00001121 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-05-17 20:57 - 2013-05-17 20:58 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-05-17 20:56 - 2013-05-17 20:59 - 00000000 ____D C:\Program Files\DivX
2013-05-17 20:55 - 2013-05-17 20:59 - 00000000 ____D C:\ProgramData\DivX
2013-05-17 20:55 - 2013-05-17 20:55 - 00955712 ____A (DivX, LLC) C:\Users\Leonquad\Downloads\DivXInstaller.exe
2013-05-17 13:24 - 2013-05-17 13:24 - 00002587 ____A C:\Users\Public\Desktop\VAFPlayer.lnk
2013-05-17 13:24 - 2013-05-17 13:24 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\player
2013-05-17 13:24 - 2013-05-17 13:24 - 00000000 ____D C:\Program Files\Tuguu SL
2013-05-17 13:21 - 2013-05-17 13:21 - 00000000 ____D C:\Program Files\LessTabs
2013-05-15 22:22 - 2013-04-04 22:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 22:22 - 2013-04-04 22:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 22:22 - 2013-04-04 22:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 22:22 - 2013-04-04 22:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 22:22 - 2013-04-04 22:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 22:22 - 2013-04-04 21:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 22:22 - 2013-04-04 20:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 08:07 - 2013-05-15 08:07 - 00141753 ____A C:\Users\Leonquad\Downloads\Attachments_2013515(3).zip
2013-05-15 08:07 - 2013-05-15 08:07 - 00131568 ____A C:\Users\Leonquad\Downloads\Attachments_2013515(2).zip
2013-05-15 08:07 - 2013-05-15 08:07 - 00126485 ____A C:\Users\Leonquad\Downloads\Attachments_2013515(4).zip
2013-05-15 08:06 - 2013-05-15 08:06 - 00148666 ____A C:\Users\Leonquad\Downloads\Attachments_2013515(1).zip
2013-05-15 08:06 - 2013-05-15 08:06 - 00109706 ____A C:\Users\Leonquad\Downloads\Attachments_2013515.zip
2013-05-15 06:25 - 2013-04-09 22:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 06:25 - 2013-04-09 22:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 06:25 - 2013-04-09 20:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 06:25 - 2013-03-18 21:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 06:25 - 2013-03-18 20:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 06:25 - 2013-02-26 22:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 06:25 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 06:25 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 06:25 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 06:25 - 2013-02-26 21:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 10:13 - 2013-05-14 10:13 - 00001361 ____A C:\Users\Leonquad\Desktop\6th grade grad - Shortcut.lnk
2013-05-14 09:27 - 2013-06-05 13:08 - 00000000 ____D C:\Users\Leonquad\Documents\Fax
2013-05-13 08:01 - 2013-05-13 08:01 - 00000000 ____D C:\SearchProtect
2013-05-11 07:22 - 2013-05-11 07:23 - 06226944 ____A C:\Users\Leonquad\Downloads\NBK001878_2K_Intel_855_Graphics_6-14-10-3792-1.exe
2013-05-11 07:22 - 2013-05-11 07:23 - 06226944 ____A C:\Users\Leonquad\Downloads\NBK001878_2K_Intel_855_Graphics_6-14-10-3792.exe
2013-05-11 07:21 - 2013-05-11 07:23 - 18470912 ____A C:\Users\Leonquad\Downloads\NBK001878_XP_Audio_6-14-01-4060.exe
2013-05-11 07:21 - 2013-05-11 07:22 - 06226944 ____A C:\Users\Leonquad\Downloads\NBK001921_XP_Intel_855_Graphics_6-14-10-3792.exe
2013-05-10 18:11 - 2013-05-10 18:11 - 00000960 ____A C:\Users\Public\Desktop\TransPort T1200 Technical Reference Manual .lnk
2013-05-10 18:11 - 2013-05-10 18:11 - 00000000 ____D C:\Program Files\Manual
2013-05-10 18:11 - 2001-11-07 09:07 - 00446464 ____A (eHelp Corporation.) C:\Windows\System32\HHActiveX.dll

==================== One Month Modified Files and Folders ========

2013-06-09 00:40 - 2013-06-09 00:40 - 01358673 ____A (Farbar) C:\Users\Leonquad\Downloads\FRST.exe
2013-06-09 00:40 - 2013-06-09 00:40 - 00000000 ____D C:\FRST
2013-06-09 00:38 - 2012-05-23 23:19 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1790185714-537825761-1053373388-1000UA.job
2013-06-09 00:32 - 2012-10-24 16:16 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790185714-537825761-1053373388-1000UA.job
2013-06-08 23:58 - 2012-03-17 21:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-08 23:46 - 2012-05-29 15:16 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-08 21:32 - 2012-10-24 16:16 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1790185714-537825761-1053373388-1000Core.job
2013-06-08 20:55 - 2013-05-17 21:13 - 00000368 ____A C:\Windows\Tasks\Get Lyrics Update.job
2013-06-08 20:00 - 2012-05-12 15:30 - 00000382 ____A C:\Windows\Tasks\At4.job
2013-06-08 20:00 - 2012-05-12 15:30 - 00000382 ____A C:\Windows\Tasks\At3.job
2013-06-08 20:00 - 2012-05-12 15:30 - 00000382 ____A C:\Windows\Tasks\At2.job
2013-06-08 20:00 - 2012-05-12 15:29 - 00000382 ____A C:\Windows\Tasks\At1.job
2013-06-08 19:14 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-08 18:59 - 2009-07-13 21:34 - 00019040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-08 18:59 - 2009-07-13 21:34 - 00019040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-08 18:55 - 2012-03-17 15:44 - 01880203 ____A C:\Windows\WindowsUpdate.log
2013-06-08 18:53 - 2012-03-17 21:34 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\Dropbox
2013-06-08 18:52 - 2013-05-31 11:26 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-08 18:52 - 2013-05-27 15:18 - 00000374 ____A C:\Windows\Tasks\Sing Along Update.job
2013-06-08 18:52 - 2012-11-11 00:52 - 00000000 ____D C:\Users\Leonquad\AppData\Local\NETGEARGenie
2013-06-08 18:52 - 2012-05-29 15:16 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-08 18:52 - 2012-03-17 21:43 - 00000000 ___RD C:\Users\Leonquad\Dropbox
2013-06-08 18:51 - 2013-06-08 18:51 - 00003940 ____A C:\Windows\PFRO.log
2013-06-08 18:51 - 2013-06-08 18:51 - 00000056 ____A C:\Windows\setupact.log
2013-06-08 18:51 - 2013-06-08 18:51 - 00000000 ____A C:\Windows\setuperr.log
2013-06-08 18:51 - 2012-03-17 15:57 - 00797086 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-08 18:51 - 2009-07-13 21:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-08 18:43 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-08 17:09 - 2012-03-17 21:11 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\Skype
2013-06-08 15:54 - 2013-06-08 15:54 - 00221092 ___AH C:\Windows\System32\mlfcache.dat
2013-06-08 15:38 - 2012-05-23 23:19 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1790185714-537825761-1053373388-1000Core.job
2013-06-08 15:10 - 2013-06-08 15:10 - 00000000 ____D C:\ProgramData\Trymedia
2013-06-08 13:00 - 2012-03-22 15:26 - 00000000 ____D C:\Users\Leonquad\AppData\Local\Windows Live
2013-06-08 09:06 - 2012-03-18 10:45 - 00000000 ____D C:\ProgramData\MFAData
2013-06-08 01:33 - 2012-03-17 21:29 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\Mozilla
2013-06-06 20:49 - 2013-06-06 20:49 - 00149322 ____A C:\Users\Leonquad\Documents\cc_20130606_204953.reg
2013-06-06 20:48 - 2013-06-06 20:41 - 28434792 ____A C:\Users\Leonquad\Downloads\The_Great_Gatsby_2013_TS_XviD_MP3_MiLLEMNiUM.avi.part
2013-06-06 20:48 - 2012-03-17 16:39 - 00000000 ____D C:\Windows\Panther
2013-06-06 20:45 - 2013-06-06 20:45 - 04378864 ____A (Piriform Ltd) C:\Users\Leonquad\Downloads\ccsetup402.exe
2013-06-06 20:45 - 2013-06-06 20:45 - 00001004 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-06 20:45 - 2013-06-06 20:45 - 00000000 ____D C:\Program Files\CCleaner
2013-06-06 20:41 - 2013-06-06 20:41 - 00000000 ____A C:\Users\Leonquad\Downloads\The_Great_Gatsby_2013_TS_XviD_MP3_MiLLEMNiUM.avi
2013-06-06 16:40 - 2013-06-06 16:07 - 00020670 ____A C:\Users\Leonquad\Desktop\JRT.txt
2013-06-06 16:00 - 2013-06-06 16:00 - 00000000 ____D C:\Windows\ERUNT
2013-06-06 15:59 - 2013-06-06 15:59 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Leonquad\Downloads\JRT.exe
2013-06-06 15:59 - 2013-06-06 15:59 - 00000000 ____D C:\JRT
2013-06-06 14:53 - 2013-05-30 20:48 - 00000000 ____D C:\Program Files\MyPC Backup
2013-06-06 14:51 - 2013-06-06 14:51 - 00005115 ____A C:\Users\Leonquad\Desktop\attach.zip
2013-06-06 14:49 - 2013-06-06 14:49 - 00028458 ____A C:\Users\Leonquad\Desktop\dds.txt
2013-06-06 14:49 - 2013-06-06 14:49 - 00015574 ____A C:\Users\Leonquad\Desktop\attach.txt
2013-06-06 14:47 - 2013-06-06 14:47 - 00688992 ____R (Swearware) C:\Users\Leonquad\Downloads\dds.com
2013-06-06 13:31 - 2013-05-22 11:16 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\Smilebox
2013-06-05 13:47 - 2012-03-22 17:28 - 00002773 ____A C:\Users\Leonquad\Desktop\HoylePuzzleGames2005 - Shortcut.lnk
2013-06-05 13:47 - 2012-03-22 17:28 - 00002751 ____A C:\Users\Leonquad\Desktop\HoyleBoardGames2005 - Shortcut.lnk
2013-06-05 13:15 - 2012-05-12 16:21 - 00000000 ____D C:\Users\Leonquad\Documents\Outlook Files
2013-06-05 13:08 - 2013-05-14 09:27 - 00000000 ____D C:\Users\Leonquad\Documents\Fax
2013-06-04 20:27 - 2013-02-22 13:20 - 00032203 ____A C:\Users\Leonquad\AppData\Roaming\Safer-Networking.log
2013-06-04 20:20 - 2013-06-04 20:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Leonquad\Downloads\tdsskiller.exe
2013-06-03 22:39 - 2009-07-13 21:52 - 00000000 ____D C:\Windows\Offline Web Pages
2013-06-03 16:30 - 2013-06-03 16:29 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-03 16:29 - 2013-06-03 16:29 - 00001106 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-03 16:29 - 2013-06-03 16:29 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\Malwarebytes
2013-06-03 16:29 - 2013-06-03 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-03 16:29 - 2013-06-03 16:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-03 16:28 - 2013-06-03 16:22 - 00003220 ____A C:\Users\Leonquad\Desktop\Rkill.txt
2013-06-03 16:24 - 2013-06-03 16:24 - 00026771 ____A C:\AdwCleaner[S1].txt
2013-06-03 16:24 - 2013-06-03 16:24 - 00000421 ____A C:\Windows\DeleteOnReboot.bat
2013-06-03 16:23 - 2013-06-03 16:23 - 00632031 ____A C:\Users\Leonquad\Desktop\AdwCleaner.exe
2013-06-03 16:21 - 2013-06-03 16:21 - 10284816 ____A (Malwarebytes Corporation                                    ) C:\Users\Leonquad\Desktop\mbam-setup.exe
2013-06-03 16:20 - 2013-06-03 16:20 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Leonquad\Desktop\rkill.exe
2013-06-01 10:12 - 2013-06-01 10:12 - 00000798 ____A C:\Users\Leonquad\Desktop\Internet Security Pro.lnk
2013-05-31 08:20 - 2013-05-31 07:56 - 258852047 ____A C:\Users\Leonquad\Desktop\graduation.wmv
2013-05-31 06:05 - 2013-05-31 04:45 - 00000000 ____D C:\Users\Leonquad\Desktop\mrsgross
2013-05-31 05:12 - 2013-05-31 05:07 - 00000000 ____D C:\Users\Leonquad\Desktop\ben and sara
2013-05-31 05:11 - 2013-05-31 05:11 - 00138963 ____A C:\Users\Leonquad\Downloads\Attachments_2013531(1).zip
2013-05-31 05:06 - 2013-05-31 05:06 - 06631378 ____A C:\Users\Leonquad\Downloads\Attachments_2013531.zip
2013-05-30 23:55 - 2012-10-07 16:24 - 00006656 ____A C:\Users\Leonquad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-30 23:50 - 2013-05-25 11:35 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\DivX
2013-05-30 23:48 - 2013-05-30 23:36 - 36642726 ____A C:\Users\Leonquad\Desktop\Pictures_Video.avi
2013-05-30 22:30 - 2013-05-30 22:28 - 14934041 ____A C:\Users\Leonquad\Desktop\test ss.wmv
2013-05-30 22:12 - 2013-05-30 20:52 - 00000000 ____D C:\ProgramData\MAGIX
2013-05-30 22:12 - 2013-05-30 20:48 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\MAGIX
2013-05-30 20:53 - 2013-05-30 20:53 - 00000000 ____D C:\Users\Leonquad\Documents\MAGIX
2013-05-30 20:48 - 2013-05-30 20:48 - 03832032 ____A (MAGIX AG) C:\Users\Leonquad\Downloads\slideshow_maker_2_4mb.exe
2013-05-30 20:47 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Resources
2013-05-30 19:38 - 2013-05-30 19:38 - 05271552 ____A C:\Users\Leonquad\Downloads\Pstory.msi
2013-05-30 19:38 - 2013-05-30 19:38 - 00584600 ____A C:\Users\Leonquad\Downloads\cbsidlm-tr1_13-Magix_Slideshow_Maker-SEO-10907281-1.exe
2013-05-30 19:37 - 2013-05-30 19:37 - 06167552 ____A (VisionGem Co., Ltd.                                         ) C:\Users\Leonquad\Downloads\FreeSlideshowMaker.exe
2013-05-30 19:36 - 2013-05-30 19:36 - 00822608 ____A (Smilebox, Inc.) C:\Users\Leonquad\Downloads\SmileboxInstaller-1.exe
2013-05-30 19:36 - 2013-05-30 19:36 - 00584600 ____A C:\Users\Leonquad\Downloads\cbsidlm-tr1_13-Magix_Slideshow_Maker-SEO-10907281.exe
2013-05-30 06:18 - 2012-07-06 17:50 - 00000000 ____D C:\Users\Leonquad\AppData\Local\{CABC5DA8-626A-408B-90EE-2D60601E5139}
2013-05-29 22:15 - 2013-05-29 22:15 - 00116824 ____A C:\Users\Leonquad\Desktop\Wondershare DVD Slideshow Builder For Win & Mac - Mac Slideshow Software to Create FANTASTIC Slideshow.htm
2013-05-29 22:15 - 2013-05-29 22:15 - 00000000 ____D C:\Users\Leonquad\Desktop\Wondershare DVD Slideshow Builder For Win & Mac - Mac Slideshow Software to Create FANTASTIC Slideshow_files
2013-05-29 15:23 - 2013-05-29 15:23 - 00000000 ____A C:\asc_rdflag
2013-05-29 15:23 - 2012-03-17 15:54 - 00000000 ____D C:\users\Leonquad
2013-05-29 14:24 - 2013-05-29 14:23 - 00000000 ____D C:\Users\Leonquad\Desktop\Old Firefox Data
2013-05-29 14:07 - 2012-10-04 20:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-29 13:54 - 2013-04-12 06:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-26 12:01 - 2013-05-26 12:01 - 00001253 ____A C:\Users\Leonquad\Desktop\Skype.lnk
2013-05-25 11:37 - 2013-05-25 11:37 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\RealNetworks
2013-05-24 04:26 - 2013-05-24 04:26 - 00000020 __ASH C:\Users\TEMP.Leonquad-PC\ntuser.ini
2013-05-24 04:26 - 2013-05-24 04:26 - 00000000 ____D C:\users\TEMP.Leonquad-PC
2013-05-22 23:23 - 2012-05-12 17:57 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\Orbit
2013-05-22 12:05 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2013-05-22 11:28 - 2013-05-22 11:16 - 00000000 ____D C:\Users\Leonquad\AppData\Local\Smilebox
2013-05-22 11:16 - 2013-05-22 11:16 - 00001884 ____A C:\Users\Leonquad\Desktop\Smilebox.lnk
2013-05-22 11:16 - 2013-05-22 11:16 - 00000000 ____D C:\Users\Leonquad\Documents\My Smilebox Creations
2013-05-20 14:37 - 2012-08-30 13:55 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-05-19 09:41 - 2012-03-18 10:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-19 09:39 - 2012-03-18 13:50 - 00000000 ____D C:\Program Files\Google
2013-05-19 09:36 - 2009-07-13 21:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-19 08:53 - 2012-03-17 18:24 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-05-18 11:40 - 2012-03-17 16:43 - 00124488 ____A C:\Users\Leonquad\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-18 11:38 - 2009-07-13 21:33 - 00487944 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 21:14 - 2013-05-17 21:14 - 00001034 ____A C:\Users\Leonquad\Desktop\xVidly.lnk
2013-05-17 21:14 - 2013-05-17 21:13 - 00000000 ____D C:\Program Files\Free Download Manager
2013-05-17 21:14 - 2013-05-17 21:05 - 00000000 ____D C:\Program Files\xVidly
2013-05-17 21:13 - 2013-05-17 21:13 - 00000000 ____D C:\Program Files\GetLyrics
2013-05-17 21:12 - 2013-05-17 21:11 - 00143552 ____A (Jottix) C:\Users\Leonquad\Downloads\xvidly_setup(2).exe
2013-05-17 21:11 - 2013-04-20 07:42 - 00000000 ____D C:\Users\Leonquad\AppData\Local\CRE
2013-05-17 21:04 - 2013-05-17 21:04 - 00143552 ____A (Jottix) C:\Users\Leonquad\Downloads\xvidly_setup(1).exe
2013-05-17 21:04 - 2013-05-17 21:04 - 00000000 ____D C:\Users\Leonquad\AppData\Local\DDMSettings
2013-05-17 21:04 - 2013-05-17 21:03 - 00143560 ____A (Jottix) C:\Users\Leonquad\Downloads\xvidly_setup.exe
2013-05-17 20:59 - 2013-05-17 20:59 - 00001591 ____A C:\Users\Leonquad\Desktop\DivX Movies.lnk
2013-05-17 20:59 - 2013-05-17 20:56 - 00000000 ____D C:\Program Files\DivX
2013-05-17 20:59 - 2013-05-17 20:55 - 00000000 ____D C:\ProgramData\DivX
2013-05-17 20:58 - 2013-05-17 20:58 - 00001161 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-05-17 20:58 - 2013-05-17 20:58 - 00001121 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-05-17 20:58 - 2013-05-17 20:57 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-05-17 20:55 - 2013-05-17 20:55 - 00955712 ____A (DivX, LLC) C:\Users\Leonquad\Downloads\DivXInstaller.exe
2013-05-17 15:06 - 2012-03-17 22:42 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\vlc
2013-05-17 14:15 - 2012-03-17 22:20 - 00000000 ____D C:\Users\Leonquad\Documents\Readon Player
2013-05-17 13:24 - 2013-05-17 13:24 - 00002587 ____A C:\Users\Public\Desktop\VAFPlayer.lnk
2013-05-17 13:24 - 2013-05-17 13:24 - 00000000 ____D C:\Users\Leonquad\AppData\Roaming\player
2013-05-17 13:24 - 2013-05-17 13:24 - 00000000 ____D C:\Program Files\Tuguu SL
2013-05-17 13:21 - 2013-05-17 13:21 - 00000000 ____D C:\Program Files\LessTabs
2013-05-15 22:17 - 2012-03-21 06:27 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 08:58 - 2012-03-17 21:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 08:58 - 2012-03-17 21:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-15 08:07 - 2013-05-15 08:07 - 00141753 ____A C:\Users\Leonquad\Downloads\Attachments_2013515(3).zip
2013-05-15 08:07 - 2013-05-15 08:07 - 00131568 ____A C:\Users\Leonquad\Downloads\Attachments_2013515(2).zip
2013-05-15 08:07 - 2013-05-15 08:07 - 00126485 ____A C:\Users\Leonquad\Downloads\Attachments_2013515(4).zip
2013-05-15 08:06 - 2013-05-15 08:06 - 00148666 ____A C:\Users\Leonquad\Downloads\Attachments_2013515(1).zip
2013-05-15 08:06 - 2013-05-15 08:06 - 00109706 ____A C:\Users\Leonquad\Downloads\Attachments_2013515.zip
2013-05-14 10:13 - 2013-05-14 10:13 - 00001361 ____A C:\Users\Leonquad\Desktop\6th grade grad - Shortcut.lnk
2013-05-13 08:01 - 2013-05-13 08:01 - 00000000 ____D C:\SearchProtect
2013-05-11 12:51 - 2012-09-28 23:55 - 00001854 ____A C:\Users\Public\Desktop\ooVoo.lnk
2013-05-11 12:51 - 2012-03-18 13:33 - 00000000 ____D C:\Program Files\ooVoo
2013-05-11 07:23 - 2013-05-11 07:22 - 06226944 ____A C:\Users\Leonquad\Downloads\NBK001878_2K_Intel_855_Graphics_6-14-10-3792-1.exe
2013-05-11 07:23 - 2013-05-11 07:22 - 06226944 ____A C:\Users\Leonquad\Downloads\NBK001878_2K_Intel_855_Graphics_6-14-10-3792.exe
2013-05-11 07:23 - 2013-05-11 07:21 - 18470912 ____A C:\Users\Leonquad\Downloads\NBK001878_XP_Audio_6-14-01-4060.exe
2013-05-11 07:22 - 2013-05-11 07:21 - 06226944 ____A C:\Users\Leonquad\Downloads\NBK001921_XP_Intel_855_Graphics_6-14-10-3792.exe
2013-05-10 18:11 - 2013-05-10 18:11 - 00000960 ____A C:\Users\Public\Desktop\TransPort T1200 Technical Reference Manual .lnk
2013-05-10 18:11 - 2013-05-10 18:11 - 00000000 ____D C:\Program Files\Manual

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-03 20:12

==================== End Of Log ============================

 

Attached Files



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:45 PM

Posted 09 June 2013 - 06:41 AM

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it on your desktop as fixlist.txt

(if you saved FRST to a different folder and not your desktop originally, then save fixlist.txt to the same location as FRST was saved)


start
HKCU\...\Run: [IsolatedStorage] rundll32 "C:\Users\Leonquad\AppData\Local\{CABC5DA8-626A-408B-90EE-2D60601E5139}\IsolatedStorage\wpkkot.dll",DllRegisterServer [534016 2013-05-30] (Autodesk, Inc.)
C:\Users\Leonquad\AppData\Local\{CABC5DA8-626A-408B-90EE-2D60601E5139}\IsolatedStorage\wpkkot.dll
URLSearchHook: (No Name) - {e9df9360-97f8-4690-afe6-996c80790da4} -  No File
URLSearchHook: (No Name) - {bb45ef8e-1e36-4535-a017-ec908fb1e335} -  No File
Toolbar: HKCU -No Name - {E9DF9360-97F8-4690-AFE6-996C80790DA4} -  No File
Toolbar: HKCU -No Name - {BB45EF8E-1E36-4535-A017-EC908FB1E335} -  No File
cmd: del /a/f/q c:\windows\tasks\at*.job
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.

Note: FixList.txt and FRST must be saved to the same location or the fix will not work

Reboot Normally.



NEXT


Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:45 PM

Posted 26 June 2013 - 05:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users