Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Need help removing Malware [Closed]


  • This topic is locked This topic is locked

#1
Munien

Munien

    New Member

  • Member
  • Pip
  • 7 posts
Hi, I need to remove the Malware from a computer but have had no success so far. The computer has a lot of viruses on it at the moment.
I tried MBAM and removed a lot but many problems still remained.
Some of the problems include Conduit Search, ASK.com toolbar, Mobogenie, Regclean Pro and more I'm sure.
A system restore also proved no results.
Any help would be greatly appreciated, thanks!

The OTL log is below


OTL logfile created on: 12/13/2013 1:13:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.96 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.50% Memory free
15.92 Gb Paging File | 13.01 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.41 Gb Total Space | 801.66 Gb Free Space | 87.29% Space Free | Partition Type: NTFS
Drive G: | 959.72 Mb Total Space | 778.31 Mb Free Space | 81.10% Space Free | Partition Type: FAT

Computer Name: SEAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/13 13:12:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2013/12/11 07:36:58 | 000,131,425 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
PRC - [2013/12/04 12:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/03 17:40:21 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/10/31 09:37:58 | 000,020,248 | ---- | M] (Smartbar) -- C:\Users\Admin\AppData\Local\Smartbar\Application\QuickShare.exe
PRC - [2013/10/04 18:20:22 | 006,588,272 | ---- | M] (Systweak) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/29 20:21:38 | 000,116,008 | ---- | M] () -- C:\Users\Admin\Qtrax\Player\notification.exe
PRC - [2013/05/10 17:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/19 21:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/19 21:47:19 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 21:26:19 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/04/19 11:53:24 | 005,724,472 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
PRC - [2011/04/19 11:53:23 | 000,587,264 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
PRC - [2011/01/12 14:40:30 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/03/02 18:42:54 | 000,062,864 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
PRC - [2009/12/09 19:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/10/14 04:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/14 04:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/01 12:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 12:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 19:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/13 09:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/07/23 22:01:24 | 000,894,464 | ---- | M] () -- C:\_Installing\PicPick\picpick.exe
PRC - [2009/07/04 12:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009/03/25 17:54:58 | 001,724,416 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
PRC - [2009/03/03 18:01:06 | 000,554,264 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2009/02/23 17:57:12 | 000,058,648 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe
PRC - [2008/10/28 10:34:32 | 000,780,192 | ---- | M] (Fuji Xerox Co., Ltd.) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint C1190 FS\Address Book Editor\Launcher_dpc1190fs.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/13 13:09:04 | 000,011,264 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\nsb2E60.tmp\System.dll
MOD - [2013/12/11 07:36:58 | 000,131,425 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
MOD - [2013/12/04 12:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 12:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/04 12:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 12:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 12:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 12:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/31 09:38:30 | 000,030,488 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\srut.dll
MOD - [2013/10/31 09:38:22 | 000,247,576 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\srns.dll
MOD - [2013/10/31 09:38:22 | 000,013,592 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\srpdm.dll
MOD - [2013/10/31 09:38:20 | 000,056,088 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\srau.dll
MOD - [2013/10/31 09:38:18 | 000,055,064 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\spbl.dll
MOD - [2013/10/31 09:38:18 | 000,047,896 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\sppsm.dll
MOD - [2013/10/31 09:38:12 | 000,024,856 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/10/31 09:38:10 | 000,052,504 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/10/31 09:38:08 | 000,111,384 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/10/31 09:38:08 | 000,016,664 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/10/31 09:38:04 | 000,149,784 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/10/31 09:38:02 | 000,034,072 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/10/31 09:38:00 | 001,980,184 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/10/31 09:38:00 | 000,081,176 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/10/31 09:38:00 | 000,013,592 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/10/31 09:37:58 | 000,727,320 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/10/31 09:37:56 | 000,012,568 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\siem.dll
MOD - [2013/10/31 09:37:54 | 000,013,592 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\sgml.dll
MOD - [2013/10/31 09:37:10 | 000,047,384 | ---- | M] () -- C:\Users\Admin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/10/10 03:35:46 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/10 03:32:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 03:32:12 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\0a7b20934d7587787e7dae923d1614f4\System.Deployment.ni.dll
MOD - [2013/10/10 03:31:47 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/04 18:20:22 | 001,730,928 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\aspsys.dll
MOD - [2013/08/15 03:41:55 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/15 03:33:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/15 03:32:51 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\048017d94384988bfe84bcb2ca7ebf0f\System.Web.Services.ni.dll
MOD - [2013/08/15 03:32:38 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 03:32:37 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/15 03:32:36 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/15 03:31:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 03:31:28 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 03:31:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/29 20:21:38 | 000,116,008 | ---- | M] () -- C:\Users\Admin\Qtrax\Player\notification.exe
MOD - [2013/07/12 03:41:21 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/12 03:31:49 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/07/25 12:03:14 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/04 13:37:00 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/11/05 11:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/05 11:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/03/02 18:42:54 | 000,062,864 | ---- | M] () -- C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe
MOD - [2009/07/23 22:01:24 | 000,894,464 | ---- | M] () -- C:\_Installing\PicPick\picpick.exe
MOD - [2009/06/11 07:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/03 17:57:16 | 000,214,296 | ---- | M] () -- C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/27 03:03:23 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 15:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/12 14:40:20 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2009/10/12 15:08:08 | 000,343,456 | ---- | M] (Fuji Xerox Co., Ltd.) [Auto | Running] -- C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPSDBN.EXE -- (FXSMAPSDB)
SRV:64bit: - [2009/10/12 15:08:04 | 000,154,016 | ---- | M] (Fuji Xerox Co., Ltd.) [Auto | Running] -- C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPWDN.EXE -- (FXSMAPPWD)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/04 12:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2013/12/13 12:26:21 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/12/13 12:25:19 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/12/11 21:42:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/20 08:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/09/11 11:24:57 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/02 04:57:53 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/05/10 17:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/30 10:57:00 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/19 21:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/04/19 11:53:23 | 000,587,264 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe -- (WkSvw32.exe)
SRV - [2011/01/12 14:40:30 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/22 07:58:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/22 07:58:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 19:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/10/14 04:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/10/01 12:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 12:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/28 19:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/26 04:38:06 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/13 09:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/13 12:25:23 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/30 10:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2013/04/30 10:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/19 11:53:25 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/29 18:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/14 04:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/23 19:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/25 12:06:00 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/25 11:44:10 | 000,195,456 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2009/02/25 11:43:12 | 000,219,136 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2009/01/23 06:34:55 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/09/29 19:22:32 | 000,553,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111v2x.sys -- (WN111v2)
DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2013/04/30 10:57:00 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/11/13 12:31:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/21 15:05:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {E3BFF9AF-DF9A-47AD-A772-43AF5829D299}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...52f8l5h81682360
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3306926
IE - HKCU\..\URLSearchHook: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {E3BFF9AF-DF9A-47AD-A772-43AF5829D299}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{553B3E9C-A8E3-40FB-9D64-AB3BD2B773B4}: "URL" = http://websearch.ask...54-A8BCCEE6C11E
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...GW_enAU380AU380
IE - HKCU\..\SearchScopes\{E3BFF9AF-DF9A-47AD-A772-43AF5829D299}: "URL" = http://search.condui...7592439269&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/11 11:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/11 11:24:16 | 000,000,000 | ---D | M]

[2013/12/11 07:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\extensions
[2013/12/11 07:29:44 | 000,000,000 | ---D | M] (Gameoff-games) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\extensions\{e1514faa-0f36-4330-8590-ea8c9c0a903f}
[2013/09/11 11:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/11 11:24:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/11 11:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/11 11:24:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/11 11:24:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 22:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...=2&sspv=TB_TNI3
CHR - Extension: Google Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13307_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gameoff-games Toolbar) - {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Gameoff-games Toolbar) - {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gameoff-games Toolbar) - {E1514FAA-0F36-4330-8590-EA8C9C0A903F} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [FXSMAPPSP] C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPSPZ.EXE (Fuji Xerox Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fuji Xerox DocuPrint C1190 FS Launcher] C:\Program Files (x86)\Fuji Xerox\DocuPrint C1190 FS\Address Book Editor\Launcher_dpc1190fs.exe (Fuji Xerox Co., Ltd.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [PicPick Start] C:\_Installing\PicPick\picpick.exe ()
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Admin\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - HKCU..\Run: [ConduitFloatingPlugin_pckaochijkjekcndgjamcfccjimechdg] C:\Users\Admin\AppData\Local\Temp\CT3306926\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [QtraxNotification] C:\Users\Admin\Qtrax\Player\notification.exe ()
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found
O4 - HKCU..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Users\Admin\AppData\Roaming\SearchProtect" File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipList.exe - Shortcut.lnk = C:\ClipList\ClipList.exe ()
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FF692AB-0AED-4972-B013-7EC98ED29A06}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FA7D952-DE3D-4039-856B-4C7521D6DDAE}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/14 11:36:02 | 000,000,148 | R--- | M] () - G:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/13 12:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/12/13 11:27:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013/12/13 11:05:29 | 000,000,000 | ---D | C] -- C:\MalwareBytes
[2013/12/13 08:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/13 08:59:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/13 08:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/12/13 08:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/12/13 08:40:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\.android
[2013/12/13 03:05:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/11 07:38:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Qtrax
[2013/12/11 07:37:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Smartbar
[2013/12/11 07:37:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mobogenie
[2013/12/11 07:37:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\cache
[2013/12/11 07:36:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/12/11 07:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/11 07:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/12/11 07:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2013/12/11 07:33:22 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/12/11 07:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Systweak
[2013/12/11 07:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/12/11 07:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2013/12/11 07:33:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013/12/11 07:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/11 07:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameoff-games
[2013/12/11 07:31:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NativeMessaging
[2013/12/11 07:31:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Conduit
[2013/12/11 07:31:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CRE
[2013/12/11 07:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/11 07:31:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\SearchProtect
[2013/12/11 07:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/12/11 07:29:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2013/11/15 14:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013/11/15 14:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2013/11/15 13:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013/11/15 13:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2013/11/15 13:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/11/15 13:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2010/01/09 07:00:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2013/12/13 13:13:28 | 000,006,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/13 13:13:28 | 000,006,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/13 13:10:49 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/13 13:10:49 | 000,631,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/13 13:10:49 | 000,111,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/13 13:06:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/13 13:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/13 13:04:44 | 2115,313,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/13 12:45:32 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/13 12:42:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/13 12:25:23 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/12/13 12:25:21 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2013/12/13 12:25:20 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/12/13 12:23:15 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/12/11 23:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SyncBack MYOB.job
[2013/12/11 22:30:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SyncBack DoTr.job
[2013/12/11 20:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\SyncBack email backup.job
[2013/12/11 19:55:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SyncBack database backup.job
[2013/12/11 15:01:18 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/12/11 07:39:07 | 000,002,360 | ---- | M] () -- C:\Users\Admin\Desktop\Qtrax Player.lnk
[2013/12/11 07:36:34 | 000,001,104 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/11 07:36:34 | 000,001,094 | ---- | M] () -- C:\Users\Admin\Desktop\MyPC Backup.lnk
[2013/12/11 07:34:22 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/12/11 07:33:21 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/12/11 07:32:59 | 000,000,004 | ---- | M] () -- C:\END
[2013/12/03 09:41:57 | 000,000,478 | ---- | M] () -- C:\Windows\MYOBP.INI
[2013/12/03 09:41:56 | 000,000,042 | ---- | M] () -- C:\Windows\MYOB.INI
[2013/11/27 03:03:27 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/27 03:03:24 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 09:37:56 | 000,445,952 | ---- | M] () -- C:\Users\Admin\Desktop\smagix.exe
[2013/11/20 03:01:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2013/12/11 07:39:07 | 000,002,390 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
[2013/12/11 07:39:07 | 000,002,360 | ---- | C] () -- C:\Users\Admin\Desktop\Qtrax Player.lnk
[2013/12/11 07:36:34 | 000,001,104 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/11 07:36:34 | 000,001,094 | ---- | C] () -- C:\Users\Admin\Desktop\MyPC Backup.lnk
[2013/12/11 07:34:22 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/12/11 07:34:11 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/12/11 07:33:35 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/12/11 07:33:35 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/12/11 07:33:21 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/12/11 07:28:48 | 000,000,004 | ---- | C] () -- C:\END
[2013/11/27 03:03:27 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/27 03:03:24 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 09:37:56 | 000,445,952 | ---- | C] () -- C:\Users\Admin\Desktop\smagix.exe
[2013/11/15 13:57:44 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyBlaze Typing Tutor.lnk
[2013/02/07 14:12:00 | 000,000,758 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/02/07 14:12:00 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/02/07 13:50:04 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 12:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/22 01:27:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sierra Wireless
[2013/12/13 12:21:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Systweak

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5D7E5A8F

< End of report >
  • 0

Advertisement


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 2,624 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello :) There should be another log called Extras.txt that was produced with your first run of OTL. It will be located in the same directory that you ran OTL from. In this case, C:\Users\Admin\Downloads Please post that log for my review. I'm currently working on a fix for approval and as soon as it's approved, we'll get started getting rid of the baddies. :) :thumbsup:
  • 0

#3
Munien

Munien

    New Member

  • Member
  • Pip
  • 7 posts
Here is the extras.txt thanks :)

OTL Extras logfile created on: 12/13/2013 1:13:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.96 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.50% Memory free
15.92 Gb Paging File | 13.01 Gb Available in Paging File | 81.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.41 Gb Total Space | 801.66 Gb Free Space | 87.29% Space Free | Partition Type: NTFS
Drive G: | 959.72 Mb Total Space | 778.31 Mb Free Space | 81.10% Space Free | Partition Type: FAT

Computer Name: SEAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\SwiApiMux.exe" = C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\SwiApiMux.exe" = C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A68731-DAD6-473D-AF06-B4159A381B07}" = lport=138 | protocol=17 | dir=in | app=system |
"{067CDCDB-E893-43F3-AD4F-8EFD6693CCFE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{114D7478-27A2-499A-AE22-516B10CDB6B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{153521CD-F542-4847-9D09-8B94E388D1C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B3EF03C-A597-4BC0-9C27-C4F569186591}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DC088F8-36F8-4500-A82C-2B750645261C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E089DC5-5B39-49D1-96F0-077D1BD121B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3578ADE1-ADF0-4885-A9F3-E7C9A1E5E2EA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3588B61B-6D57-42E3-9129-CC1B4DCCCB10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4ADB49ED-DEE9-411A-92B8-963849D1E146}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E492ADB-A93D-437D-8587-0F69712BF0A8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F378311-44F4-445B-9D47-08CFB76842F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{647429A3-4CCA-4C71-80CE-4C4DA22DFF55}" = rport=139 | protocol=6 | dir=out | app=system |
"{6575FA62-3156-45BE-80C7-4BB8D6E4DC55}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6676418A-1CB7-4A1F-B8E3-EBB723E8EEC8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{693A22DE-576F-4BFF-8EE7-AD3D276D7195}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AD50718-8EEB-4B3F-979D-0BB29C17C65A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7201EDD4-BBE2-4C78-8A7E-91348760756A}" = lport=139 | protocol=6 | dir=in | app=system |
"{7462617F-568F-40BA-8932-726DA070263E}" = rport=137 | protocol=17 | dir=out | app=system |
"{89748B2E-0C07-4957-A55C-CFB50A7FDB0F}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A585F8E-7848-4898-95FE-D77A7A450A1B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8EFAB617-871D-4F4A-91D6-058DEC4D09E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{9F1C7123-0980-4477-937B-A6D62D6652D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1D3B881-4322-4F01-B6E2-2361C28AFC84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6C7A772-BCB1-4F97-BB36-C250E06D0636}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A909EF48-59A4-4CBB-A243-FD036F521C78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BC016CA3-3828-4CA8-8D55-4EC02CAC6DEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF2574C0-61C8-443C-92A9-400E327AAD1C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C188595B-0FEE-454F-8E37-51D58F9DDC0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C996D5B6-6980-49D8-874A-BAE6FD9AC5A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE040439-08F3-440B-9F94-C32E9ABBC1B3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CF29F641-A511-427D-99BB-E8C5B54CA98E}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC659203-B7CE-4FD1-8E1E-BC6CEFBEF96C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FAC6B7BE-4BD3-4363-8A50-FC0EC531AE8B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A5A9FA-BACE-4CB6-91D0-1CA4F86B8E59}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{0619B053-AE6E-4A78-A195-85380B7ED3AB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1156D9E5-F332-4F81-8094-981D19E73BFE}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema\powercinema.exe |
"{11742E1B-3CED-40ED-A0F0-8A3858CFDD06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{147FFC2C-F34D-4D82-8329-4992D6FA392F}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{21B98A96-BC64-4974-89DE-91CCCCDE6453}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{250A048D-0682-4143-A0E9-14A8F6F54983}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25136969-C05F-4820-ABCE-154209F667BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26F439A6-DAAF-4A95-90DB-2997DC40B62E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3228B95F-CE0B-4436-9F23-27241853B9E6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{34ABCBDF-87A7-4C70-9047-D7401CAC3E0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38ED1F71-A4B9-4110-A20A-DDB324E5F18C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3C9D5B9E-6433-4A62-8666-BF9FD8371E08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F7CE76C-ED3D-483D-B9E2-3DF1102FC1E9}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{4482EECD-0477-45C1-9A98-AFC634038D03}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{47233A38-6981-4097-BB5C-EE25172C3B35}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{47BEF937-B2D0-46AD-AE2E-F2231C1AB471}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{49C9DA8A-A6E3-4BD0-AA8E-7C6A802FE4EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A746C74-6054-4DD0-84A8-CFB33914B223}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4B778C72-25A6-4E38-8230-2C35C127FDF2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{50A0208B-FD4F-4B63-A58C-0BF9F0BD5EED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{524B6D5B-8897-44CF-B8B4-A6FAD890ADE0}" = dir=in | app=c:\program files (x86)\cyberlink\playmovie\playmovie.exe |
"{557C3671-1EA5-4B04-9874-DA04F2EE7071}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62B5DF2D-90D5-42CA-9FC8-A4BE608DA90B}" = protocol=6 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe |
"{658A3AC1-9080-4588-9124-6038D422CB1A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6DAC34CE-5186-412E-BDEA-9D15ADFAF577}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{707D83CB-2C37-4363-94F6-EF29823BBE0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{749022D4-B986-4D6D-8074-6505D66A757B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7727BC6E-A9D5-4649-9099-B46AA1BD5028}" = protocol=17 | dir=in | app=c:\program files (x86)\wibukey\server\wksvw32.exe |
"{780B3DA7-8F66-43BA-887D-D172219AE84A}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{786B7C44-EBB1-40AF-BBF0-7943428B13C9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7D7A5CED-793B-4F8D-97F9-00FE630548FE}" = protocol=17 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe |
"{7D87DCE8-758C-47F9-9837-D5FAE6986E6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F57FD4C-E890-4687-B0A6-8133D939B71C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7FE17380-CAFC-483C-9596-111881ED5607}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84206812-55EE-4012-A4A3-1CB4D49D8CDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F6D0815-E2C0-4BFB-8112-DF11A48DFFB8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A818DCF9-B0AD-41FF-90D2-6E36F9067738}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{B892C111-4CE2-4ED6-BD97-994FCD587D6E}" = dir=in | app=c:\program files (x86)\cyberlink\playmovie\pmvservice.exe |
"{BA9BA32D-A046-4DC8-B5F1-4C789CF53ED4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BABEFAEA-500D-4C53-A963-480B6E1CA362}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{BF367B03-7F27-4DFC-A863-9F3D61FA5260}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{C1CAE63E-C2A1-4D52-852A-5F5DC073722A}" = protocol=6 | dir=out | app=system |
"{C8A97701-2D68-46AE-8A7C-FD7B19E2F824}" = protocol=6 | dir=in | app=c:\program files (x86)\wibukey\server\wksvw32.exe |
"{CDB2FC83-FA08-4EBF-8BE4-36854611247D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D932914A-ABCE-4A0F-AB05-0F611317ED05}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DAC961C1-C5C1-494D-822B-12851AA7E9D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD9E9D58-E1D2-4B6C-8D4B-D4C1B6FDB4F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0834752-92C4-4AE4-839A-6EF53D9F5D58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2EDA869-D627-4AC8-ACBC-EF58B04B4567}" = dir=in | app=c:\program files (x86)\cyberlink\softdma\softdma.exe |
"{EA88C9CD-6DE7-4B61-8D39-172E1914249A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F18F07E7-375E-4322-B373-3D34E06FC627}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F45112A4-F321-4912-8735-510953371DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{F72F77DF-EF2D-4E47-ADAE-8DBD1224D07A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F851BAE6-C6C3-4159-8021-5F2666556574}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"TCP Query User{40D16858-BE2A-4282-98DF-4F14488B38D5}C:\premier19\myobp.exe" = protocol=6 | dir=in | app=c:\premier19\myobp.exe |
"TCP Query User{4205E89E-6736-4C8B-9869-4C4D1261B477}C:\premier19\myobp.exe" = protocol=6 | dir=in | app=c:\premier19\myobp.exe |
"TCP Query User{8614713B-7429-4005-81DA-0E70D5F4E58E}C:\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\downloads\utorrent.exe |
"TCP Query User{A1737608-48AC-423F-8841-2120C8882D43}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{D8D3CD73-7673-42A6-97A8-AF12BAB4803A}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{E4918090-F2B3-4C84-A209-FAF8CB8A2A3F}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe |
"TCP Query User{F77321F3-585E-4298-90E4-8805C6D2BEF5}C:\users\sean\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\sean\appdata\local\akamai\netsession_win.exe |
"UDP Query User{05F6E4C2-674B-4423-BF70-DD7711B96A84}C:\users\sean\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\sean\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1105AC51-0547-4DF0-9A21-52B5024F4789}C:\premier19\myobp.exe" = protocol=17 | dir=in | app=c:\premier19\myobp.exe |
"UDP Query User{93A58D30-8F8F-40BB-8C41-407092D7224B}C:\program files (x86)\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graphisoft\archicad 12\archicad.exe |
"UDP Query User{A6DE1506-DD7D-46DE-B894-247E7D2AE718}C:\premier19\myobp.exe" = protocol=17 | dir=in | app=c:\premier19\myobp.exe |
"UDP Query User{B37A5EF6-3C29-4EB7-B60D-5FCE9AAFBC2A}C:\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\downloads\utorrent.exe |
"UDP Query User{B72AE6B1-C1BB-4949-838B-A7F71E15B294}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{F6306FBD-D168-48B9-B9E8-B58AE2A5F8A7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D893819-52C6-4A50-B4ED-3B6E8C76B923}" = Nitro PDF Professional
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"MyPC Backup" = MyPC Backup
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 5.0.1.335
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{014A135D-76A4-4A0C-A75A-7F769B8AA024}" = Fuji Xerox SimpleMonitor for Asia-Pacific
"{14CD4651-23C3-4D99-9A13-D1DBE4835E16}" = MYOB AccountRight Premier v19
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{177CD779-4EEC-43C5-8DEA-4E0EC103624B}" = Driver Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{24D37B30-83B4-46A7-A691-30F2FCEAE58E}" = AUSkey software 1.4.4
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 22
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47CA3C70-1FC8-4026-8256-A685979EE34F}" = MYOB RetailManager v11
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-250C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C1D1982-EA9A-4FA3-B091-E1A755906950}" = Fuji Xerox DocuPrint C1190 FS SCANNER Utilities Ver.1.0.1.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93446A1-E907-4BDD-BE47-32571B658D9B}" = Fuji Xerox DocuPrint C1190 FS Scanner Driver
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C95BF658-264E-4812-9C8F-0B913ABC4E0E}" = Telstra Turbo Connection Manager
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}" = LogMeIn
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CEFCFC70-5279-44EB-8D1A-DA2C6C3E09B5}" = Crane Demo
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F5C7EE-23BB-47A3-943E-9F290DD267F0}" = THX TruStudio PC
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}" = QuickShare
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f98c109c-9475-4648-b757-abec297a07bd}" = Nero 9 Essentials
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"001FFF1FFF14FF00FF0701F01F02F000-R1" = ArchiCAD 14 INT (x86)
"001FFFFFFF12FF00FF2701F04F02F000-R1" = ArchiCAD 12 AUS
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"BearShare MediaBar" = MediaBar
"EditPad Lite" = Just Great Software EditPad Lite 6.4.5
"Everything" = Everything 1.2.1.371
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{14CD4651-23C3-4D99-9A13-D1DBE4835E16}" = MYOB AccountRight Premier v19
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"KeyBlaze" = KeyBlaze Typing Tutor
"Mozilla Firefox 23.0.1 (x86 en-GB)" = Mozilla Firefox 23.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"RegClean Pro_is1" = RegClean Pro
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"ST6UNST #1" = Install_Winsock
"ST6UNST #2" = InstallControls
"ST6UNST #3" = SecaJobs
"ST6UNST #4" = Install_Winsock (C:\Program Files (x86)\Install_Winsock\)
"SyncBack_is1" = SyncBack
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"3877471830.portal.qtrax.com" = Qtrax Player Plugin
"Qtrax" = Qtrax (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2013 9:09:22 PM | Computer Name = sean-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/12/13 11:09:22.846]: [00005704]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 12/12/2013 9:09:22 PM | Computer Name = sean-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/12/13 11:09:22.846]: [00005704]: Initialize TwdsMain
Class failed!

Error - 12/12/2013 10:23:21 PM | Computer Name = sean-PC | Source = CltMngSvc | ID = 1000
Description =

Error - 12/12/2013 10:33:23 PM | Computer Name = sean-PC | Source = Windows Backup | ID = 4103
Description =

Error - 12/12/2013 10:42:05 PM | Computer Name = sean-PC | Source = CltMngSvc | ID = 1000
Description =

Error - 12/12/2013 10:43:11 PM | Computer Name = sean-PC | Source = System Restore | ID = 8210
Description =

Error - 12/12/2013 10:56:36 PM | Computer Name = sean-PC | Source = CltMngSvc | ID = 1000
Description =

Error - 12/12/2013 10:58:27 PM | Computer Name = sean-PC | Source = System Restore | ID = 8210
Description =

Error - 12/12/2013 11:05:44 PM | Computer Name = sean-PC | Source = CltMngSvc | ID = 1000
Description =

Error - 12/12/2013 11:06:37 PM | Computer Name = sean-PC | Source = System Restore | ID = 8210
Description =

[ OSession Events ]
Error - 11/4/2013 9:03:14 PM | Computer Name = sean-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7689
seconds with 1920 seconds of active time. This session ended with a crash.

Error - 11/19/2013 10:07:31 PM | Computer Name = sean-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2000
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2

Error - 12/12/2013 11:30:18 PM | Computer Name = sean-PC | Source = Service Control Manager | ID = 7000
Description = The DNISp50a64 NDIS Protocol Driver service failed to start due to
the following error: %%2


< End of report >
  • 0

#4
Munien

Munien

    New Member

  • Member
  • Pip
  • 7 posts
I won't be on this computer for a while so if there is a response to help me, I will get back to this thread as soon as I am able to use it again.
Thanks!
  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 2,624 posts
Awesome :) Thanks for the extras log. I'll have something for you in the morning, as soon as my teacher approves or tweaks what I want to do. We'll get this whipped! :thumbsup:
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 2,624 posts
Hello, we have some work to do, so let's get started. :)

If you still have the log from the Malwarebytes scan, please post it along with the other requested logs. This log can be found be clicking on the Logs tab from Malwarebytes control panel.


The Dangers of P2P Programs

I noticed that you have several P2P file sharing programs (Bearshare and Limewire, Frostwire) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Registry Cleaner Warning

There were signs of multiple programs that are either currently or have been previously installed on your computer that contain registry cleaners.A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.



Step 1: Program Uninstalls

Please uninstall the following programs from your computer. If one of the programs in the list doesn't appear in the Add/Remove Programs list, don't worry about it, just move on to the next one. :)

  • Systweak
  • RegClean Pro
  • Advanced System Protector
  • MyPcBackup
  • MediaBar
  • Akamai NetSession Interface Service



Step 2: Change Chrome's Homepage

We need to change your homepage in Chrome, as it is set to a malware related site. Please follow the instructions below.

  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.


Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
SRV - [2013/09/20 08:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
IE - HKLM\..\URLSearchHook: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {E3BFF9AF-DF9A-47AD-A772-43AF5829D299}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3306926
IE - HKCU\..\URLSearchHook: {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {E3BFF9AF-DF9A-47AD-A772-43AF5829D299}
IE - HKCU\..\SearchScopes\{553B3E9C-A8E3-40FB-9D64-AB3BD2B773B4}: "URL" = http://websearch.ask...54-A8BCCEE6C11E
IE - HKCU\..\SearchScopes\{E3BFF9AF-DF9A-47AD-A772-43AF5829D299}: "URL" = http://search.condui...7592439269&UM=2
[2013/12/11 07:29:44 | 000,000,000 | ---D | M] (Gameoff-games) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\extensions\{e1514faa-0f36-4330-8590-ea8c9c0a903f}
[2010/09/14 22:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (Gameoff-games Toolbar) - {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Gameoff-games Toolbar) - {e1514faa-0f36-4330-8590-ea8c9c0a903f} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Gameoff-games Toolbar) - {E1514FAA-0F36-4330-8590-EA8C9C0A903F} - C:\Program Files (x86)\Gameoff-games\prxtbGame.dll (Conduit Ltd.)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Admin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Admin\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - HKCU..\Run: [ConduitFloatingPlugin_pckaochijkjekcndgjamcfccjimechdg] C:\Users\Admin\AppData\Local\Temp\CT3306926\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found
O4 - HKCU..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Users\Admin\AppData\Roaming\SearchProtect" File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
[2013/12/13 12:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/12/11 07:37:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Smartbar
[2013/12/11 07:37:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mobogenie
[2013/12/11 07:37:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\cache
[2013/12/11 07:36:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/12/11 07:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/11 07:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/12/11 07:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2013/12/11 07:33:22 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/12/11 07:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Systweak
[2013/12/11 07:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/12/11 07:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2013/12/11 07:33:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013/12/11 07:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/11 07:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameoff-games
[2013/12/11 07:31:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NativeMessaging
[2013/12/11 07:31:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Conduit
[2013/12/11 07:31:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CRE
[2013/12/11 07:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/11 07:31:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\SearchProtect
[2013/12/11 07:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2010/01/09 07:00:38 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2013/12/11 07:36:34 | 000,001,104 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/11 07:36:34 | 000,001,094 | ---- | M] () -- C:\Users\Admin\Desktop\MyPC Backup.lnk
[2013/12/11 07:34:22 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/12/11 07:33:21 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/12/11 07:32:59 | 000,000,004 | ---- | M] () -- C:\END
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5D7E5A8F

:Files
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[resethosts]
[emptytemp]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt


Step 5: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 6: OTL Quick Scan

  • Start OTL and this time click the Quick Scan button.
  • OTL will scan your machine and produce one log this time.
  • Please post that log in your next reply.



Things I need to see in your next post:

  • OTL Fix Log
  • AdwCleaner Log
  • Junkware Removal Tool Log
  • OTL Quick Scan Log
  • Malwarebytes Log

  • 0

#7
Dakeyras

Dakeyras

    GeekU Mammoth

  • GeekU Moderator
  • 8,004 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: Need help removing Malware [Closed]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured