Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

fake low disk [Closed]

Started by de parto , Feb 22 2014 11:40 AM

  • This topic is locked This topic is locked

#1
de parto
Posted 22 February 2014 - 11:40 AM

de parto

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 2/21/2014 12:54:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = d:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.10 Mb Total Physical Memory | 162.19 Mb Available Physical Memory | 21.17% Memory free
1.83 Gb Paging File | 1.18 Gb Available in Paging File | 64.78% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 0.18 Gb Free Space | 0.46% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 41.68 Gb Free Space | 71.14% Space Free | Partition Type: NTFS
Drive E: | 51.39 Gb Total Space | 5.29 Gb Free Space | 10.29% Space Free | Partition Type: NTFS

Computer Name: TURTLE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/21 12:53:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\My Documents\Downloads\OTL.exe
PRC - [2014/02/21 12:46:27 | 000,111,392 | ---- | M] () -- C:\Program Files\SecretSauce\bin\utilSecretSauce.exe
PRC - [2014/02/07 14:37:43 | 000,080,160 | ---- | M] () -- C:\Program Files\SecretSauce\updateSecretSauce.exe
PRC - [2014/01/31 00:05:23 | 000,063,168 | ---- | M] () -- C:\Program Files\Mobogenie\MgAssist.exe
PRC - [2014/01/31 00:05:22 | 000,775,872 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2014/01/12 15:35:36 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/11 00:45:32 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem\OnlineUpdate\ouc.exe
PRC - [2012/07/17 14:55:12 | 000,044,696 | ---- | M] (Cucusoft, Inc.) -- C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
PRC - [2011/07/31 01:08:46 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2011/07/31 01:08:46 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2011/03/14 22:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
PRC - [2009/05/06 16:32:54 | 000,230,424 | ---- | M] (DopLive P2P网络视频) -- C:\Program Files\â¹ûTV\schedule.exe
PRC - [2008/11/17 09:09:14 | 000,081,920 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2008/06/12 14:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/21 12:46:27 | 000,111,392 | ---- | M] () -- C:\Program Files\SecretSauce\bin\utilSecretSauce.exe
MOD - [2014/02/07 14:37:43 | 000,080,160 | ---- | M] () -- C:\Program Files\SecretSauce\updateSecretSauce.exe
MOD - [2014/01/31 00:05:23 | 000,063,168 | ---- | M] () -- C:\Program Files\Mobogenie\MgAssist.exe
MOD - [2014/01/31 00:05:22 | 000,775,872 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2014/01/31 00:05:22 | 000,471,040 | ---- | M] () -- C:\Program Files\Mobogenie\DCR.dll
MOD - [2014/01/31 00:05:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobogenie\Device.dll
MOD - [2014/01/12 15:35:35 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/11 00:45:32 | 000,246,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem\OnlineUpdate\ouc.exe
MOD - [2012/01/11 20:28:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/01/07 14:39:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2012/01/07 14:39:45 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2012/01/07 14:38:25 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2012/01/07 03:33:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012/01/07 03:33:04 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012/01/07 03:32:48 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012/01/07 03:30:41 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012/01/05 02:44:05 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem\OnlineUpdate\QtNetwork4.dll
MOD - [2012/01/05 02:44:05 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem\OnlineUpdate\QtXml4.dll
MOD - [2012/01/05 02:44:05 | 000,384,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem\OnlineUpdate\QueryStrategy.dll
MOD - [2012/01/05 02:44:04 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem\OnlineUpdate\QtCore4.dll
MOD - [2012/01/05 02:44:03 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem\OnlineUpdate\mingwm10.dll
MOD - [2012/01/05 02:44:02 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem\OnlineUpdate\libgcc_s_dw2-1.dll
MOD - [2011/03/14 22:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/01/22 19:28:02 | 000,339,968 | ---- | M] () -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator)
SRV - [2014/02/21 12:46:27 | 000,111,392 | ---- | M] () [Auto | Running] -- C:\Program Files\SecretSauce\bin\utilSecretSauce.exe -- (Util SecretSauce)
SRV - [2014/02/07 14:37:43 | 000,080,160 | ---- | M] () [Auto | Running] -- C:\Program Files\SecretSauce\updateSecretSauce.exe -- (Update SecretSauce)
SRV - [2014/01/31 00:05:23 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - [2014/01/12 15:35:35 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/11 00:45:32 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobinil USB Modem\UpdateDog\ouc.exe -- (Mobinil USB Modem. RunOuc)
SRV - [2012/07/17 14:55:12 | 000,044,696 | ---- | M] (Cucusoft, Inc.) [Auto | Running] -- C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe -- (CS_AutoUpdate)
SRV - [2012/05/06 01:04:00 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/07/31 01:08:46 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2011/07/31 01:08:46 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2011/06/14 02:36:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/14 22:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009/05/06 16:32:54 | 000,230,424 | ---- | M] (DopLive P2P网络视频) [Auto | Running] -- C:\Program Files\â¹ûTV\schedule.exe -- (Dopool_Schedule)
SRV - [2008/11/20 22:07:42 | 000,113,152 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2005/04/02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [On_Demand | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2002/07/22 14:25:18 | 000,052,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\USB_MODEM_T.sys -- (UsbModemDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\USB_WinMux_T.sys -- (USB_WinMux_T)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BprotectEx.sys -- (BprotectEx)
DRV - [2013/08/08 10:25:30 | 000,064,480 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Bhbase.sys -- (Bhbase)
DRV - [2012/08/11 00:45:34 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/08/11 00:45:34 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/08/11 00:45:34 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/08/11 00:45:34 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/07/31 01:08:49 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/31 01:08:46 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2011/07/31 01:08:46 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/11/05 11:50:50 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_BusEnum_T.sys -- (USB_BusEnum_T)
DRV - [2009/01/22 09:37:12 | 000,177,536 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u80.sys -- (SWNC8U80)
DRV - [2009/01/09 14:55:44 | 000,145,280 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx80.sys -- (SWUMX80)
DRV - [2008/11/20 22:02:48 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/11/20 21:59:02 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/11/20 21:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/11/17 09:09:18 | 004,687,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/11/17 09:09:18 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/11/17 09:09:14 | 000,603,648 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2008/10/21 11:16:58 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/23 00:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/07/24 05:29:16 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2008/07/24 05:29:16 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2008/05/29 07:02:08 | 000,016,128 | ---- | M] (Via Telecom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USB_ETS_T.sys -- (USB_ETS_T)
DRV - [2007/11/12 12:38:06 | 000,769,832 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/04/25 10:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Vax347b.sys -- (Vax347b)
DRV - [2004/10/08 08:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Vax347s.sys -- (Vax347s)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.as...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...=n10906-232&t=4
IE - HKCU\..\URLSearchHook: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...80-36E6D447C0D9
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1392740
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.search.as...n10906-232&t=4"
FF - prefs.js..extensions.enabledAddons: %7B345422e3-72fa-447a-9550-97803edfacf3%7D:1.0.0
FF - prefs.js..extensions.enabledAddons: 0402d750-8010-4204-b167-01e83cb6f12d%40694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com:0.93.30
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..keyword.URL: "http://dts.search.as...&o=APN10653&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\iMeshPlugin: C:\Program Files\iMesh Applications\iMesh\npiMeshPlugin.dll (iMesh)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/12 15:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/12 15:35:18 | 000,000,000 | ---D | M]

[2012/06/09 21:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/02/21 12:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions
[2014/01/20 03:43:47 | 000,000,000 | ---D | M] (Music Toolbar (Dist. by iMesh, Inc.)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\{282b0e54-8981-49eb-9193-5910a1f6fd33}
[2014/02/21 12:45:34 | 000,000,000 | ---D | M] (Ask New Tabs) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\{6E78F789-1B96-0883-C85C-88CB299356D9}
[2014/01/30 13:28:17 | 000,000,000 | ---D | M] ("FTdownloader V7.0") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com
[2014/02/20 02:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com\extensionData
[2014/02/20 02:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com\extensionData\plugins
[2014/02/20 02:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com\extensionData\userCode
[2012/07/29 23:15:15 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/02/07 14:34:57 | 000,007,164 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\{345422e3-72fa-447a-9550-97803edfacf3}.xpi
[2014/01/20 03:43:08 | 000,002,662 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\searchplugins\Ask.xml
[2012/09/22 00:11:17 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\searchplugins\askcom.xml
[2012/09/16 00:49:28 | 000,009,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\searchplugins\mywebsearch.xml
[2014/01/12 15:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/12 15:35:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0\

O1 HOSTS File: ([2011/10/02 22:38:29 | 000,000,872 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: AmsServer
O1 - Hosts: 
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SecretSauce) - {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} - C:\Program Files\SecretSauce\SecretSauceBHO.dll (SecretSauce)
O2 - BHO: (FTdownloader V7.0) - {11111111-1111-1111-1111-110411901134} - C:\Program Files\FTdownloader V7.0\FTdownloader V7.0-bho.dll (installdaddy)
O2 - BHO: (Music Toolbar (Dist. by iMesh, Inc.)) - {282b0e54-8981-49eb-9193-5910a1f6fd33} - C:\Program Files\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
O2 - BHO: (MyPlayCity Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Music Toolbar (Dist. by iMesh, Inc.)) - {282b0e54-8981-49eb-9193-5910a1f6fd33} - C:\Program Files\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
O3 - HKLM\..\Toolbar: (MyPlayCity Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MyPlayCity Toolbar) - {4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AirCardEnabler] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [NextLive] C:\Documents and Settings\Administrator\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02A7AC41-51DB-42E2-B33B-3341403225D6}: DhcpNameServer = 192.168.43.1
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\progra~1\musict~1\datamngr\mgrldr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://a2.sphotos.ak...266834609_n.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/14 01:30:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{30db13fc-39d1-11e1-8472-b4ee951214cb}\Shell - "" = AutoRun
O33 - MountPoints2\{30db13fc-39d1-11e1-8472-b4ee951214cb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30db13fc-39d1-11e1-8472-b4ee951214cb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{32705fca-f447-11e1-86c3-e36cfe2dd04f}\Shell - "" = AutoRun
O33 - MountPoints2\{32705fca-f447-11e1-86c3-e36cfe2dd04f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{32705fca-f447-11e1-86c3-e36cfe2dd04f}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{5bfdadb4-370c-11e1-8463-00a0d5ffffa9}\Shell - "" = AutoRun
O33 - MountPoints2\{5bfdadb4-370c-11e1-8463-00a0d5ffffa9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5bfdadb4-370c-11e1-8463-00a0d5ffffa9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5bfdadb7-370c-11e1-8463-89a3b3e0bea5}\Shell - "" = AutoRun
O33 - MountPoints2\{5bfdadb7-370c-11e1-8463-89a3b3e0bea5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5bfdadb7-370c-11e1-8463-89a3b3e0bea5}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{6dc7eb40-008e-11e1-83bb-cbe4c1d4c3f6}\Shell - "" = AutoRun
O33 - MountPoints2\{6dc7eb40-008e-11e1-83bb-cbe4c1d4c3f6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6dc7eb40-008e-11e1-83bb-cbe4c1d4c3f6}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O33 - MountPoints2\{6dc7eb41-008e-11e1-83bb-cbe4c1d4c3f6}\Shell - "" = AutoRun
O33 - MountPoints2\{6dc7eb41-008e-11e1-83bb-cbe4c1d4c3f6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6dc7eb41-008e-11e1-83bb-cbe4c1d4c3f6}\Shell\AutoRun\command - "" = H:\Setup.exe /Auto
O33 - MountPoints2\{9e16b41e-3e84-11e1-847d-98ab426ca79f}\Shell - "" = AutoRun
O33 - MountPoints2\{9e16b41e-3e84-11e1-847d-98ab426ca79f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e16b41e-3e84-11e1-847d-98ab426ca79f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{bb558acc-e312-11e1-8656-c345db78cead}\Shell - "" = AutoRun
O33 - MountPoints2\{bb558acc-e312-11e1-8656-c345db78cead}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb558acc-e312-11e1-8656-c345db78cead}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{bb558acf-e312-11e1-8656-ad3c122993bb}\Shell - "" = AutoRun
O33 - MountPoints2\{bb558acf-e312-11e1-8656-ad3c122993bb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb558acf-e312-11e1-8656-ad3c122993bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk /k:D *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files\music toolbar\datamngr\x64\apcrtldr.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/21 12:37:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/02/21 12:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\searchresultstb
[2014/02/21 12:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FTdownloader V7.0
[2014/01/30 13:33:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\USB Vibration
[2014/01/30 13:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\USB Vibration Joystick
[2014/01/23 18:51:46 | 000,000,000 | ---D | C] -- d:\My Documents\Jojos Fashion Show
[2014/01/23 18:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Gamelab
[2014/01/23 18:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jojo's Fashion Show
[2014/01/23 18:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Games
[2014/01/23 18:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\JojosFashionShow_at
[2014/01/23 14:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Deluge
[2014/01/23 14:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.android
[2014/01/23 14:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2014/01/23 14:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2014/01/23 14:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\genienext
[2014/01/23 14:55:27 | 000,000,000 | ---D | C] -- d:\My Documents\Mobogenie
[2014/01/23 14:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie
[2014/01/23 14:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Deluge
[2014/01/23 14:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Mobogenie
[2014/01/23 14:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/01/23 14:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Baidu Security
[2014/01/23 14:53:47 | 000,064,480 | ---- | C] (Baidu, Inc.) -- C:\WINDOWS\System32\drivers\Bhbase.sys
[2014/01/23 14:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Baidu Security
[2014/01/23 14:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu Security
[2014/01/23 14:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Baidu Security
[2014/01/23 14:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SwvUpdater
[4 d:\My Documents\*.tmp files -> d:\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/21 12:58:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/21 12:41:31 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2014/02/21 12:41:19 | 000,002,142 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-chromeinstaller-dev.job
[2014/02/21 12:41:17 | 000,001,368 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-updater.job
[2014/02/21 12:41:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/21 12:40:32 | 000,001,072 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Baidu PC Faster Uninstall 3.7.0.0.lnk
[2014/02/21 12:40:31 | 000,001,310 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-codedownloader.job
[2014/02/21 12:40:29 | 000,002,182 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-firefoxinstaller.job
[2014/02/21 12:40:28 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-enabler.job
[2014/02/21 12:40:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/21 11:15:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/02/21 10:43:01 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/20 02:05:13 | 000,070,875 | ---- | M] () -- d:\My Documents\Modifikasi Mio Soul.jpg
[2014/02/09 01:17:56 | 000,057,323 | ---- | M] () -- C:\WINDOWS\KernelMessage
[2014/02/08 23:29:00 | 001,260,055 | ---- | M] () -- d:\My Documents\300072.pdf
[2014/02/07 14:07:41 | 000,207,852 | ---- | M] () -- d:\My Documents\ip tpt 1.pdf
[2014/02/07 14:07:20 | 000,418,735 | ---- | M] () -- d:\My Documents\ip tpt 2.pdf
[2014/02/07 14:06:55 | 000,178,098 | ---- | M] () -- d:\My Documents\surat pernyataan IP teks.pdf
[2014/02/01 10:56:28 | 000,095,538 | ---- | M] () -- d:\My Documents\Spakbor Belakang + Sen Ori Ninja 250 R - Tokobagus.pdf
[2014/02/01 06:59:10 | 000,206,044 | ---- | M] () -- d:\My Documents\ninja250r-karbu-3.jpg
[2014/02/01 06:54:27 | 000,053,015 | ---- | M] () -- d:\My Documents\ninja 250 1.jpg
[2014/01/30 13:21:02 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Pro Evolution Soccer 6.lnk
[2014/01/24 15:03:30 | 000,128,082 | ---- | M] () -- d:\My Documents\NGjbr_Icl6aDTfo-eLVeqbPshh4Ah0Ro-gMnPSqJ4GRFVP1sUMWl6Q==.gif
[2014/01/23 18:51:14 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Jojo's Fashion Show.lnk
[2014/01/23 15:04:04 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2014/01/23 14:54:50 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2014/01/23 14:44:02 | 000,105,016 | ---- | M] () -- d:\My Documents\R6.jpg
[4 d:\My Documents\*.tmp files -> d:\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/21 12:24:24 | 000,001,072 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Baidu PC Faster Uninstall 3.7.0.0.lnk
[2014/02/20 02:05:12 | 000,070,875 | ---- | C] () -- d:\My Documents\Modifikasi Mio Soul.jpg
[2014/02/08 23:29:04 | 001,260,055 | ---- | C] () -- d:\My Documents\300072.pdf
[2014/02/07 14:07:41 | 000,207,852 | ---- | C] () -- d:\My Documents\ip tpt 1.pdf
[2014/02/07 14:07:20 | 000,418,735 | ---- | C] () -- d:\My Documents\ip tpt 2.pdf
[2014/02/07 14:06:55 | 000,178,098 | ---- | C] () -- d:\My Documents\surat pernyataan IP teks.pdf
[2014/02/01 10:56:25 | 000,095,538 | ---- | C] () -- d:\My Documents\Spakbor Belakang + Sen Ori Ninja 250 R - Tokobagus.pdf
[2014/02/01 06:59:10 | 000,206,044 | ---- | C] () -- d:\My Documents\ninja250r-karbu-3.jpg
[2014/02/01 06:54:27 | 000,053,015 | ---- | C] () -- d:\My Documents\ninja 250 1.jpg
[2014/01/30 13:21:02 | 000,001,571 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pro Evolution Soccer 6.lnk
[2014/01/24 15:03:30 | 000,128,082 | ---- | C] () -- d:\My Documents\NGjbr_Icl6aDTfo-eLVeqbPshh4Ah0Ro-gMnPSqJ4GRFVP1sUMWl6Q==.gif
[2014/01/23 18:51:14 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Jojo's Fashion Show.lnk
[2014/01/23 14:54:50 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2014/01/23 14:47:38 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2014/01/23 14:44:01 | 000,105,016 | ---- | C] () -- d:\My Documents\R6.jpg
[2011/12/24 15:40:44 | 000,000,452 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2011/11/10 19:39:08 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Administrator\DreamGame.cfg
[2011/07/30 23:14:16 | 000,025,073 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\addons.dat
[2011/07/30 22:12:48 | 000,000,588 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/17 22:15:25 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 08:34:54 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls

========== ZeroAccess Check ==========

[2011/12/17 18:33:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 20:51:57 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 19:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 15:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/07/17 19:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2011/06/16 12:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AT&T
[2014/01/23 14:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Baidu Security
[2012/09/23 13:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitZipper
[2011/11/10 19:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Boolat Games
[2011/07/17 19:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bytemobile
[2011/06/16 12:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DBUpdater
[2011/07/30 23:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
[2011/07/16 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EleFun Games
[2011/12/25 15:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameHouse
[2014/01/23 18:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab
[2014/01/20 03:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\imeshmusicboxtoolbar181
[2012/03/27 11:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2014/02/21 12:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2011/12/17 18:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2012/09/22 00:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ooVoo Details
[2013/03/29 14:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2012/07/10 18:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/12/17 18:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2013/08/10 14:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoSurfer
[2011/11/02 14:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2011/06/15 20:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Rovio
[2011/09/25 10:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sahmon Games
[2014/02/21 12:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\searchresultstb
[2011/06/16 12:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless
[2011/10/02 22:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smadav
[2012/07/29 03:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Softplicity
[2014/01/23 14:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SwvUpdater
[2011/09/03 00:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Web Page Maker
[2012/06/09 19:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZTEEVDO
[2012/06/09 19:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZTEMTUI
[2011/06/14 02:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/06/16 12:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2014/01/23 14:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu Security
[2013/08/11 05:46:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/03/29 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cucusoft
[2012/08/11 00:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2014/02/07 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Datamngr
[2012/07/11 19:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/07/17 06:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2013/08/23 02:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FUJIFILM
[2011/11/10 19:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HeroCraft
[2011/12/17 18:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/11/10 19:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingdom
[2012/01/05 02:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mobinil USB Modem
[2011/07/17 19:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2011/12/17 18:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/11/02 14:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/16 12:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2011/11/18 16:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/03/18 20:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2011/06/15 20:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2013/09/08 01:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/01/20 03:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2011/07/17 19:33:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0ACE0403-C75D-488C-A403-7A57E9848B62}
[2011/07/17 19:33:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DC0367D0-1ABC-41AB-A652-BEA20F0FF1E4}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/02 22:38:29 | 000,069,120 | ---- | C] (Microsoft Corporation)(C:\WINDOWS\System32\PIR?sys.dll) -- C:\WINDOWS\System32\PIRΔsys.dll
[2011/07/05 12:49:10 | 000,026,112 | ---- | M] ()(d:\My Documents\??110701.xls) -- d:\My Documents\订仓110701.xls
[2011/07/05 12:49:10 | 000,026,112 | ---- | C] ()(d:\My Documents\??110701.xls) -- d:\My Documents\订仓110701.xls
[2008/04/14 15:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation)(C:\WINDOWS\System32\PIR?sys.dll) -- C:\WINDOWS\System32\PIRΔsys.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4062CFB2

< End of report >
  • 0

Advertisements

#2
Pyxis
Posted 22 February 2014 - 11:12 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis
Posted 23 February 2014 - 08:07 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Music Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator)
SRV - [2014/02/21 12:46:27 | 000,111,392 | ---- | M] () [Auto | Running] -- C:\Program Files\SecretSauce\bin\utilSecretSauce.exe -- (Util SecretSauce)
SRV - [2014/02/07 14:37:43 | 000,080,160 | ---- | M] () [Auto | Running] -- C:\Program Files\SecretSauce\updateSecretSauce.exe -- (Update SecretSauce)
SRV - [2014/01/31 00:05:23 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - [2009/05/06 16:32:54 | 000,230,424 | ---- | M] (DopLive P2P网络视频) [Auto | Running] -- C:\Program Files\â¹ûTV\schedule.exe -- (Dopool_Schedule)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...=n10906-232&t=4
IE - HKCU\..\URLSearchHook: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...80-36E6D447C0D9
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1392740
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1713&v=n10906-232&t=4"
FF - prefs.js..extensions.enabledAddons: %7B345422e3-72fa-447a-9550-97803edfacf3%7D:1.0.0
FF - prefs.js..extensions.enabledAddons: 0402d750-8010-4204-b167-01e83cb6f12d%40694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com:0.93.30
FF - prefs.js..keyword.URL: "http://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1713&systemid=1&v=n10906-232&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=6071113635594523&o=APN10653&q="
[2014/01/20 03:43:47 | 000,000,000 | ---D | M] (Music Toolbar (Dist. by iMesh, Inc.)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\{282b0e54-8981-49eb-9193-5910a1f6fd33}
[2014/02/21 12:45:34 | 000,000,000 | ---D | M] (Ask New Tabs) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\{6E78F789-1B96-0883-C85C-88CB299356D9}
[2014/01/30 13:28:17 | 000,000,000 | ---D | M] ("FTdownloader V7.0") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com
[2014/02/20 02:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com\extensionData
[2014/02/20 02:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com\extensionData\plugins
[2014/02/20 02:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\0402d750-8010-4204-b167-01e83cb6f12d@694f8c69-18e7-4a97-8e6d-448c10f4a0ff.com\extensionData\userCode
[2014/02/07 14:34:57 | 000,007,164 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\extensions\{345422e3-72fa-447a-9550-97803edfacf3}.xpi
[2014/01/20 03:43:08 | 000,002,662 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\searchplugins\Ask.xml
[2012/09/22 00:11:17 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\searchplugins\askcom.xml
[2012/09/16 00:49:28 | 000,009,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xexq3xdt.default\searchplugins\mywebsearch.xml
O2 - BHO: (SecretSauce) - {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} - C:\Program Files\SecretSauce\SecretSauceBHO.dll (SecretSauce)
O2 - BHO: (FTdownloader V7.0) - {11111111-1111-1111-1111-110411901134} - C:\Program Files\FTdownloader V7.0\FTdownloader V7.0-bho.dll (installdaddy)
O2 - BHO: (Music Toolbar (Dist. by iMesh, Inc.)) - {282b0e54-8981-49eb-9193-5910a1f6fd33} - C:\Program Files\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
O2 - BHO: (MyPlayCity Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Music Toolbar (Dist. by iMesh, Inc.)) - {282b0e54-8981-49eb-9193-5910a1f6fd33} - C:\Program Files\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx.dll ()
O3 - HKLM\..\Toolbar: (MyPlayCity Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPlayCity Toolbar) - {4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKCU..\Run: [NextLive] C:\Documents and Settings\Administrator\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\progra~1\musict~1\datamngr\mgrldr.dll) - File not found
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\WINDOWS\System32\tasklist.exe (Microsoft Corporation)
O36 - AppCertDlls: x64 - (c:\program files\music toolbar\datamngr\x64\apcrtldr.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll) - File not found
[2014/02/21 12:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\searchresultstb
[2014/02/21 12:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FTdownloader V7.0
[2014/01/23 14:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SwvUpdater
[2014/01/23 14:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Mobogenie
[2014/01/23 14:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/01/23 14:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2014/01/23 14:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2014/01/23 14:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\genienext
[2014/01/23 14:55:27 | 000,000,000 | ---D | C] -- d:\My Documents\Mobogenie
[2014/01/23 14:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie
[2014/02/21 12:41:19 | 000,002,142 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-chromeinstaller-dev.job
[2014/02/21 12:41:17 | 000,001,368 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-updater.job
[2014/02/21 12:40:31 | 000,001,310 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-codedownloader.job
[2014/02/21 12:40:29 | 000,002,182 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-firefoxinstaller.job
[2014/02/21 12:40:28 | 000,001,192 | ---- | M] () -- C:\WINDOWS\tasks\FTdownloader V7.0-enabler.job
[2014/01/20 03:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\imeshmusicboxtoolbar181
[2014/02/21 12:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2014/02/21 12:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\searchresultstb
[2014/01/23 14:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SwvUpdater
[2011/07/17 19:33:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0ACE0403-C75D-488C-A403-7A57E9848B62}
[2011/07/17 19:33:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DC0367D0-1ABC-41AB-A652-BEA20F0FF1E4}
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4062CFB2

:Files
C:\Program Files\â¹ûTV
C:\Program Files\SecretSauce
C:\Program Files\Mobogenie


:Commands
[emptytemp]
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    If you haven't already, download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

    Posted Image

  • Click Run Scan.
  • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):
  • MMDDYYYY_HHMMSS.log (OTL)
  • Extras.txt (OTL)
  • OTL.txt (OTL)
  • AdwCleaner[S*].txt (AdwCleaner)
  • JRT.txt (Junkware Removal Tool)

  • 0

#4
Essexboy
Posted 27 February 2014 - 07:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP