Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A Foreign Lnguage Invasion [Closed]


  • This topic is locked This topic is locked

#1
thailen

thailen

    Member

  • Member
  • PipPip
  • 59 posts
I bought a notebook pc a few years ago and it was 100% English - the Windows OS(64-bit Home Edition), my browsers(IE,Forefox, Torch) all the software,
in short, everything. Then I got a Thai girl friend(we live in Thailand) and almost every schreen is invaded by Thai - ads, google and yahoo search, game teasers, etc. Example: I type google.com and get google.co.th. I just want to get rid of ALL the Thai stuff! BTW, I have Malwarebytes Anti-malware, Wise Disk Cleaner and CC Cleaner.
  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello thalien :welcome:

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

Please read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.



With that read, let's get started. I need you to carry out the following scans and post me the results. :)

Downloads automatically start when clicking links

1. DOWNLOAD OTL

  • Using this link Download OTL and save it to your Desktop
  • If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
  • Right click the OTL icon and select Run as Administrator. (XP USERS - Double-click the OTL icon)
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply


2. aswMBR

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator (XP USERS - Double-click the aswMBR icon) select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply

3. Run ADWcleaner

  • Using this link Download ADWcleaner and save to Desktop.
  • Right click ADWcleaner and Run as Administrator (XP USERS - Double-click the ADWcleaner icon) then select Scan
  • When the search is complete click Report. Please post this report in your next reply.

4. Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I want to see in your next post.

  • OTL.txt
  • Extras.txt
  • aswMBR results
  • ADWcleaner results
  • checkuptxt

  • 0

#3
thailen

thailen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Here are the OTL.txt and Estras.txt log files

I hope it's what you wanted.

I'm ready and waiting.


OTL logfile created on: 1/22/2014 12:21:49 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Len\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.73 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 60.46% Memory free
6.86 Gb Paging File | 4.25 Gb Available in Paging File | 62.02% Paging File free
Paging file location(s): c:\pagefile.sys 1155 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 14.36 Gb Free Space | 6.60% Space Free | Partition Type: NTFS

Computer Name: LEN-PC | User Name: Len | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/22 11:13:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Len\Downloads\OTL.exe
PRC - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/21 07:07:39 | 000,885,056 | ---- | M] (Torch Media Inc.) -- C:\Users\Len\AppData\Local\Torch\Application\torch.exe
PRC - [2013/12/21 07:07:35 | 001,124,160 | ---- | M] (Torch Media Inc.) -- C:\Users\Len\AppData\Local\Torch\Update\29.0.0.5394\TorchUpdate.exe
PRC - [2013/12/21 06:02:35 | 001,205,760 | ---- | M] (TorchMedia Inc.) -- C:\Users\Len\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2013/12/20 07:15:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/11 12:43:42 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/11/12 04:57:52 | 001,381,512 | ---- | M] (CBS Interactive Inc.) -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
PRC - [2013/10/30 14:02:14 | 000,746,176 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
PRC - [2013/08/26 19:18:26 | 001,127,000 | ---- | M] (BitTorrent Inc.) -- C:\Users\Len\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/22 15:26:32 | 034,199,872 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2012/10/26 13:49:04 | 000,202,752 | ---- | M] () -- C:\Users\Len\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/02/14 22:18:56 | 000,079,728 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe
PRC - [2010/01/08 20:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/16 14:26:02 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2014/01/04 14:42:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2014/01/04 14:40:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2014/01/04 14:37:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2014/01/04 14:37:17 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2014/01/04 14:37:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2014/01/04 14:36:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/12/21 07:07:39 | 012,456,040 | ---- | M] () -- C:\Users\Len\AppData\Local\Torch\Application\29.0.0.5394\PepperFlash\pepflashplayer.dll
MOD - [2013/12/21 07:07:39 | 004,008,040 | ---- | M] () -- C:\Users\Len\AppData\Local\Torch\Application\29.0.0.5394\pdf.dll
MOD - [2013/12/21 07:07:39 | 001,870,656 | ---- | M] () -- C:\Users\Len\AppData\Local\Torch\Application\29.0.0.5394\ffmpegsumo.dll
MOD - [2013/12/21 07:07:39 | 000,884,032 | ---- | M] () -- C:\Users\Len\AppData\Local\Torch\Application\29.0.0.5394\libglesv2.dll
MOD - [2013/12/21 07:07:39 | 000,478,528 | ---- | M] () -- C:\Users\Len\AppData\Local\Torch\Application\29.0.0.5394\ppgooglenaclpluginchrome.dll
MOD - [2013/12/21 07:07:39 | 000,105,792 | ---- | M] () -- C:\Users\Len\AppData\Local\Torch\Application\29.0.0.5394\libegl.dll
MOD - [2013/12/20 07:13:08 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/11 12:43:24 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/11/12 04:50:06 | 000,623,104 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Flow.dll
MOD - [2013/11/12 04:48:30 | 001,161,216 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\libcurl.dll
MOD - [2013/11/12 04:47:40 | 001,105,408 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\libxml2.dll
MOD - [2013/11/12 04:47:04 | 000,066,560 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\zlib.dll
MOD - [2013/10/30 14:02:14 | 000,746,176 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MOD - [2013/08/15 17:31:14 | 000,268,968 | ---- | M] () -- C:\Windows\SysWOW64\sqlite3.dll
MOD - [2013/07/19 03:57:34 | 000,562,072 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\sqlite3.dll
MOD - [2012/12/07 05:56:32 | 020,758,016 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\libcef.dll
MOD - [2012/12/07 05:56:28 | 000,183,822 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\avformat-53.dll
MOD - [2012/12/07 05:56:28 | 000,111,616 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\libEGL.dll
MOD - [2012/12/07 05:56:26 | 001,094,158 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\avcodec-53.dll
MOD - [2012/12/07 05:56:26 | 000,622,080 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\libGLESv2.dll
MOD - [2012/12/07 05:56:24 | 000,117,262 | ---- | M] () -- C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\avutil-51.dll
MOD - [2012/10/26 13:49:04 | 000,202,752 | ---- | M] () -- C:\Users\Len\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/09 20:02:12 | 002,252,504 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/05/27 12:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/11/09 20:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/30 01:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/14 08:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (e81a9dc1)
SRV - [2013/12/21 13:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/21 06:02:35 | 001,205,760 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Len\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013/12/11 12:43:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/09 14:38:12 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/01/23 17:50:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/08 20:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 03:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/22 12:05:45 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/11/27 11:07:26 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gvuvcowg.sys -- (gvuvcowg)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/08/16 15:43:36 | 000,100,960 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Bprotect.sys -- (Bprotect)
DRV:64bit: - [2013/08/09 20:02:14 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/08/09 20:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/08/08 10:25:30 | 000,076,096 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BprotectEx.sys -- (BprotectEx)
DRV:64bit: - [2013/07/15 10:47:42 | 000,046,912 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfilter.sys -- (Bfilter)
DRV:64bit: - [2013/07/15 10:47:42 | 000,032,064 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfmon.sys -- (Bfmon)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/02 01:13:42 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/08/02 01:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/05/21 12:25:44 | 001,605,280 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012/03/01 13:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/06/07 19:44:16 | 000,040,128 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/11 13:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 13:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 15:44:04 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/11/20 20:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 18:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 06:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/09 21:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/09 20:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/29 20:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/11 17:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/19 00:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 07:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 07:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearche...X&ts=1384070601
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearche...X&ts=1384070601
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.c...MTTX&ts=5701724
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.c...MTTX&ts=5701724
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...MTTX&ts=5701724
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2446}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}: "URL" = http://www.searchbro...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2446}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.too...&cc=TH&unqvl=46
IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\URLSearchHook: {327f75ed-061b-4339-8cc6-5dd45ad1396d} - No CLSID value found
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes,DefaultScope = {DC040CF2-9B38-4AC6-B838-5E43A988ECED}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...00000ff3161bb4e
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{67C7D7CD-8FD0-4A89-8C8F-7DFEAA1CB9CA}: "URL" = http://search.condui...797502192816217
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{6901DD04-8D2C-4A96-8C29-14E27A98B30A}: "URL" = http://th.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}: "URL" = http://www.searchbro...q={searchTerms}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2446}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6Oys3elKPh&i=26
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{DC040CF2-9B38-4AC6-B838-5E43A988ECED}: "URL" = http://search.softon...toi=16042&r=204
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{DF9610C4-8DD7-4DE2-926D-622CDC65CE88}: "URL" = http://blekko.com/ws...rchTerms}&r=265
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{E7AFF26F-6CB3-4045-92E6-F309E4602626}: "URL" = http://search.zoneal...rchTerms}&r=775
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...1&sa=Search&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-msgr"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://websearch.too...cc=TH&unqvl=46"
FF - prefs.js..extensions.enabledAddons: speeddial%40instair.net:1.3.1
FF - prefs.js..extensions.enabledAddons: TFToolbarX%40torrent-finder:1.3.1
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130813024103
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:2.4.0.63
FF - prefs.js..extensions.enabledAddons: freegames4357%40BestOffers:3.0.0.0
FF - prefs.js..extensions.enabledAddons: b026053c-c151-481a-a83e-4fb8d5b1b1a4%40cb8a450e-83dd-422a-b921-028b1cbf9831.com:0.93.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://websearch.too...nqvl=46&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF - user.js..browser.search.defaultenginename: "SearchMyWeb"
FF - user.js..browser.search.defaulturl: "http://www.google.co...1&sa=Search&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Len\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/16 11:45:08 | 000,000,000 | ---D | M]

[2012/12/28 05:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Extensions
[2013/12/07 13:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/06/27 12:34:29 | 000,000,000 | ---D | M] (Marine Aquarium Lite) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]_57.com
[2013/07/13 23:52:06 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2013/08/23 16:00:08 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2014/01/16 11:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions
[2013/09/05 19:49:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/07/13 11:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}.oldbackup
[2013/12/16 19:37:48 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/11/06 17:18:28 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]09d438e81.com
[2014/01/09 21:16:06 | 000,000,000 | ---D | M] (graeatosaveer) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2014/01/16 07:46:06 | 000,000,000 | ---D | M] (SNT) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2013/11/11 07:30:08 | 000,000,000 | ---D | M] ("Magnet Downloader") -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]b1cbf9831.com
[2014/01/15 22:10:38 | 000,000,000 | ---D | M] (greatsAvver) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2014/01/16 11:33:43 | 000,000,000 | ---D | M] (grieaTssaver) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2013/12/05 08:14:17 | 000,000,000 | ---D | M] (YoutubeAdblocker) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2014/01/16 11:33:43 | 000,000,000 | ---D | M] (SNT) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2013/12/05 08:01:18 | 000,000,000 | ---D | M] (surFF and keep) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2013/09/09 00:38:48 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2013/11/07 07:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData
[2013/11/07 07:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]09d438e81.com\extensionData\plugins
[2013/11/07 07:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]09d438e81.com\extensionData\userCode
[2014/01/14 20:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]b1cbf9831.com\extensionData
[2014/01/11 16:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]b1cbf9831.com\extensionData\plugins
[2014/01/14 20:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]b1cbf9831.com\extensionData\userCode
[2013/07/13 14:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profilesoar0nomw.default\extensions
[2013/07/13 14:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profilesoar0nomw.default\extensions\staged
[2013/12/07 08:25:20 | 000,007,143 | ---- | M] () (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2013/08/23 09:11:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2014/01/04 10:16:04 | 000,082,771 | ---- | M] () (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2013/12/07 08:13:59 | 000,119,925 | ---- | M] () (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
[2013/07/13 11:02:19 | 000,001,003 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\conduit.xml
[2013/02/18 13:09:26 | 000,001,294 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\delta.xml
[2012/03/19 12:10:56 | 000,001,830 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\inkline.xml
[2012/02/06 17:31:36 | 000,002,203 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\MyStart Search.xml
[2013/02/25 08:13:33 | 000,003,331 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\SearchBrowsing.xml
[2013/02/21 21:19:06 | 000,002,687 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\Search_Results.xml
[2013/12/03 18:39:59 | 000,001,448 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\softonic.xml
[2013/02/27 19:40:25 | 000,001,435 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\spamfreesearch.xml
[2011/09/24 09:05:22 | 000,003,915 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\sweetim.xml
[2014/01/16 11:28:16 | 000,000,660 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\WebSearch.xml
[2013/08/04 07:09:42 | 000,000,921 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\yahoo.xml
[2013/12/28 21:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/20 07:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/12/20 07:11:41 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2013/12/20 07:11:50 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2013/12/28 21:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/20 07:15:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/18 13:07:39 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/09/24 09:12:44 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2013/07/03 17:02:51 | 000,000,745 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
[2013/02/21 21:19:06 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/01/10 07:46:47 | 000,062,466 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\testlog.txt
[2012/07/12 01:26:14 | 000,001,068 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahootc.xml

========== Chrome ==========

CHR - homepage: http://websearch.too...&cc=TH&unqvl=46
CHR - plugin: Default Profile (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: greatsAvver = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfcehgellgondcahiceadclfaeppinh\2.7\
CHR - Extension: SNT = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdpbmdcjoblogbigdlngnbjmkcjjaml\2.1\
CHR - Extension: SecretSauce = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpebffoameokfhnaaedmefjncfboino\1.0.0_0\
CHR - Extension: Magnet Downloader = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfcfkhnlpcoafpoepljegijlkinbhjgb\1.25.16_0\crossrider
CHR - Extension: Magnet Downloader = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfcfkhnlpcoafpoepljegijlkinbhjgb\1.25.16_0\
CHR - Extension: BitTorrentControl_v12 = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.100.504_0\
CHR - Extension: BitTorrentControl_v12 = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.22.3.518_0\
CHR - Extension: BitTorrentControl_v12 = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.22.3.518_0\nativeMessaging\nmHost
CHR - Extension: BitTorrentControl_v12 = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.22.3.518_1\
CHR - Extension: BitTorrentControl_v12 = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.22.3.518_1\nativeMessaging\nmHost
CHR - Extension: BitTorrentControl_v12 = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.23.0.822_0\
CHR - Extension: BitTorrentControl_v12 = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjlifcgenldhojcmoojnfkhoammiekg\1.1\
CHR - Extension: Yahoo! Toolbar for Chrome = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.0.317_0\
CHR - Extension: Facebook Background Changer = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnlfbokmiehpnhgdjlmedakkchfldmj\140\
CHR - Extension: AccelerateTab = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\
CHR - Extension: avast! Online Security = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: grieaTssaver = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbboffonbnmkjmbeonglogijaphnchp\2.7\
CHR - Extension: graeatosaveer = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbeloakmnlohkkigpabfcpnengmmjolk\2.7\
CHR - Extension: SlingPlayer Web Plug-in = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.52_0\
CHR - Extension: SlingPlayer Web Plug-in = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\
CHR - Extension: Skype Click to Call = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: SNT = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcgoddlibcakdfbomhiloneheaejkgj\2.1\
CHR - Extension: Allin1Convert = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlmkmibflpaljkoooahfipdfhgpaoddh\5.53.2.51710_0\
CHR - Extension: wxDownload = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmcbeoliijkbhdgglcenampjmmfldjon\4_0\
CHR - Extension: Google Wallet = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: YoutubeAdblocker = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\npbfmnahmgpfgggdebpganpfdnklhhpm\1.0\
CHR - Extension: Vuze Remote = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.22.5.510_0\
CHR - Extension: Vuze Remote = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.22.5.510_0\nativeMessaging\nmHost
CHR - Extension: Vuze Remote = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.23.0.822_0\
CHR - Extension: Vuze Remote = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: surFF and keep = C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Extensions\oogkhdbihdcgipbnlffjcomenjcipebc\2.19\

O1 HOSTS File: ([2011/10/30 13:40:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (grieaTssaver) - {093AD666-04F0-9F0E-D18B-17A2F9200ED0} - C:\Program Files (x86)\grieaTssaver\rfuz0OLht.x64.dll File not found
O2:64bit: - BHO: (Magnet Downloader) - {11111111-1111-1111-1111-110411551108} - C:\Program Files (x86)\Magnet Downloader\Magnet Downloader-bho64.dll File not found
O2:64bit: - BHO: (Torntv V6.0) - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll File not found
O2:64bit: - BHO: (Free Games (4357)) - {2977C29A-6723-4436-90BB-F7C5FDEF88A1} - C:\Program Files (x86)\Free Games (4357)\ScriptHost64.dll File not found
O2:64bit: - BHO: (SNT) - {3984859A-8C2A-0DF1-10DD-A0CAD6A3E3C1} - C:\Program Files (x86)\SNT\LQBVwvcdf.x64.dll File not found
O2:64bit: - BHO: (graeatosaveer) - {B82EAC05-4A6E-CF82-97F4-C9F430C0A9AF} - C:\Program Files (x86)\graeatosaveer\eOZ5I0oB9.x64.dll File not found
O2:64bit: - BHO: (greatsAvver) - {E451BD9C-5EDA-5B78-A73D-FAA4540544F6} - C:\Program Files (x86)\greatsAvver\pza.x64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\Toolbar\WebBrowser: (no name) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - No CLSID value found.
O3 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKU\S-1-5-21-625874700-1120043621-705933047-1001..\Run: [BitTorrent] C:\Users\Len\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-625874700-1120043621-705933047-1001..\Run: [FLV Player] C:\Users\Len\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe ()
O4 - HKU\S-1-5-21-625874700-1120043621-705933047-1001..\Run: [NextLive] C:\Users\Len\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKU\S-1-5-21-625874700-1120043621-705933047-1001..\Run: [WiseReminder] C:\Program Files (x86)\Wise\Wise Reminder\WiseReminder.exe (Lespeed)
O4 - Startup: C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk = C:\Users\Len\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe (CBS Interactive Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1B94553-2C61-4AC5-878E-23F2FAD82912}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL) - C:\Program Files (x86)\GS-Enabler\Assistant_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\sk-enh~1\psupport.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/21 19:50:55 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\newnext.me
[2014/01/19 16:50:42 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Local\Torrents Downloader
[2014/01/19 16:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Torrents Downloader
[2014/01/19 16:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2014/01/19 15:38:51 | 000,000,000 | ---D | C] -- C:\Users\Len\Documents\Smart PC Cleaner
[2014/01/19 15:38:33 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\Smart PC Cleaner
[2014/01/19 15:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIO Player
[2014/01/19 15:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
[2014/01/19 15:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIO Player
[2014/01/19 15:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
[2014/01/19 15:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2014/01/19 15:32:33 | 000,000,000 | ---D | C] -- C:\Users\Len\Qtrax
[2014/01/19 15:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sea App (Internet Explorer)
[2014/01/19 15:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Cleaner
[2014/01/18 10:33:55 | 000,018,432 | ---- | C] (NewTech Infosystems, Inc.) -- C:\Windows\SysNative\drivers\NTIDrvr.sys
[2014/01/18 10:33:53 | 000,016,896 | ---- | C] (NewTech Infosystems Corporation) -- C:\Windows\SysNative\drivers\UBHelper.sys
[2014/01/16 11:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\grieaTssaver
[2014/01/16 11:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\grieaTssaver
[2014/01/15 22:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/01/15 22:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\House Of Soft
[2014/01/15 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\greatsAvver
[2014/01/15 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\greatsAvver
[2014/01/15 22:08:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\X86
[2014/01/15 22:08:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AMD64
[2014/01/09 21:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftWarehouse
[2014/01/09 21:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GS-Enabler
[2014/01/09 21:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\graeatosaveer
[2014/01/09 21:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\graeatosaveer
[2014/01/09 21:07:51 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Local\Comodo
[2014/01/08 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\KingTranslate
[2014/01/08 14:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KingTranslate
[2013/12/31 13:47:45 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\Systweak
[2013/12/31 13:47:45 | 000,000,000 | ---D | C] -- C:\Users\Len\Documents\Downloads
[2013/12/31 13:24:56 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download App
[2013/12/31 13:24:39 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\CBS Interactive
[2013/12/30 08:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2013/12/27 21:09:15 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Local\DriverTuner
[2013/12/27 21:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2013/12/27 21:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2013/12/27 17:44:04 | 000,000,000 | ---D | C] -- C:\AMD
[2013/12/27 15:24:21 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Local\SlimWare Utilities Inc
[2013/12/27 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2013/12/27 15:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/12/27 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/12/26 15:04:28 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\Wise Care 365
[2013/12/25 20:08:24 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
[2013/12/25 20:08:14 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Local\WebPlayer
[2013/12/24 20:46:10 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\Wise_Reminder
[2013/12/24 20:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise PC 1stAid
[2013/12/24 20:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Reminder
[2013/12/24 20:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[18 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2014/01/22 12:41:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/22 12:36:37 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/22 12:13:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/22 12:13:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/22 12:08:05 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2014/01/22 12:05:45 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/01/22 12:05:36 | 000,001,328 | ---- | M] () -- C:\Windows\tasks\Magnet Downloader-updater.job
[2014/01/22 12:05:34 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/22 12:05:32 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Sk-Enhancer-S-5902107913.job
[2014/01/22 12:05:31 | 000,001,220 | ---- | M] () -- C:\Windows\tasks\Magnet Downloader-codedownloader.job
[2014/01/22 12:05:29 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\Magnet Downloader-enabler.job
[2014/01/22 12:05:21 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/01/22 12:04:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/22 12:04:35 | 318,951,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/22 11:29:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-625874700-1120043621-705933047-1001UA.job
[2014/01/22 11:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-625874700-1120043621-705933047-1001Core.job
[2014/01/22 07:36:39 | 000,006,586 | ---- | M] () -- C:\Windows\SysWow64\062644590.png
[2014/01/21 19:59:31 | 000,711,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/21 19:59:31 | 000,614,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/21 19:59:31 | 000,103,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/21 16:00:06 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2014/01/21 06:28:44 | 000,006,500 | ---- | M] () -- C:\Windows\SysWow64\122334190.png
[2014/01/21 06:23:24 | 000,469,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/21 06:18:01 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\Wise Disk Cleaner Schedule Task.job
[2014/01/19 13:23:00 | 000,000,251 | ---- | M] () -- C:\Users\Len\Desktop\JPG141KBSave.url
[2014/01/18 19:39:33 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/01/17 20:59:01 | 000,030,197 | ---- | M] () -- C:\Users\Len\Documents\Manila to Butuan in April,2014.odt
[2014/01/16 19:27:23 | 000,022,138 | ---- | M] () -- C:\Windows\SysWow64\114214775.png
[2014/01/09 14:12:29 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/01/04 10:17:19 | 000,019,695 | ---- | M] () -- C:\Windows\SysWow64\120841316.png
[2013/12/31 13:24:57 | 000,001,201 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
[2013/12/31 13:24:56 | 000,001,185 | ---- | M] () -- C:\Users\Len\Desktop\Download App.lnk
[2013/12/30 05:49:17 | 000,002,127 | ---- | M] () -- C:\Users\Len\Desktop\FLV Player.lnk
[2013/12/28 16:51:09 | 000,028,712 | ---- | M] () -- C:\Windows\SysWow64\121656907.png
[2013/12/27 17:28:20 | 000,020,824 | ---- | M] () -- C:\Users\Len\Documents\Proposed Shed for Pool Lounge Chairs.odt
[2013/12/27 15:29:54 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/12/27 15:20:36 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
[2013/12/26 21:33:14 | 000,000,020 | ---- | M] () -- C:\Windows\ìö´
[2013/12/25 18:32:44 | 000,002,199 | ---- | M] () -- C:\Users\Len\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/12/25 18:32:43 | 000,002,197 | ---- | M] () -- C:\Users\Len\Desktop\Torch.lnk
[2013/12/24 17:08:35 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/12/24 17:03:05 | 000,022,036 | ---- | M] () -- C:\Users\Len\Documents\New Thai Ed Visa Requirements as of December,2013.odt
[2013/12/24 08:19:48 | 000,011,529 | ---- | M] () -- C:\Users\Len\Documents\Web Sites for English Conversation.odt
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[18 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2014/01/22 07:36:39 | 000,006,586 | ---- | C] () -- C:\Windows\SysWow64\062644590.png
[2014/01/21 06:28:44 | 000,006,500 | ---- | C] () -- C:\Windows\SysWow64\122334190.png
[2014/01/19 16:50:29 | 000,001,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torrents Downloader.lnk
[2014/01/19 13:23:00 | 000,000,251 | ---- | C] () -- C:\Users\Len\Desktop\JPG141KBSave.url
[2014/01/17 20:58:49 | 000,030,197 | ---- | C] () -- C:\Users\Len\Documents\Manila to Butuan in April,2014.odt
[2014/01/16 19:27:23 | 000,022,138 | ---- | C] () -- C:\Windows\SysWow64\114214775.png
[2014/01/04 10:17:19 | 000,019,695 | ---- | C] () -- C:\Windows\SysWow64\120841316.png
[2013/12/31 13:24:56 | 000,001,201 | ---- | C] () -- C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
[2013/12/31 13:24:56 | 000,001,185 | ---- | C] () -- C:\Users\Len\Desktop\Download App.lnk
[2013/12/28 17:02:32 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2013/12/28 16:51:09 | 000,028,712 | ---- | C] () -- C:\Windows\SysWow64\121656907.png
[2013/12/27 17:30:51 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/12/27 15:29:54 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2013/12/27 15:24:39 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/12/26 21:33:10 | 000,000,020 | ---- | C] () -- C:\Windows\ìö´
[2013/12/25 20:08:24 | 000,002,127 | ---- | C] () -- C:\Users\Len\Desktop\FLV Player.lnk
[2013/12/25 16:01:54 | 000,020,824 | ---- | C] () -- C:\Users\Len\Documents\Proposed Shed for Pool Lounge Chairs.odt
[2013/12/24 17:03:01 | 000,022,036 | ---- | C] () -- C:\Users\Len\Documents\New Thai Ed Visa Requirements as of December,2013.odt
[2013/12/24 07:58:59 | 000,011,529 | ---- | C] () -- C:\Users\Len\Documents\Web Sites for English Conversation.odt
[2013/08/28 11:38:35 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\config.ini
[2013/08/23 15:24:34 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/06 14:58:48 | 000,000,258 | RHS- | C] () -- C:\Users\Len\ntuser.pol
[2013/07/27 08:21:18 | 000,000,097 | ---- | C] () -- C:\Users\Len\AppData\Roaming\WB.CFG
[2013/07/16 19:32:04 | 000,000,081 | ---- | C] () -- C:\Users\Len\AppData\Roaming\mbam.context.scan
[2013/07/13 13:41:12 | 000,430,107 | ---- | C] () -- C:\Users\Len\AppData\Local\funmoods_speedial_v9.0.10.crx
[2013/07/13 13:40:59 | 000,077,717 | ---- | C] () -- C:\Users\Len\AppData\Local\funmoods_2.3.1.crx
[2013/06/15 10:07:17 | 000,000,005 | ---- | C] () -- C:\Users\Len\AppData\Roaming\WBPU-TTL.DAT
[2012/11/23 20:07:33 | 517,131,497 | ---- | C] () -- C:\Users\Len\Treme.S03E01.HDTV.x264-EVOLVE.mp4
[2012/10/31 09:27:30 | 000,527,910 | ---- | C] () -- C:\Users\Len\Superfreakonomics.epub
[2012/10/29 12:59:56 | 000,476,910 | ---- | C] () -- C:\Users\Len\The Marriage Plot - Jeffrey Eugenides.epub
[2012/02/28 11:01:00 | 000,009,216 | ---- | C] () -- C:\Users\Len\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 14:49:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/01/15 14:49:43 | 000,000,000 | ---- | C] () -- C:\Users\Len\AppData\Roaming\MIDI Patch Names
[2012/01/15 14:49:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/01/15 14:49:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/01/15 14:49:41 | 000,000,000 | ---- | C] () -- C:\Users\Len\AppData\Roaming\MIDI Devices
[2011/10/30 14:46:50 | 000,017,408 | ---- | C] () -- C:\Users\Len\AppData\Local\WebpageIcons.db
[2011/10/30 06:17:43 | 000,007,605 | ---- | C] () -- C:\Users\Len\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2012/11/01 19:30:52 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{75bcb7b5-486d-1f50-de62-62d23230c453}\L
[2012/11/23 01:17:42 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{75bcb7b5-486d-1f50-de62-62d23230c453}\U
[2012/11/01 19:30:52 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{75bcb7b5-486d-1f50-de62-62d23230c453}\L\[email protected]
[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 09:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 08:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/14 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/10/14 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/10/13 15:07:26 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Sling Media
[2013/12/25 10:31:39 | 000,000,000 | -HSD | M] -- C:\Users\Len\AppData\Roaming\.#
[2013/03/29 14:48:13 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Aura4You
[2013/11/27 20:26:48 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\AVAST Software
[2013/11/05 08:07:05 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Azureus
[2013/09/14 16:34:55 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\baidu
[2013/08/14 21:04:56 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Baidu Security
[2014/01/22 13:24:53 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\BitTorrent
[2013/07/05 21:37:34 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\calibre
[2013/12/31 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\CBS Interactive
[2012/03/25 07:12:25 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\CheckPoint
[2013/08/21 10:23:34 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Chikka Messenger
[2011/11/30 01:27:02 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\com.w3i.FlipToast
[2013/08/23 15:14:47 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\DownLite
[2013/11/20 12:01:22 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Dropbox
[2013/06/15 08:50:11 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\DSite
[2013/07/03 17:01:13 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\eIntaller
[2013/06/02 06:34:18 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\eSobi
[2013/03/23 13:10:38 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\eType
[2013/02/16 17:57:57 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\ExpressFiles
[2011/11/30 01:28:12 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\FUJIFILM
[2012/10/07 19:36:52 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\GoforFiles
[2013/09/09 00:38:49 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\IObit
[2011/07/23 05:13:41 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\iolo
[2013/07/13 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\IrfanView
[2014/01/08 14:11:30 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\KingTranslate
[2013/02/12 06:13:08 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\NCdownloader
[2014/01/22 12:06:08 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\newnext.me
[2012/01/15 21:26:43 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Nikon
[2013/08/19 13:26:09 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\OpenOffice
[2011/11/30 01:27:09 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\OpenOffice.org
[2013/10/26 12:38:29 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Philipp Winterberg
[2013/07/13 11:16:57 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\SearchProtect
[2013/07/13 14:22:29 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\SimilarSites
[2011/11/30 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Sling Media
[2014/01/19 15:38:33 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Smart PC Cleaner
[2014/01/16 07:55:02 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\SoftGrid Client
[2013/12/31 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Systweak
[2013/01/10 07:38:09 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\TP
[2013/09/07 05:33:56 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\TuneUp Software
[2014/01/22 08:32:32 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Uniblue
[2013/09/18 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\uTorrent
[2012/09/23 15:05:24 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Windows Live Writer
[2014/01/22 12:06:04 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Wise Care 365
[2013/12/24 20:29:31 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Wise Disk Cleaner
[2013/12/24 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Wise_Reminder
[2013/07/13 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Yontoo
[2013/01/10 07:39:15 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 13:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 12:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 08:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 12:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/18 02:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 12:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 13:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 13:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 13:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 13:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 13:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 19:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 17:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/18 02:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 17:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 20:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/18 02:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 17:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 08:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/18 02:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 13:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 17:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 08:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 08:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 08:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 08:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 08:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 20:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 20:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 20:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 20:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 08:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/07/18 02:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/07/18 02:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is 4A9E-F79A
Directory of C:\
07/14/2009 12:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
10/13/2013 01:53 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
10/13/2013 01:53 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
10/13/2013 01:53 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
10/13/2013 01:53 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]
10/13/2013 01:53 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/13/2013 01:53 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/13/2013 01:53 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
10/13/2013 01:53 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
10/13/2013 01:53 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
10/13/2013 01:53 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
10/13/2013 01:53 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
10/13/2013 01:53 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
10/13/2013 01:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
10/13/2013 01:53 PM <JUNCTION> My Music [C:\Users\Guest\Music]
10/13/2013 01:53 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
10/13/2013 01:53 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Len
05/03/2011 01:57 AM <JUNCTION> Application Data [C:\Users\Len\AppData\Roaming]
05/03/2011 01:57 AM <JUNCTION> Cookies [C:\Users\Len\AppData\Roaming\Microsoft\Windows\Cookies]
05/03/2011 01:57 AM <JUNCTION> Local Settings [C:\Users\Len\AppData\Local]
05/03/2011 01:57 AM <JUNCTION> My Documents [C:\Users\Len\Documents]
05/03/2011 01:57 AM <JUNCTION> NetHood [C:\Users\Len\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/03/2011 01:57 AM <JUNCTION> PrintHood [C:\Users\Len\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/03/2011 01:57 AM <JUNCTION> Recent [C:\Users\Len\AppData\Roaming\Microsoft\Windows\Recent]
05/03/2011 01:57 AM <JUNCTION> SendTo [C:\Users\Len\AppData\Roaming\Microsoft\Windows\SendTo]
05/03/2011 01:57 AM <JUNCTION> Start Menu [C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu]
05/03/2011 01:57 AM <JUNCTION> Templates [C:\Users\Len\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Len\AppData\Local
05/03/2011 01:57 AM <JUNCTION> Application Data [C:\Users\Len\AppData\Local]
05/03/2011 01:57 AM <JUNCTION> History [C:\Users\Len\AppData\Local\Microsoft\Windows\History]
05/03/2011 01:57 AM <JUNCTION> Temporary Internet Files [C:\Users\Len\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Len\Documents
05/03/2011 01:57 AM <JUNCTION> My Music [C:\Users\Len\Music]
05/03/2011 01:57 AM <JUNCTION> My Pictures [C:\Users\Len\Pictures]
05/03/2011 01:57 AM <JUNCTION> My Videos [C:\Users\Len\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
01/15/2012 02:53 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/15/2012 02:53 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
01/15/2012 02:53 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/15/2012 02:53 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/15/2012 02:53 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/15/2012 02:53 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/15/2012 02:53 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/15/2012 02:53 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/15/2012 02:53 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/15/2012 02:53 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
01/15/2012 02:53 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/15/2012 02:53 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/15/2012 02:53 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
01/15/2012 02:53 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/15/2012 02:53 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/15/2012 02:53 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
01/15/2012 02:53 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/15/2012 02:53 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
01/15/2012 02:53 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/15/2012 02:53 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/15/2012 02:53 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/15/2012 02:53 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/15/2012 02:53 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/15/2012 02:53 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
01/15/2012 02:53 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/15/2012 02:53 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
01/15/2012 02:53 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/15/2012 02:53 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/15/2012 02:53 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
01/15/2012 02:53 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/15/2012 02:53 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/15/2012 02:53 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
97 Dir(s) 15,374,987,264 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:07F6D9E4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:96D0C06F

< End of report >



OTL Extras logfile created on: 1/22/2014 12:21:49 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Len\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.73 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 60.46% Memory free
6.86 Gb Paging File | 4.25 Gb Available in Paging File | 62.02% Paging File free
Paging file location(s): c:\pagefile.sys 1155 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217.79 Gb Total Space | 14.36 Gb Free Space | 6.60% Space Free | Partition Type: NTFS

Computer Name: LEN-PC | User Name: Len | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-625874700-1120043621-705933047-1001\SOFTWARE\Classes\<extension>]
.html [@ = TorchHTML.PITUKJAIQRRG3GDMWAPSMJ4FR4] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0535FFA7-F055-4EAB-8C2D-5598535E71CD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{245DD706-47E9-4CF3-AADC-E4839D3D5CCF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
"{E28742CE-6D8B-4AF0-977B-2CD96213252F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2615A5FC-1694-41C5-823F-AEDBBA1E00AC}" = dir=in | app=c:\users\len\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4F4731AF-F514-4F91-A2A7-E6F5C2089E4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66DA25EE-8D20-4C31-96D7-D5DDE3893231}" = dir=in | app=c:\users\len\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{7026E63D-28CB-48C5-95C3-0C19203F58B1}" = protocol=17 | dir=in | app=c:\users\len\appdata\roaming\bittorrent\bittorrent.exe |
"{78DB9385-9496-478A-AF95-6025DC29F03A}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{8F087B5B-CFA7-475B-B276-E5462C40AD9C}" = protocol=17 | dir=in | app=c:\users\len\appdata\local\ilivid\ilivid.exe |
"{94A4BDCB-BD13-4860-8B31-E0B40738AB8E}" = protocol=6 | dir=in | app=c:\program files (x86)\torrents downloader\torrents_downloader.exe |
"{9F49CE68-6F5B-4D97-AB9D-4C2D82F8C3E0}" = protocol=17 | dir=in | app=c:\users\len\appdata\roaming\dropbox\bin\dropbox.exe |
"{AA97744C-35C0-46E7-A764-B256BFE6E20A}" = protocol=6 | dir=in | app=c:\users\len\appdata\roaming\dropbox\bin\dropbox.exe |
"{B4770177-3B0C-4C71-884E-828ACD97638C}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{B74CCD26-ECA3-4089-B5A3-1B93DA074F0D}" = protocol=17 | dir=in | app=c:\program files (x86)\torrents downloader\torrents_downloader.exe |
"{D0FEA53C-E706-4AEE-984F-E11377AFE359}" = protocol=6 | dir=in | app=c:\users\len\appdata\local\ilivid\ilivid.exe |
"{DCF21FA4-500E-4310-AF80-6A8C2643FD55}" = protocol=6 | dir=in | app=c:\users\len\appdata\roaming\bittorrent\bittorrent.exe |
"{E703887C-092C-40E2-A370-12C7360C67B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{1425E0EB-796E-467A-89E1-9AD4F0C7D828}C:\program files (x86)\windows media player\wmplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"TCP Query User{21460368-094C-4C53-A162-15818D076A8B}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{473912D6-926B-454E-A8DE-AC8E079740FC}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{5B813EE6-47E3-45C3-BF9F-6599A2A6F2DA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5C51DC1B-91D2-45C6-864C-11662D5EBAE3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{7D650489-772B-4C47-8C64-15BA638D3B3C}C:\users\len\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\len\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B31168F1-77DA-43B9-ABD9-A83570BECF75}C:\users\len\appdata\local\torch\application\torch.exe" = protocol=6 | dir=in | app=c:\users\len\appdata\local\torch\application\torch.exe |
"TCP Query User{C1CD8FFB-7037-4678-8B67-57B1907CD7EA}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{CA37B8AB-BFE9-4A4C-86D6-899DFDC58488}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{02F36B56-EDD0-48E0-8DEB-7DD95D38B83E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1107AE1A-EE7F-4D32-B371-45056CEA2B7E}C:\users\len\appdata\local\torch\application\torch.exe" = protocol=17 | dir=in | app=c:\users\len\appdata\local\torch\application\torch.exe |
"UDP Query User{19054F8E-91DC-4388-B908-1228F0B5BC1E}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{19F668D2-18C3-4C7C-BA41-2D5A71CE5939}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{32A87633-8A1C-4B98-BCF1-81C1AC9FDC08}C:\program files (x86)\windows media player\wmplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"UDP Query User{33FD9A67-81D7-4FBA-9722-57465E8AD134}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{A49829AC-416B-4A51-9083-B153DD3E25A5}C:\users\len\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\len\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DAF5E367-7A1C-4BD9-9981-BC26398EB278}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{DD88BF80-C19D-4435-B097-C63EFDFF022A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft Security Client" = Microsoft Security Essentials
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}" = calibre
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.1
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{e81a9dc1}" = GS-Supporter 1.80
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D9D814E-9605-11E2-80DC-95A26188709B}_is1" = Torrents Downloader
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850A14FC-F410-47F7-94E4-38F4D3F270D4}" = DriverUpdate
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{BD85D232-E96C-4E66-AA73-37B85925CB23}_is1" = VIO Player version 2.0
"{C4C16155-2677-46DE-8EC2-A978204B6829}" = SlingPlayer for Web
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.92
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"8461-7759-5462-8226" = Vuze
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Driver Genius_is1" = Driver Genius
"GoNaomi.com 1.6" = GoNaomi.com 1.6
"iLivid" = iLivid
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mobogenie" = Mobogenie
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.2
"The Sea App" = The Sea App (Internet Explorer)
"VLC media player" = VLC media player 2.1.1
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 8.02
"Wise PC 1stAid_is1" = Wise PC 1stAid 1.34
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.92
"Wise Reminder_is1" = Wise Reminder 1.14
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-625874700-1120043621-705933047-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Download App" = Download App
"Dropbox" = Dropbox
"FLV Player" = FLV Player
"IrfanView Free Download Packages" = IrfanView Free Download Packages
"Torch" = Torch

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2014 9:21:52 PM | Computer Name = Len-PC | Source = RasClient | ID = 20227
Description =

Error - 1/17/2014 9:30:40 PM | Computer Name = Len-PC | Source = Google Update | ID = 20
Description =

Error - 1/17/2014 10:47:44 PM | Computer Name = Len-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Firefox' could not be shut down.

Error - 1/18/2014 1:03:52 AM | Computer Name = Len-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x6b6e6c6a Faulting process id:
0x1ba8 Faulting application start time: 0x01cf140aab1461f3 Faulting application path:
C:\Windows\SysWOW64\explorer.exe Faulting module path: unknown Report Id: ebb4a50d-7ffd-11e3-9736-929ffa653022

Error - 1/18/2014 9:10:51 AM | Computer Name = Len-PC | Source = Application Hang | ID = 1002
Description = The program CBSI.AppStore.Main.exe version 1.6.1.137 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f50 Start
Time: 01cf12b5de532a9a Termination Time: 92 Application Path: C:\Users\Len\AppData\Roaming\CBS
Interactive\Download App\CBSI.AppStore.Main.exe Report Id: f101d16a-8041-11e3-9736-929ffa653022


Error - 1/19/2014 11:01:51 PM | Computer Name = Len-PC | Source = System Restore | ID = 8193
Description =

Error - 1/20/2014 5:31:47 AM | Computer Name = Len-PC | Source = RasClient | ID = 20227
Description =

Error - 1/20/2014 5:31:47 AM | Computer Name = Len-PC | Source = RasClient | ID = 20227
Description =

Error - 1/20/2014 5:31:47 AM | Computer Name = Len-PC | Source = RasClient | ID = 20227
Description =

Error - 1/20/2014 6:30:40 AM | Computer Name = Len-PC | Source = Google Update | ID = 20
Description =

Error - 1/20/2014 7:24:04 PM | Computer Name = Len-PC | Source = ESENT | ID = 455
Description = taskhost (1908) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while
opening logfile C:\Users\Len\AppData\Local\Microsoft\Windows\WebCache\V01.log.

[ Media Center Events ]
Error - 12/10/2013 4:35:44 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 3:35:22 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 12/10/2013 4:36:26 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 3:36:05 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 12/10/2013 4:37:08 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 3:36:47 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 12/10/2013 4:37:29 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 3:37:29 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 12/10/2013 5:38:25 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 4:38:25 AM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 12/10/2013 5:39:29 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 4:39:08 AM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

Error - 12/10/2013 5:40:11 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 4:39:50 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 12/10/2013 5:40:53 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 4:40:32 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 12/10/2013 5:41:35 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 4:41:14 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 12/10/2013 5:42:03 PM | Computer Name = Len-PC | Source = MCUpdate | ID = 0
Description = 4:41:56 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 1/20/2014 7:24:55 PM | Computer Name = Len-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 1/20/2014 7:30:53 PM | Computer Name = Len-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 1/21/2014 8:31:21 PM | Computer Name = Len-PC | Source = DCOM | ID = 10010
Description =

Error - 1/21/2014 8:31:52 PM | Computer Name = Len-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Microsoft .NET Framework 4 Client Profile for Windows 7
x64-based Systems (KB982670).

Error - 1/21/2014 8:33:35 PM | Computer Name = Len-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the GS-Supporter
service to connect.

Error - 1/21/2014 8:34:06 PM | Computer Name = Len-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 1/22/2014 1:04:46 AM | Computer Name = Len-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:02:39 PM on ?1/?22/?2014 was unexpected.

Error - 1/22/2014 1:05:21 AM | Computer Name = Len-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the GS-Supporter
service to connect.

Error - 1/22/2014 1:05:40 AM | Computer Name = Len-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 1/22/2014 1:07:42 AM | Computer Name = Len-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >

Attached Files


Edited by CompCav, 22 January 2014 - 12:46 PM.
Posted files for easier review

  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Thalien those are indeed the scans I need :thumbsup:

I also need the others scans from Steps 2,3 and 4 could you post those to :)
  • 0

#5
thailen

thailen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Sorry for doing this one instruction at a time, but at least if I screw up, the damage will be minimized. Here's the aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-23 08:40:45
-----------------------------
08:40:45.046 OS Version: Windows x64 6.1.7601 Service Pack 1
08:40:45.046 Number of processors: 2 586 0x100
08:40:45.049 ComputerName: LEN-PC UserName: Len
08:40:48.503 Initialize success
08:41:11.990 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:41:11.997 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC60F Size: 238475MB BusType: 11
08:41:12.094 Disk 0 MBR read successfully
08:41:12.104 Disk 0 MBR scan
08:41:12.116 Disk 0 Windows 7 default MBR code
08:41:12.141 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
08:41:12.167 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
08:41:12.181 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223013 MB offset 31664128
08:41:12.231 Disk 0 scanning C:\Windows\system32\drivers
08:41:25.375 Service scanning
08:41:57.892 Modules scanning
08:41:57.895 Disk 0 trace - called modules:
08:41:57.913 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:41:57.915 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005b04730]
08:41:57.937 3 CLASSPNP.SYS[fffff8800190743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005578060]
08:41:57.939 Scan finished successfully
08:58:42.877 Disk 0 MBR has been saved successfully to "C:\Users\Len\Desktop\MBR.dat"
08:58:42.930 The log file has been saved successfully to "C:\Users\Len\Desktop\aswMBR.txt"
  • 0

#6
thailen

thailen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Sorry for not attaching th aswMBR.txt file.
Here's the AdwClean.txt

Attached Files


  • 0

#7
thailen

thailen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Finally! Here's th Checkup.txt file

Attached Files


  • 0

#8
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Many thanks for the logs :)

We have a lot to remove next post, I will get this cleared by my instructor later on and get back to you :thumbsup:
  • 0

#9
thailen

thailen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
thanks so much! I've waited a few yeas, so a few days is nothing...
  • 0

#10
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
:lol: It does look like you've been collecting malware for quite some time. My post is ready I am just waiting clearance should be too long, but definitely today :thumbsup:
  • 0

#11
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there thalien

P2P WARNING
The following programs are installed on your machine:
  • BitTorrent
  • Vuze
Cease all P2P programs and downloads until declared clean. Although the programs themselves are legal, many of the torrent files infringe copyright laws, contain spyware and viruses which can have a detromental effect on your system. We strongly advise that you uninstall all P2P programs.


Trojan.Zeroaccess Warning

Zeroaccess trojan uses P2P to update itself and download more malware. - Information on Zero Access

It opens a Backdoor - This allows Hackers remote access to your computer in order to steal critical system information and download and execute files

If you use your computer for banking or storing personal information, then the following should be carried out immediately
  • Disconnect computer from the internet.
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
  • Backup all your documents and important items only.
  • Malware experts say that a Complete Reformat and Reinstall is the best course of action for this type of infection.
  • Reformat and Reinstall You can use This Link or get help here for this.

If you need any further information on this infection or identity theft then please use the following links:
Identity Theft
What is a Backdoor Trojan?

  • If you require help with any of the above then please let me know.
  • I am willing to go ahead with the clean of course. We have had good results with this infection before. If you are happy to go ahead then carry out the following:


We have a lot to remove in this post as the machine is heavily infected. Do not run the following programs until we have finished the cleaning process - CCleaner and Wise Care 365 version 2.92


Your browser shortcuts need to be deleted as clicking these may cause reinfection so follow in the order given

1. Uninstall

The following are considered Malware, Adware and Spyware and need to be removed

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Torch
  • The Sea App (Internet Explorer)
  • Smart PC Cleaner v3.2
  • iLivid
  • Torrents Downloader
  • SweetIM for Messenger 3.6
  • DriverUpdate
  • DriverTuner 3.1.0.1
  • VIO Player version 2.0
  • GS-Supporter 1.80
  • FLV Player
  • Mobogenie

    Optional Uninstalls
  • BitTorrent
  • Vuze

2. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    SRV - [2013/12/21 06:02:35 | 001,205,760 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Len\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
    DRV:64bit: - [2013/08/16 15:43:36 | 000,100,960 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Bprotect.sys -- (Bprotect)
    DRV:64bit: - [2013/08/08 10:25:30 | 000,076,096 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BprotectEx.sys -- (BprotectEx)
    DRV:64bit: - [2013/07/15 10:47:42 | 000,046,912 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfilter.sys -- (Bfilter)
    DRV:64bit: - [2013/07/15 10:47:42 | 000,032,064 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfmon.sys -- (Bfmon)
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearche...X&ts=1384070601
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dosearche...X&ts=1384070601
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.c...MTTX&ts=5701724
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.c...MTTX&ts=5701724
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...MTTX&ts=5701724
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2446}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKLM\..\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}: "URL" = http://www.searchbro...q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2446}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.too...&cc=TH&unqvl=46
    IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpr...q={searchTerms}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\URLSearchHook: {327f75ed-061b-4339-8cc6-5dd45ad1396d} - No CLSID value found
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes,DefaultScope = {DC040CF2-9B38-4AC6-B838-5E43A988ECED}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...00000ff3161bb4e
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{67C7D7CD-8FD0-4A89-8C8F-7DFEAA1CB9CA}: "URL" = http://search.condui...797502192816217
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{6901DD04-8D2C-4A96-8C29-14E27A98B30A}: "URL" = http://th.search.yah...p={searchTerms}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}: "URL" = http://www.searchbro...q={searchTerms}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2446}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6Oys3elKPh&i=26
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{DC040CF2-9B38-4AC6-B838-5E43A988ECED}: "URL" = http://search.softon...toi=16042&r=204
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{DF9610C4-8DD7-4DE2-926D-622CDC65CE88}: "URL" = http://blekko.com/ws...rchTerms}&r=265
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpr...q={searchTerms}
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{E7AFF26F-6CB3-4045-92E6-F309E4602626}: "URL" = http://search.zoneal...rchTerms}&r=775
    IE - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.co...q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "WebSearch"
    FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.order.1: "WebSearch"
    FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
    FF - prefs.js..browser.search.selectedEngine: "WebSearch"
    FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
    FF - prefs.js..browser.startup.homepage: "http://websearch.too...cc=TH&unqvl=46"
    FF - prefs.js..extensions.enabledAddons: speeddial%40instair.net:1.3.1
    FF - prefs.js..extensions.enabledAddons: TFToolbarX%40torrent-finder:1.3.1
    FF - prefs.js..extensions.enabledAddons: freegames4357%40BestOffers:3.0.0.0
    FF - prefs.js..keyword.URL: "http://websearch.too...nqvl=46&l=1&q="
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
    FF - user.js..browser.search.defaultenginename: "SearchMyWeb"
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
    FF - HKLM\Software\MozillaPlugins\@MarineAquarium3Free_57.com/Plugin: File not found
    [2012/06/27 12:34:29 | 000,000,000 | ---D | M] (Marine Aquarium Lite) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]_57.com
    [2013/07/13 23:52:06 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
    [2013/08/23 16:00:08 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
    [2013/07/13 11:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}.oldbackup
    [2013/11/06 17:18:28 | 000,000,000 | ---D | M] ("hosts") -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]09d438e81.com
    [2014/01/09 21:16:06 | 000,000,000 | ---D | M] (graeatosaveer) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2013/11/11 07:30:08 | 000,000,000 | ---D | M] ("Magnet Downloader") -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]b1cbf9831.com
    [2014/01/15 22:10:38 | 000,000,000 | ---D | M] (greatsAvver) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2014/01/16 11:33:43 | 000,000,000 | ---D | M] (grieaTssaver) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2014/01/16 07:46:06 | 000,000,000 | ---D | M] (SNT) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2014/01/16 11:33:43 | 000,000,000 | ---D | M] (SNT) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2013/12/05 08:01:18 | 000,000,000 | ---D | M] (surFF and keep) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2013/09/09 00:38:48 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2013/11/07 07:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]09d438e81.com\extensionData
    [2013/11/07 07:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]09d438e81.com\extensionData\plugins
    [2013/11/07 07:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]09d438e81.com\extensionData\userCode
    [2014/01/04 10:16:04 | 000,082,771 | ---- | M] () (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2013/12/07 08:13:59 | 000,119,925 | ---- | M] () (No name found) -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\extensions\[email protected]
    [2013/07/13 11:02:19 | 000,001,003 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\conduit.xml
    [2013/02/18 13:09:26 | 000,001,294 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\delta.xml
    [2012/03/19 12:10:56 | 000,001,830 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\inkline.xml
    [2012/02/06 17:31:36 | 000,002,203 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\MyStart Search.xml
    [2013/02/25 08:13:33 | 000,003,331 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\SearchBrowsing.xml
    [2013/02/21 21:19:06 | 000,002,687 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\Search_Results.xml
    [2013/12/03 18:39:59 | 000,001,448 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\softonic.xml
    [2013/02/27 19:40:25 | 000,001,435 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\spamfreesearch.xml
    [2011/09/24 09:05:22 | 000,003,915 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\sweetim.xml
    [2014/01/16 11:28:16 | 000,000,660 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\WebSearch.xml
    [2013/08/04 07:09:42 | 000,000,921 | ---- | M] () -- C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\oar0nomw.default\searchplugins\yahoo.xml
    [2013/12/20 07:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    [2013/02/18 13:07:39 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2011/09/24 09:12:44 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    [2013/07/03 17:02:51 | 000,000,745 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
    [2013/02/21 21:19:06 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    [2013/01/10 07:46:47 | 000,062,466 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\testlog.txt
    [2012/07/12 01:26:14 | 000,001,068 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahootc.xml
    O2:64bit: - BHO: (grieaTssaver) - {093AD666-04F0-9F0E-D18B-17A2F9200ED0} - C:\Program Files (x86)\grieaTssaver\rfuz0OLht.x64.dll File not found
    O2:64bit: - BHO: (Magnet Downloader) - {11111111-1111-1111-1111-110411551108} - C:\Program Files (x86)\Magnet Downloader\Magnet Downloader-bho64.dll File not found
    O2:64bit: - BHO: (Torntv V6.0) - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll File not found
    O2:64bit: - BHO: (Free Games (4357)) - {2977C29A-6723-4436-90BB-F7C5FDEF88A1} - C:\Program Files (x86)\Free Games (4357)\ScriptHost64.dll File not found
    O2:64bit: - BHO: (SNT) - {3984859A-8C2A-0DF1-10DD-A0CAD6A3E3C1} - C:\Program Files (x86)\SNT\LQBVwvcdf.x64.dll File not found
    O2:64bit: - BHO: (graeatosaveer) - {B82EAC05-4A6E-CF82-97F4-C9F430C0A9AF} - C:\Program Files (x86)\graeatosaveer\eOZ5I0oB9.x64.dll File not found
    O2:64bit: - BHO: (greatsAvver) - {E451BD9C-5EDA-5B78-A73D-FAA4540544F6} - C:\Program Files (x86)\greatsAvver\pza.x64.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
    O3 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\Toolbar\WebBrowser: (no name) - {95080B13-AA71-4EE8-B951-7E98221E1ED5} - No CLSID value found.
    O3 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-625874700-1120043621-705933047-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
    O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
    O4 - HKU\S-1-5-21-625874700-1120043621-705933047-1001..\Run: [FLV Player] C:\Users\Len\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe ()
    O4 - HKU\S-1-5-21-625874700-1120043621-705933047-1001..\Run: [NextLive] C:\Users\Len\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL) - C:\Program Files (x86)\GS-Enabler\Assistant_x64.dll ()
    O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - File not found
    O20 - AppInit_DLLs: (c:\progra~2\sk-enh~1\psupport.dll) - File not found
    [2014/01/09 21:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GS-Enabler
    [2014/01/19 16:50:42 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Local\Torrents Downloader
    [2014/01/19 16:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Torrents Downloader
    [2014/01/19 16:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
    [2014/01/19 15:38:51 | 000,000,000 | ---D | C] -- C:\Users\Len\Documents\Smart PC Cleaner
    [2014/01/19 15:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIO Player
    [2014/01/19 15:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
    [2014/01/19 15:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIO Player
    [2014/01/19 15:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
    [2014/01/19 15:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sea App (Internet Explorer)
    [2014/01/19 15:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Cleaner
    [2014/01/09 21:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\graeatosaveer
    [2014/01/09 21:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\graeatosaveer
    [2014/01/15 22:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\House Of Soft
    [2014/01/15 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\greatsAvver
    [2014/01/15 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\greatsAvver
    [2014/01/16 11:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\grieaTssaver
    [2013/12/25 20:08:24 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
    [2013/12/25 20:08:14 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Local\WebPlayer
    [2013/12/27 21:09:15 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Local\DriverTuner
    [2013/12/27 21:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
    [2013/12/27 21:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
    [2013/12/27 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
    [2013/12/27 15:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
    [2014/01/22 12:08:05 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
    [2014/01/22 12:05:31 | 000,001,220 | ---- | M] () -- C:\Windows\tasks\Magnet Downloader-codedownloader.job
    [2014/01/22 12:05:29 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\Magnet Downloader-enabler.job
    [2014/01/22 07:36:39 | 000,006,586 | ---- | M] () -- C:\Windows\SysWow64\062644590.png
    [2014/01/21 06:28:44 | 000,006,500 | ---- | M] () -- C:\Windows\SysWow64\122334190.png
    [2014/01/16 19:27:23 | 000,022,138 | ---- | C] () -- C:\Windows\SysWow64\114214775.png
    [2014/01/08 14:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KingTranslate
    [2014/01/04 10:17:19 | 000,019,695 | ---- | C] () -- C:\Windows\SysWow64\120841316.png
    [2013/12/28 16:51:09 | 000,028,712 | ---- | M] () -- C:\Windows\SysWow64\121656907.png
    [2013/12/26 21:33:10 | 000,000,020 | ---- | C] () -- C:\Windows\́ö´
    [2013/07/13 13:41:12 | 000,430,107 | ---- | C] () -- C:\Users\Len\AppData\Local\funmoods_speedial_v9.0.10.crx
    [2013/07/13 13:40:59 | 000,077,717 | ---- | C] () -- C:\Users\Len\AppData\Local\funmoods_2.3.1.crx
    [2013/12/30 05:49:17 | 000,002,127 | ---- | M] () -- C:\Users\Len\Desktop\FLV Player.lnk
    [2014/01/08 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Len\AppData\Roaming\KingTranslate
    [2013/11/05 08:07:05 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Azureus
    [2014/01/22 13:24:53 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\BitTorrent
    [2013/07/03 17:01:13 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\eIntaller
    [2012/10/07 19:36:52 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\GoforFiles
    [2013/07/13 11:16:57 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\SearchProtect
    [2013/10/14 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/10/14 09:27:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/12/25 10:31:39 | 000,000,000 | -HSD | M] -- C:\Users\Len\AppData\Roaming\.#
    [2013/09/09 00:38:49 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\IObit
    [2013/02/12 06:13:08 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\NCdownloader
    [2014/01/22 12:06:08 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\newnext.me
    [2014/01/19 15:38:33 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Smart PC Cleaner
    [2013/09/18 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\uTorrent
    [2013/12/31 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Systweak
    [2013/09/07 05:33:56 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\TuneUp Software
    [2014/01/22 08:32:32 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Uniblue
    [2013/07/13 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Yontoo
    [2013/09/14 16:34:55 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\baidu
    [2013/08/14 21:04:56 | 000,000,000 | ---D | M] -- C:\Users\Len\AppData\Roaming\Baidu Security

    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:07F6D9E4
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:96D0C06F

    :REG
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
    "Start Page"="https://www.google.com"
    "Default_Page_URL"="https://www.google.com"
    "Default_Search_URL"="https://www.google.com"

    :FILES
    C:\Windows\Installer\{75bcb7b5-486d-1f50-de62-62d23230c453}
    C:\Program Files (x86)\Mobogenie
    C:\Program Files (x86)\SNT
    C:\Program Files (x86)\Free Games (4357)
    C:\Program Files (x86)\Torntv V6.0
    C:\Program Files (x86)\Magnet Downloader
    C:\Program Files (x86)\grieaTssaver
    C:\Program Files (x86)\Driver-Soft
    C:\Users\Len\AppData\Local\Torch
    ipconfig /flushdns /c

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


3. Run ADWcleaner

  • Right click ADWcleaner and Run as Administrator then select Scan
  • Once the scan is complete click Clean
  • A reboot will be asked for click O.K
  • On reboot a log will be produced, please post in your next reply.

4. Delete Infected Browser Shortcuts

  • I need you to right click the Chrome, Firefox and Internet Explorer Icons and select Delete
  • Delete Icons from the following locations:
  • Desktop
  • Taskbar
  • Start Menu
  • Click Start then All Programs Delete the Mozilla and Internet Explorer Icons. Then open the Google Chrome folder and delete the icon there.

5. Restore Browser Shortcuts

  • Click Start then Computer and double click Local Disk (c:)
  • Double click the Program Files (x86) folder.
  • Double click the Mozilla Firefox folder. Locate the icon. Right click and select Send to and select Desktop (create shortcut)
  • Click the Back button to get back to the Program files folder and double click the Internet Explorer folder Locate the iexplore icon. Right click and select Send to and select Desktop (create shortcut)
  • Click the Back button to get back to the Program files folder and double click the Google folder.
  • Double click the Chrome folder, same thing with the Application folder Locate the icon. Right click and select Send to and select Desktop (create shortcut)
  • All done infection free shortcuts :)


Things I want to see in your next post.

  • OTL fix.txt
  • ADWcleaner results
  • How are things running now?

  • 0

#12
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there thalien, are you still in need of help? :)
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP