Help. Qone8 won't go away.

S

Schonza

Member
Qone8 is hijacking my browsers. I can't seem to get rid of it... Here are adwcleaner, mbam, jrt and otl logs.

OTL logfile created on: 16/10/2013 9:39:23 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitch\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

15.96 Gb Total Physical Memory | 12.83 Gb Available Physical Memory | 80.42% Memory free
31.91 Gb Paging File | 28.35 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.66 Gb Total Space | 40.78 Gb Free Space | 17.53% Space Free | Partition Type: NTFS
Drive D: | 2048.00 Gb Total Space | 1022.69 Gb Free Space | 49.94% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 709.84 Gb Free Space | 76.20% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 207.06 Gb Free Space | 44.46% Space Free | Partition Type: NTFS
Drive G: | 6.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 594.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mitch\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - E:\steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\******\****** Partition Master 9.2.2\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - E:\steam\bin\chromehtml.dll ()
MOD - E:\steam\bin\libcef.dll ()
MOD - E:\steam\SDL2.dll ()
MOD - E:\steam\bin\avcodec-53.dll ()
MOD - E:\steam\bin\avformat-53.dll ()
MOD - E:\steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\work.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\HM.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\SF.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\STT.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\platform.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\device.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (cpuz135) -- C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys (CPUID)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()


[2013/06/24 23:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Extensions
[2013/06/24 23:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2013/10/15 16:04:29 | 000,450,642 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [****** EPM tray] C:\Program Files (x86)\******\****** Partition Master 9.2.2\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] E:\steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK = E:\Assassin's Creed\Register\RegistrationReminder.exe (Ubisoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24078347-D715-4C11-AF07-EB61C699AF1F}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/15 15:49:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/01/21 18:56:12 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 23:11:55 | 000,131,720 | R--- | M] (InstallShield Software Corporation) - G:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/02/22 21:08:27 | 000,058,601 | R--- | M] () - G:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008/02/22 21:08:27 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/02/22 21:08:44 | 000,000,382 | R--- | M] () - G:\autorun.ini -- [ UDF ]
O32 - AutoRun File - [2000/08/25 09:49:58 | 000,000,131 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/16 21:15:06 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Mitch\Desktop\JRT_NEW.exe
[2013/10/16 20:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013/10/16 19:53:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/16 19:53:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/16 19:47:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/16 19:47:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/16 19:47:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/16 19:46:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/16 19:46:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/15 19:05:48 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Ubisoft
[2013/10/15 18:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2013/10/15 16:05:23 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/15 16:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/15 16:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/15 16:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/15 16:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/10/15 16:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/10/15 16:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/10/15 15:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/10/15 15:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/10/11 11:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013/09/30 23:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/09/30 23:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/09/30 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/30 23:02:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/30 22:59:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/30 22:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/30 22:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/30 22:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/09/30 22:39:21 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Malwarebytes
[2013/09/30 22:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/30 22:39:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/30 22:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/30 22:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/30 22:29:59 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/09/30 22:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/09/30 22:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/16 21:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/16 20:08:49 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 20:08:49 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 20:06:31 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/16 20:06:31 | 000,664,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/16 20:06:31 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/16 20:02:43 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/10/16 20:02:43 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/10/16 20:02:29 | 000,001,441 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/16 20:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/16 20:01:40 | 4258,840,574 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 16:05:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 03840bd0-92ef-4b88-b5f4-d78251b340ec.job
[2013/10/16 10:47:28 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Mitch\Desktop\JRT_NEW.exe
[2013/10/15 18:24:14 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7baa910a-92fe-4fe8-b99c-a0ec1e75622b.job
[2013/10/15 18:06:26 | 000,000,860 | ---- | M] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
[2013/10/15 16:05:20 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/15 16:04:29 | 000,450,642 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/15 16:00:19 | 000,001,286 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/15 16:00:19 | 000,001,262 | ---- | M] () -- C:\Users\Mitch\Desktop\Spybot - Search & Destroy.lnk
[2013/10/15 15:49:23 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/10/10 10:30:10 | 000,416,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 23:46:22 | 000,764,734 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/30 23:13:22 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/09/30 22:55:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/30 22:39:15 | 000,001,137 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/09/30 22:39:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 11:52:02 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\Lords of the Realm III.lnk
[2013/09/23 17:05:41 | 000,000,851 | ---- | M] () -- C:\Users\Mitch\Desktop\µTorrent.lnk
[2013/09/23 17:05:41 | 000,000,831 | ---- | M] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/16 20:02:29 | 000,001,413 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/10/16 19:56:32 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/10/16 19:47:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/16 19:47:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/16 19:47:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/16 19:47:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/16 19:47:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/15 18:06:26 | 000,000,860 | ---- | C] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
[2013/10/15 16:05:27 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7baa910a-92fe-4fe8-b99c-a0ec1e75622b.job
[2013/10/15 16:05:27 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 03840bd0-92ef-4b88-b5f4-d78251b340ec.job
[2013/10/15 16:05:20 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/15 16:00:19 | 000,001,286 | ---- | C] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/15 16:00:19 | 000,001,262 | ---- | C] () -- C:\Users\Mitch\Desktop\Spybot - Search & Destroy.lnk
[2013/10/15 15:49:23 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/10/09 19:04:31 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/09/30 23:13:22 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/09/30 22:55:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/30 22:39:15 | 000,001,137 | ---- | C] () -- C:\Users\Mitch\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/09/30 22:39:15 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 11:52:02 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\Lords of the Realm III.lnk
[2013/09/23 17:05:41 | 000,000,851 | ---- | C] () -- C:\Users\Mitch\Desktop\µTorrent.lnk
[2013/08/27 12:39:17 | 002,498,216 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013/08/27 12:39:17 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013/08/27 12:39:17 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013/08/27 12:39:17 | 000,013,896 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013/08/27 12:39:17 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013/05/26 09:36:06 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2013/05/23 01:41:57 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/05/23 01:41:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/22 00:45:45 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013/05/22 00:44:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/22 00:40:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/05/22 00:40:28 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/22 00:40:28 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/05/22 00:31:01 | 000,764,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/22 00:28:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/09/29 06:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/06 20:12:42 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\LMADLQ32comc.dll
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 13:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 14:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/24 12:44:36 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\2K Sports
[2013/05/30 11:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Command and Conquer 4
[2013/10/11 11:11:40 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\DAEMON Tools Lite
[2013/07/05 23:38:13 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\GOG
[2013/08/14 19:50:21 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\LolClient
[2013/08/27 10:19:55 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Origin
[2013/05/25 09:47:46 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Red Alert 3
[2013/08/05 23:11:33 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Riot Games
[2013/06/24 23:41:36 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\TomTom
[2013/10/15 19:05:48 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Ubisoft
[2013/10/15 15:49:32 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
 

Attachments

  • AdwCleaner[R1].txt
    3.3 KB · Views: 46
  • mbam-log-2013-09-30 (21-39-51).txt
    6.2 KB · Views: 26
  • JRT.txt
    629 bytes · Views: 29
johnb35

johnb35

Administrator
Staff member
Sorry for the late reply, was at work today and couldn't open your logs on my phone.

Do the following.

Open OTL again and copy and paste the following into the custom scan/fixes box at the bottom.

Code: 
:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

Then click on the run fix button.

Also I noticed your adwcleaner log was only the scan log and not the clean log. Did you press the clean button after the scan? Adwcleaner found the issue, its listed as a start page. If you didn't click on the clean button after the scan please rerun a scan of adwcleaner and then click on the clean button and post the log.

If you did, click on the clean button are you still having the issues? I'm assuming you are using Internet Explorer as your web browser?
 
S

Schonza

Member
Here is the clean log..

Have also proceeded with the OTL fix command.

I'm running Chrome mainly... However, having unistalled and reinstalled chrome, my Chrome home page is back to normal, but IE isn't... Kind of just making sure I get rid of the hijacker before I give away any personal info.
 

Attachments

  • AdwCleaner[S1].txt
    3.1 KB · Views: 44
johnb35

johnb35

Administrator
Staff member
According to adwcleaner your home page was restored to original. If it hasn't, you just need to go in and change it manually. What version of IE are you running?
 
S

Schonza

Member
IE9... The problem I have changed all the settings already. If I open Internet settings the home page says google.com, but still loads qone8.com.
 
johnb35

johnb35

Administrator
Staff member
OK, hold on. Looks like I missed a couple entries in the OTL scan.

Please copy and paste the following into the custom scan/fixes box at the bottom.

Code: 
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

:Commands
[emptytemp]

Then click on the run fix button.

Also at this time, I need you to rerun a quick scan of malwarebytes as the log you posted was over 2 weeks ago. Please post the log if it catches anything.
 
You must log in or register to reply here.
Top