Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Small.ca infection [Solved]


  • This topic is locked This topic is locked

#1
Broncos_Man

Broncos_Man

    New Member

  • Member
  • Pip
  • 2 posts
My Windows 7 computer seems to be infected with a Win32/Small.ca trojan. It all started with the PC just shutting off randomly all on it's own. Then I noticed a message in the Action Center saying "Remove Win32/Small.ca virus". I did a scan with Malwarebytes and it found nothing. Then I did a scan with Malwarebytes in Safe Mode and it found something,but the PC turned off right away. Then I did a scan with SuperAntiSpyware and got the same results. Nothing found with the regular scan. Scanned in Safe Mode and it found something,but the PC turned off. Then I scanned with Ad-Aware and it found something. It found dpqs.exe,which is a trojan,and deleted it. Then I looked in the AppData folder,where it was found,and found 2 pieces of the trojan left behind: qs.dll and qs64.dll. I deleted them manually. I tried the Malwarebytes scan in Safe Mode again and got the same result. It finds something,then the computer shuts off. This is very frustrating. Please help.

Here is the OTL log:

OTL logfile created on: 1/3/2014 8:48:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikola\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 51.16% Memory free
7.50 Gb Paging File | 5.59 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.96 Gb Total Space | 168.23 Gb Free Space | 37.14% Space Free | Partition Type: NTFS

Computer Name: NIKOLA-PC | User Name: Nikola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/03 20:44:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nikola\Downloads\OTL.exe
PRC - [2013/12/12 09:15:30 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/10 21:22:58 | 000,010,240 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\SeaMonkey\plugin-container.exe
PRC - [2013/12/10 21:22:13 | 000,067,072 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\SeaMonkey\seamonkey.exe
PRC - [2013/11/27 12:37:40 | 001,171,192 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
PRC - [2013/11/27 12:31:10 | 000,258,066 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
PRC - [2013/11/27 12:30:30 | 000,180,242 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\fcappdb.exe
PRC - [2013/11/27 12:27:18 | 000,512,018 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
PRC - [2013/11/27 12:25:22 | 000,303,122 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
PRC - [2013/11/27 12:24:42 | 000,147,474 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FortiWF.exe
PRC - [2013/11/27 12:20:10 | 000,131,090 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe
PRC - [2013/11/27 12:18:04 | 000,098,322 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
PRC - [2013/11/27 12:14:46 | 000,966,392 | ---- | M] (Fortinet Inc.) -- C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
PRC - [2013/10/27 10:04:40 | 000,557,056 | ---- | M] () -- C:\Program Files\Cold Turkey\CTConfigServer.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/06 04:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/12 09:15:29 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/12/10 21:17:49 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\nsldappr32v60.dll
MOD - [2013/12/10 21:17:47 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\nsldap32v60.dll
MOD - [2013/12/10 21:12:44 | 003,198,464 | ---- | M] () -- C:\Program Files (x86)\SeaMonkey\mozjs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/23 18:50:43 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/12/11 18:03:14 | 000,513,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/12/08 01:04:20 | 000,062,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Cold Turkey\CTService.exe -- (CTService)
SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/30 00:13:03 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/12/16 03:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/02/13 11:08:26 | 002,122,000 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/12/12 09:15:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/27 12:18:04 | 000,098,322 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe -- (FA_Scheduler)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/29 11:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/06 04:15:38 | 000,580,672 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2013/02/28 18:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/03 04:46:08 | 001,572,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Crossfire Server\crossfire32.exe -- (Crossfire)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/11/27 11:59:32 | 000,027,872 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fortiwf2.sys -- (FortiWF)
DRV:64bit: - [2013/11/27 11:59:26 | 000,127,712 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fortips.sys -- (Fortips)
DRV:64bit: - [2013/11/27 11:59:26 | 000,047,328 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FortiRdr2.sys -- (FortiRdr)
DRV:64bit: - [2013/11/27 11:59:22 | 000,037,600 | ---- | M] (Fortinet Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fortifw2.sys -- (FortiFW)
DRV:64bit: - [2013/11/27 11:59:22 | 000,012,512 | ---- | M] (Fortinet Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fortiloader.sys -- (fortiloader)
DRV:64bit: - [2013/11/27 11:59:08 | 000,056,544 | ---- | M] (Fortinet Inc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\FortiShield.sys -- (FortiShield)
DRV:64bit: - [2013/11/27 11:59:08 | 000,050,912 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FortiRmon.sys -- (FARegMon)
DRV:64bit: - [2013/11/27 11:59:06 | 000,056,032 | ---- | M] (Fortinet Inc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\fortimon2.sys -- (FAFileMon)
DRV:64bit: - [2013/11/27 11:59:02 | 000,016,096 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fortiapd.sys -- (fortiapd)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/18 10:21:54 | 000,025,312 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FortiFilter.sys -- (FortiFilter)
DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/04/13 19:23:48 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2012/12/16 03:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/10/06 09:42:25 | 002,156,968 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/13 11:07:34 | 000,108,304 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/01 10:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/21 12:54:24 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
DRV:64bit: - [2011/03/21 12:54:24 | 000,016,928 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftvnic.sys -- (ft_vnic)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/11 18:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/01/26 18:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/09/02 09:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/11 12:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/24 02:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 18:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 12:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 19:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 22:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 22:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 22:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2013/12/22 14:01:00 | 000,090,848 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys -- (mdareDriver_43)
DRV - [2009/09/02 09:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org...or&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00000ff5be7ee14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Before = http://search.easyli...020&lg=EN&cc=CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.search.ya...205,16978,0,6,0
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AA1B3E38-BDEC-4AF2-BE39-BA866F477832}
IE - HKCU\..\SearchScopes\{1F1DD852-89B9-7F11-D737-3C55E9E56A3C}: "URL" = http://wyzo.wyzostar...?}&cfg=2-47-0-0
IE - HKCU\..\SearchScopes\{AA1B3E38-BDEC-4AF2-BE39-BA866F477832}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.easyli...N&cc=CA&l=1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: firebug%40software.joehewitt.com:1.8.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.enabled: false
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "EasyLife"
FF - prefs.js..browser.search.selectedEngine: "EasyLife"
FF - prefs.js..keyword.URL: "http://search.easyli...N&cc=CA&l=1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.order.1: "EasyLife"
FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
FF - prefs.js..browser.startup.homepage: "http://search.b1.org...r&chid=c167991"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetCacheCleanEx: C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll (Fortinet Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nikola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\za1jlc8t.default\extensions\[email protected] [2013/02/19 21:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.0.1\extensions\\Components: C:\Program Files (x86)\Pale Moon\components [2013/04/20 11:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Pale Moon\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.23\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/12/12 18:35:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.23\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins

[2012/12/25 18:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\Extensions
[2011/03/31 21:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/12/23 14:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\Firefox\Profiles\za1jlc8t.default\extensions
[2013/02/19 21:16:00 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Nikola\AppData\Roaming\mozilla\Firefox\Profiles\za1jlc8t.default\extensions\[email protected]
[2013/12/23 14:46:03 | 000,000,000 | ---D | M] ("Torntv V6.0") -- C:\Users\Nikola\AppData\Roaming\mozilla\Firefox\Profiles\za1jlc8t.default\extensions\[email protected]838c5b707.com
[2011/11/26 22:31:48 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Nikola\AppData\Roaming\mozilla\Firefox\Profiles\za1jlc8t.default\extensions\[email protected]
[2013/12/23 14:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\Firefox\Profiles\za1jlc8t.default\extensions\[email protected]838c5b707.com\extensionData
[2013/12/23 14:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\Firefox\Profiles\za1jlc8t.default\extensions\[email protected]838c5b707.com\extensionData\plugins
[2013/12/23 14:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\Firefox\Profiles\za1jlc8t.default\extensions\[email protected]838c5b707.com\extensionData\userCode
[2013/12/12 18:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\SeaMonkey\Profiles\p3ugbxgd.default\extensions
[2013/10/19 15:13:26 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Nikola\AppData\Roaming\mozilla\SeaMonkey\Profiles\p3ugbxgd.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/12/25 18:08:33 | 001,242,959 | ---- | M] () (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\firefox\profiles\za1jlc8t.default\extensions\[email protected]
[2012/12/25 18:08:33 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\firefox\profiles\za1jlc8t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/25 17:56:57 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Nikola\AppData\Roaming\mozilla\firefox\profiles\za1jlc8t.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/12/26 00:43:37 | 000,001,873 | ---- | M] () -- C:\Users\Nikola\AppData\Roaming\mozilla\firefox\profiles\za1jlc8t.default\searchplugins\ask.uk.xml
[2011/04/05 18:06:49 | 000,000,863 | ---- | M] () -- C:\Users\Nikola\AppData\Roaming\mozilla\firefox\profiles\za1jlc8t.default\searchplugins\conduit.xml
[2011/10/23 10:42:15 | 000,001,982 | ---- | M] () -- C:\Users\Nikola\AppData\Roaming\mozilla\firefox\profiles\za1jlc8t.default\searchplugins\duckduckgo-ssl.xml
[2013/02/19 21:16:26 | 000,000,580 | ---- | M] () -- C:\Users\Nikola\AppData\Roaming\mozilla\firefox\profiles\za1jlc8t.default\searchplugins\EasyLife.xml

========== Chrome ==========

CHR - homepage: http://search.b1.org...or&chid=c167991
CHR - homepage: http://search.b1.org...or&chid=c167991
CHR - Extension: No name found = C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: No name found = C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena\1.2_0\
CHR - Extension: No name found = C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0\

O1 HOSTS File: ([2013/09/03 17:19:52 | 000,000,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (BufferZone Web Privacy Manager) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZBHO64.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7CCC28A-A353-4773-BE6E-F7780D1AADB2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/01/02 13:24:14 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f42d085-85dd-11e1-aa9f-00262d954b77}\Shell - "" = AutoRun
O33 - MountPoints2\{2f42d085-85dd-11e1-aa9f-00262d954b77}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{70b07292-1eaa-11e0-840c-00262d954b77}\Shell - "" = AutoRun
O33 - MountPoints2\{70b07292-1eaa-11e0-840c-00262d954b77}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d5d6e13a-a47e-11e2-ba86-00262d954b77}\Shell - "" = AutoRun
O33 - MountPoints2\{d5d6e13a-a47e-11e2-ba86-00262d954b77}\Shell\AutoRun\command - "" = F:\wubi.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wubi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/03 18:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/01/03 13:21:12 | 000,000,000 | ---D | C] -- C:\Users\Nikola\AppData\Roaming\LavasoftStatistics
[2014/01/03 13:20:52 | 000,000,000 | ---D | C] -- C:\Users\Nikola\AppData\Roaming\Lavasoft
[2014/01/03 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2014/01/03 12:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/01/03 12:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/01/03 12:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/01/02 22:42:57 | 000,215,928 | ---- | C] (Sysinternals) -- C:\Users\Nikola\Desktop\pagedfrg.exe
[2014/01/02 15:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/01/02 15:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/01/02 15:10:50 | 000,000,000 | ---D | C] -- C:\Users\Nikola\AppData\Local\Defender_Pro
[2014/01/02 15:08:47 | 000,000,000 | ---D | C] -- C:\Users\Nikola\AppData\Roaming\QuickScan
[2014/01/02 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defender Pro Quick Scanner
[2014/01/02 14:20:28 | 000,061,216 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2014/01/02 14:19:59 | 000,120,064 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2014/01/02 14:19:56 | 000,258,848 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2014/01/02 14:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2014/01/02 13:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/01/02 13:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/12/23 18:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/12/23 18:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/12/23 18:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/12/23 14:45:30 | 000,000,000 | ---D | C] -- C:\Users\Nikola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/12/23 14:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013/12/23 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\Nikola\AppData\Roaming\3909
[2013/12/23 12:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013/12/23 12:51:25 | 000,000,000 | ---D | C] -- C:\GOG Games
[2013/12/22 13:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FortiClient
[2013/12/22 13:58:53 | 000,016,928 | ---- | C] (Fortinet Inc.) -- C:\Windows\SysNative\drivers\ftvnic.sys
[2013/12/22 13:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Fortinet
[2013/12/22 13:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fortinet
[2013/12/22 13:46:49 | 000,000,000 | ---D | C] -- C:\Users\Nikola\Desktop\AskAdmin_v1.2
[2013/12/20 14:43:03 | 000,000,000 | RHSD | C] -- C:\SystemFiles
[2013/12/20 14:42:45 | 000,000,000 | RHSD | C] -- C:\Program Files (x86)\Golden Filter Premium
[2013/12/20 14:15:00 | 000,000,000 | ---D | C] -- C:\Users\Nikola\AppData\Local\Unity
[2013/12/20 12:34:29 | 000,000,000 | -H-D | C] -- C:\Users\Nikola\Documents\isurklg
[2013/12/20 12:34:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sondle Software
[2013/12/20 12:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sondle Software
[2013/12/15 18:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2013/12/12 23:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey
[2013/12/12 23:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Cold Turkey
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Nikola\*.tmp files -> C:\Users\Nikola\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/03 21:14:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/03 20:41:04 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 20:41:04 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 20:33:56 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/01/03 20:32:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/03 20:32:49 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/02 15:19:39 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/02 15:11:08 | 000,010,873 | ---- | M] () -- C:\end
[2014/01/02 15:09:24 | 000,001,001 | ---- | M] () -- C:\quickscan.xml
[2014/01/02 13:24:14 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/12/23 19:27:14 | 000,001,701 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2013/12/23 19:26:33 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/12/23 18:50:43 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/12/22 14:03:16 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/22 14:03:16 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/22 14:03:16 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/22 13:59:14 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\FortiClient.lnk
[2013/12/20 11:47:20 | 000,001,010 | ---- | M] () -- C:\Users\Nikola\Desktop\BingoLiner.lnk
[2013/12/13 23:53:56 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/13 23:53:55 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/12 23:18:13 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Cold Turkey.lnk
[2013/12/12 18:35:12 | 000,001,977 | ---- | M] () -- C:\Users\Nikola\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/12/12 18:35:12 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2013/12/12 16:07:04 | 000,003,517 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2013/12/12 08:20:34 | 004,852,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Nikola\*.tmp files -> C:\Users\Nikola\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/03 12:34:51 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/01/02 15:19:39 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/01/02 15:19:30 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/01/02 15:09:24 | 000,001,001 | ---- | C] () -- C:\quickscan.xml
[2014/01/02 15:08:17 | 000,010,873 | ---- | C] () -- C:\end
[2014/01/02 13:24:14 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/12/23 19:26:33 | 000,003,458 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/12/23 18:50:43 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/12/22 13:59:14 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\FortiClient.lnk
[2013/12/13 23:53:56 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/13 23:53:55 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/12 23:18:13 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Cold Turkey.lnk
[2013/06/02 22:34:41 | 003,269,751 | ---- | C] () -- C:\Users\Nikola\canadastrong.mp4
[2013/05/29 17:30:26 | 000,001,434 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/04/07 20:11:04 | 743,353,157 | ---- | C] () -- C:\Users\Nikola\frenchproject.zip
[2013/04/07 19:30:00 | 005,627,390 | ---- | C] () -- C:\Users\Nikola\IMG_0044.MOV
[2013/04/07 19:30:00 | 003,169,534 | ---- | C] () -- C:\Users\Nikola\IMG_0039.MOV
[2013/04/07 19:30:00 | 003,132,371 | ---- | C] () -- C:\Users\Nikola\IMG_0040.MOV
[2013/04/07 19:30:00 | 002,471,507 | ---- | C] () -- C:\Users\Nikola\IMG_0035.MOV
[2013/04/07 19:30:00 | 001,587,667 | ---- | C] () -- C:\Users\Nikola\IMG_0046.MOV
[2013/04/07 19:30:00 | 001,518,268 | ---- | C] () -- C:\Users\Nikola\IMG_0049.MOV
[2013/03/31 11:04:51 | 000,018,976 | ---- | C] () -- C:\Windows\SysWow64\qengine.ini
[2013/03/31 11:04:51 | 000,002,664 | ---- | C] () -- C:\Windows\SysWow64\qengineOff.ini
[2013/03/04 22:15:40 | 000,000,045 | ---- | C] () -- C:\Users\Nikola\jagex_cl_runescape_LIVE.dat
[2013/03/04 22:15:40 | 000,000,024 | ---- | C] () -- C:\Users\Nikola\random.dat
[2013/01/02 12:47:39 | 000,000,107 | ---- | C] () -- C:\Users\Nikola\SecurityKISSTunnel.config
[2012/12/25 18:12:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/04/06 15:36:44 | 000,000,140 | ---- | C] () -- C:\ProgramData\xlink.sys
[2012/04/06 15:36:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ntUsrrP_1_0.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/15 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\.BitTornado
[2013/04/06 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\.crossfire
[2012/12/26 15:40:22 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\.xombrero
[2013/12/23 12:51:41 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\3909
[2011/12/28 20:18:08 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Abine
[2013/04/08 01:20:05 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Audacity
[2012/12/25 20:36:14 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Avant Downloader
[2013/04/28 20:21:55 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\B1Toolbar
[2013/01/29 19:36:23 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\ChemBuddy
[2011/01/08 01:58:23 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012/12/26 15:50:02 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\CometNetwork
[2012/04/13 19:06:12 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\DAEMON Tools Pro
[2013/04/13 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\DAEMON Tools Ultra
[2013/11/10 22:56:14 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\EPSON
[2012/12/25 21:09:21 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Fenrir Inc
[2011/05/25 21:53:03 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\FloodLightGames
[2012/12/25 18:22:31 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\KDE
[2012/05/06 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\LolClient
[2012/12/25 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Lunascape
[2013/02/10 11:38:32 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Lunaweb
[2012/12/25 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Maxthon3
[2012/12/26 00:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Moonchild Productions
[2012/12/25 18:12:05 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Netscape
[2012/06/23 13:18:47 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\OpenOffice.org
[2012/12/25 18:06:53 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Opera
[2012/12/25 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Orca Profiles
[2012/02/04 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Packard Bell
[2011/05/07 17:00:04 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\PlayFirst
[2013/05/20 11:11:13 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Polynomial
[2014/01/02 15:08:47 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\QuickScan
[2013/06/09 12:12:29 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\RenPy
[2013/02/19 21:16:45 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\SendSpace
[2012/12/25 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\SlimBrowser
[2012/12/24 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\SoftGrid Client
[2011/03/31 21:58:41 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Thunderbird
[2011/01/12 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\TP
[2013/05/15 22:41:13 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\uTorrent
[2013/01/12 10:43:18 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Wargaming.net
[2012/12/24 19:11:41 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\WildTangent
[2012/12/25 00:34:28 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Windows Live Writer
[2013/04/08 00:54:24 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/04/08 00:54:18 | 000,000,000 | ---D | M] -- C:\Users\Nikola\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:82F50D1C

< End of report >

Edited by Broncos_Man, 03 January 2014 - 11:29 PM.

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi Broncos_Man, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

Please post the Extras.txt generated by OTL.exe on its first run. It is located in C:\Users\Nikola\Downloads.

 

  • Required Log(s):
  • Extras.txt

Regards,
Valinorum
  • 0

#3
Broncos_Man

Broncos_Man

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
It's ok,I don't need help anymore,I got really frustrated trying to remove this [bleep] trojan,so I just wiped the drive and installed Linux. Linux does what Windon't! You guys can delete this thread now.
  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Roger.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP