Jump to content

fireice99

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Borislav, How can i ever thank you enough
  2. Hi, It had no infections detected. My browser is also Google by default now, no more redirection. I presume the malware has been removed somehow?
  3. C:\Users\All Users\InstallMate\{2DA05166-31C6-4048-A2A3-79E4F6437390}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.27.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir a variant of MSIL/Toolbar.Linkury.A potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SnapDo.exe.vir a variant of Win32/Toolbar.Linkury.A potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\srbs.dll.vir a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\ExtInstaller\2.exe.vir a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\OpenCandy\F957C95FC66B4E2AB1682D7A7AE7F03B\pcspeedup.exe.vir a variant of Win32/Speedchecker.A potentially unwanted application deleted - quarantined C:\ProgramData\InstallMate\{2DA05166-31C6-4048-A2A3-79E4F6437390}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined C:\Users\Green\Downloads\u.zip Win32/UltraReach potentially unsafe application deleted - quarantined C:\Users\user\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined C:\Users\user\Downloads\asc7-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined C:\Users\user\Downloads\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined C:\Users\user\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Users\user\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Users\user\Downloads\u (1).zip Win32/UltraReach potentially unsafe application deleted - quarantined C:\Users\user\Downloads\u.zip Win32/UltraReach.AF potentially unsafe application deleted - quarantined C:\Users\user\Downloads\u1303.zip Win32/UltraReach potentially unsafe application deleted - quarantined C:\Users\user\Downloads\u\u1301.exe Win32/UltraReach.AF potentially unsafe application deleted - quarantined C:\Users\user\Downloads\u1303\u1303.exe Win32/UltraReach potentially unsafe application deleted - quarantined C:\Windows\Installer\MSIB98A.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantined D:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 12.zip Win32/UltraReach potentially unsafe application deleted - quarantined D:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 3.zip Win32/UltraReach potentially unsafe application deleted - quarantined D:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 9.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
  4. ComboFix 14-02-12.01 - Tristen 13/02/2014 19:25:55.1.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.6134.4107 [GMT 8:00] Running from: c:\users\Tristen\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-01-13 to 2014-02-13 ))))))))))))))))))))))))))))))) . . 2014-02-13 11:31 . 2014-02-13 11:31 -------- d-----w- c:\users\user\AppData\Local\temp 2014-02-13 11:31 . 2014-02-13 11:31 -------- d-----w- c:\users\Tristen\AppData\Local\temp 2014-02-13 11:17 . 2014-02-13 11:17 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E88B0D17-9048-497E-92AD-A840340AE4A8}\offreg.dll 2014-02-13 08:28 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E88B0D17-9048-497E-92AD-A840340AE4A8}\mpengine.dll 2014-02-13 08:24 . 2014-02-13 09:00 1024 ---h--w- C:\AMTAG.BIN 2014-02-12 16:59 . 2014-02-05 09:51 599040 ----a-w- c:\windows\system32\vbscript.dll 2014-02-12 16:59 . 2014-02-05 09:51 816640 ----a-w- c:\windows\system32\jscript.dll 2014-02-12 16:59 . 2014-02-05 08:56 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-02-12 16:59 . 2014-02-05 08:50 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2014-02-12 16:59 . 2014-02-05 08:49 104448 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2014-02-12 16:59 . 2014-02-05 09:53 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2014-02-12 16:59 . 2014-02-05 09:53 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2014-02-12 16:59 . 2014-02-05 08:50 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2014-02-12 16:59 . 2014-02-05 10:19 17849344 ----a-w- c:\windows\system32\mshtml.dll 2014-02-12 16:59 . 2014-02-05 10:02 10926080 ----a-w- c:\windows\system32\ieframe.dll 2014-02-12 10:22 . 2013-12-05 04:48 1869824 ----a-w- c:\windows\system32\msxml3.dll 2014-02-12 10:22 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll 2014-02-11 14:27 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-02-09 16:18 . 2014-02-09 16:18 -------- d-----w- c:\windows\ERUNT 2014-02-05 14:09 . 2014-02-05 14:09 -------- d-----w- C:\_OTL 2014-02-05 13:40 . 2014-02-09 06:22 6522 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2014-02-05 12:01 . 2014-02-05 12:07 545 ----a-w- C:\prefs.js 2014-02-05 11:09 . 2014-02-05 12:10 -------- d-----w- c:\users\Tristen\AppData\Roaming\vlc 2014-02-05 11:06 . 2014-02-05 11:06 -------- d-----w- c:\program files (x86)\VideoLAN 2014-02-05 11:05 . 2014-02-05 11:05 -------- d-----w- c:\users\Tristen\AppData\Roaming\Malwarebytes 2014-02-05 11:05 . 2014-02-05 11:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-02-05 11:05 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-01-30 17:35 . 2014-02-05 10:54 -------- d-----w- c:\users\Tristen\AppData\Roaming\Media Player Classic 2014-01-30 17:09 . 2014-01-30 17:09 -------- d-----w- c:\users\Tristen\AppData\Local\Macromedia 2014-01-30 17:08 . 2014-01-30 17:08 -------- d-----w- c:\users\Tristen\AppData\Local\Mozilla 2014-01-27 12:08 . 2014-01-27 12:08 -------- d-----w- c:\program files\iPod 2014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\program files\iTunes 2014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\program files (x86)\iTunes 2014-01-24 01:50 . 2014-01-24 01:50 -------- d-----w- c:\users\Tristen\AppData\Local\Adobe 2014-01-24 01:44 . 2013-10-19 08:17 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B50950FA-02ED-4CC3-959F-42427632FC0C}\gapaengine.dll 2014-01-21 11:34 . 2014-01-21 11:34 -------- d-----w- c:\users\Tristen\AppData\Roaming\Awesomium 2014-01-21 11:34 . 2014-01-21 11:34 -------- d-----w- c:\programdata\Hi-Rez Studios 2014-01-21 11:33 . 2014-01-21 11:34 -------- d-----w- c:\program files (x86)\Hi-Rez Studios 2014-01-15 16:40 . 2014-02-03 16:44 -------- d-----w- c:\users\Tristen\AppData\Roaming\Audacity 2014-01-15 16:40 . 2014-01-15 16:40 -------- d-----w- c:\program files (x86)\Audacity 2014-01-15 06:34 . 2014-01-15 06:34 -------- d-----w- c:\program files (x86)\LOLReplay . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-05 12:12 . 2013-11-10 07:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-05 12:12 . 2013-08-15 07:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-01-19 07:33 . 2013-08-15 08:10 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-01-15 18:14 . 2006-11-02 12:35 86054176 ----a-w- c:\windows\system32\mrt.exe 2014-01-07 06:55 . 2014-01-07 06:52 65536 ----a-w- c:\windows\IFinst27.exe 2013-12-16 10:36 . 2013-12-16 10:36 49940480 ----a-w- c:\program files (x86)\GUT1931.tmp 2013-12-16 05:25 . 2013-12-16 05:25 49940480 ----a-w- c:\program files (x86)\GUTD7AA.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY . S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-04 15:33 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-10 12:12] . 2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11 05:13] . 2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11 05:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-11-10 13653208] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8 . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-LoL - c:\program files (x86)\GarenaLoL\uninst.exe AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe AddRemove-Steam App 570 - c:\program files (x86)\Steam\steam.exe AddRemove-{EF36D026-6634-4BED-A82F-D1EDCD4BE68C}_is1 - c:\program files (x86)\Wizet\MapleStorySEA\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,c0,31,77,38,7e,d6,4b,ad,9b,13,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,c0,31,77,38,7e,d6,4b,ad,9b,13,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2014-02-13 19:33:46 ComboFix-quarantined-files.txt 2014-02-13 11:33 . Pre-Run: 366,172,495,872 bytes free Post-Run: 366,034,075,648 bytes free . - - End Of File - - 68A3FDDC06526E5B62F8D1795DD87207 5C616939100B85E558DA92B899A0FC36
  5. Hi Borislav, Unfortunately the problem still persists. After resetting, Google is the default, upon closing and reopening the broswer http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p=%s restores itself as default!
  6. Hi Borislav, The browser redirection still exists Deleting Yahoo from list of search engines and replacing it with google as default temporarily restores my comp back to normal, but once i close chrome and reopen it yahoo becomes the default broswer.
  7. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to change the HomePage. File C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1 not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully. C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Tristen\Desktop\Clean\cmd.bat deleted successfully. C:\Users\Tristen\Desktop\Clean\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Green ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes User: Kids ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes User: Public User: TEMP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Tristen ->Temp folder emptied: 3550222 bytes ->Temporary Internet Files folder emptied: 70629622 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 11984889 bytes ->Flash cache emptied: 820 bytes User: user ->Temp folder emptied: 6247095 bytes ->Temporary Internet Files folder emptied: 1008052 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 49661450 bytes ->Flash cache emptied: 291 bytes User: wangzhisong %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 6522 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 79832 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 137.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02102014_210156 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\PerfStringBackup.TMP scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  8. OTL logfile created on: 10/2/2014 12:57:31 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tristen\Desktop\Clean 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy 5.99 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 59.90% Memory free 12.09 Gb Paging File | 9.65 Gb Available in Paging File | 79.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 488.28 Gb Total Space | 317.06 Gb Free Space | 64.93% Space Free | Partition Type: NTFS Drive D: | 443.23 Gb Total Space | 408.38 Gb Free Space | 92.14% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: Tristen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\Clean\OTL.exe PRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe PRC - [2013/12/11 12:23:04 | 000,526,848 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe PRC - [2013/11/04 11:01:40 | 001,025,856 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe PRC - [2013/10/25 12:07:12 | 000,469,280 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exe PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ========== Modules (No Company Name) ========== MOD - [2014/02/02 07:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll MOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll MOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013/12/13 11:24:22 | 000,553,776 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll MOD - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe MOD - [2013/12/11 12:22:44 | 000,378,368 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll MOD - [2013/10/10 12:06:01 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29ab1d8aa9cef7960c27d0e9c78d685a\System.Configuration.ni.dll MOD - [2013/10/10 11:17:43 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\af71e097fedd23dd447153e44826366a\System.Windows.Forms.ni.dll MOD - [2013/10/10 11:17:30 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1e743e5431681bf5d856d2b25cf1f083\System.Core.ni.dll MOD - [2013/10/10 11:17:26 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c265fd5e60d5847789f6fe408c5cec\PresentationFramework.ni.dll MOD - [2013/10/10 11:17:13 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9803a73cdf2d218d14069716ed6feda9\PresentationCore.ni.dll MOD - [2013/10/10 11:17:01 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\89a4ec2a9793e121738ae9111a911bda\WindowsBase.ni.dll MOD - [2013/08/17 12:26:52 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\13ca5a02ada78d39db7c6196120e4301\System.Xml.ni.dll MOD - [2013/08/17 12:26:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dc5209760859839df25e6fc0e9424a0c\System.Drawing.ni.dll MOD - [2013/08/17 12:26:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6581049bfc1c440a67084fd3762a5609\PresentationFramework.Aero.ni.dll MOD - [2013/08/17 12:25:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ab9f3f5c6b8a70ead224186f29eca132\System.ni.dll MOD - [2013/08/17 12:25:42 | 011,498,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\33b224b9839adb5343e0e4b37c802410\mscorlib.ni.dll MOD - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe MOD - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe MOD - [2009/10/31 21:42:43 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\SSOle.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server) SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2014/02/05 20:12:51 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/01/31 03:16:18 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2014/01/08 05:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7) SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc) SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/04/12 00:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/10/22 12:12:37 | 000,322,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2013/10/22 12:09:26 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64) DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga) DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2013/05/22 18:49:34 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/02/29 21:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009/07/13 16:16:42 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2009/07/13 16:13:51 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp) DRV:64bit: - [2009/01/19 14:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x) DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2008/01/21 10:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Yahoo (Enabled) CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms} CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}, CHR - homepage: http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ch CHR - Extension: Google Docs = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Turn Off the Lights = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.6_0\ CHR - Extension: YouTube = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: HTTPS Everywhere = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\ CHR - Extension: AdBlock = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\ CHR - Extension: Skype Click to Call = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\ CHR - Extension: Google Wallet = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\ CHR - Extension: Fullscreen Anything = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh\2_0\ CHR - Extension: Gmail = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006/09/19 05:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [3180 Scan2PC] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe () O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/12/17 13:07:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/02/10 00:49:40 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Desktop\Clean [2014/02/10 00:18:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/02/05 22:09:38 | 000,000,000 | ---D | C] -- C:\_OTL [2014/02/05 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\vlc [2014/02/05 19:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2014/02/05 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2014/02/05 19:05:48 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Malwarebytes [2014/02/05 19:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014/02/05 19:05:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014/02/05 19:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014/01/31 01:35:00 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Media Player Classic [2014/01/31 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Macromedia [2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Mozilla [2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Mozilla [2014/01/31 01:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2014/01/27 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2014/01/27 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2014/01/27 20:05:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\RJC CHEM [2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Bio [2014/01/25 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\KI NOTES [2014/01/25 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Physics [2014/01/24 23:22:21 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2014/01/24 09:50:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Adobe [2014/01/21 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\My Games [2014/01/21 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Awesomium [2014/01/21 19:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios [2014/01/21 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios [2014/01/21 19:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios [2014/01/16 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Audacity [2014/01/16 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2014/01/15 14:35:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\LOLReplay [2014/01/15 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay [2014/01/13 14:07:58 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple [2014/01/13 14:05:25 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple Computer [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/02/10 00:53:55 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/02/10 00:53:48 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job [2014/02/10 00:52:29 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014/02/10 00:52:29 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2014/02/10 00:52:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/02/10 00:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/02/10 00:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/02/05 21:57:54 | 000,000,977 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/02/05 20:12:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/02/05 20:12:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014/02/05 20:07:16 | 000,000,545 | ---- | M] () -- C:\prefs.js [2014/02/05 19:07:05 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2014/02/05 19:05:36 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/01/31 19:41:56 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2014/01/30 23:01:04 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk [2014/01/27 21:57:21 | 000,000,972 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2014/01/27 20:09:07 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2014/01/21 19:34:13 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk [2014/01/21 19:34:13 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk [2014/01/16 00:40:25 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk [2014/01/15 14:35:00 | 000,001,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2014/01/15 14:35:00 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2014/01/11 17:39:49 | 000,002,053 | ---- | M] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/02/05 21:57:54 | 000,000,977 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/02/05 20:01:53 | 000,000,545 | ---- | C] () -- C:\prefs.js [2014/02/05 19:07:05 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2014/02/05 19:05:36 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/01/31 19:41:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW [2014/01/27 21:57:21 | 000,000,972 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2014/01/27 20:09:07 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2014/01/21 19:34:13 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk [2014/01/21 19:34:13 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk [2014/01/16 00:40:25 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2014/01/16 00:40:25 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk [2014/01/15 14:35:00 | 000,001,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2014/01/15 14:35:00 | 000,001,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk [2014/01/15 14:35:00 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2014/01/07 14:52:52 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2014/01/07 11:15:10 | 000,000,632 | RHS- | C] () -- C:\Users\Tristen\ntuser.pol [2013/12/23 11:49:10 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini [2013/10/30 11:45:51 | 000,741,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/10/07 15:35:48 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2013/08/15 16:47:33 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe [2013/08/15 16:46:56 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini [2013/08/15 16:46:53 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll [2013/08/15 16:32:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe [2013/08/15 16:31:51 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe [2013/08/15 16:12:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013/08/15 15:21:45 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013/08/15 15:21:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2013/08/15 15:21:44 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2013/08/15 15:21:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013/08/15 15:21:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll ========== ZeroAccess Check ========== [2006/11/02 23:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/12 00:22:50 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/12 00:23:09 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 10:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit [2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit [2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013/12/06 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\IObit [2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\TuneUp Software [2013/12/14 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVG2013 [2014/01/01 21:27:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\GarenaPlus [2013/11/23 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\IObit [2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\IObit [2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software [2014/02/04 00:44:42 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Audacity [2014/01/21 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Awesomium [2014/01/07 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Garena [2014/02/09 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\GarenaPlus [2014/01/07 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\IObit [2014/01/07 11:29:35 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\LolClient [2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\TuneUp Software [2013/09/03 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG [2013/12/14 14:48:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013 [2013/12/01 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2014 [2014/02/09 15:00:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox [2013/12/22 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena [2014/01/07 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus [2013/11/10 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit [2013/12/05 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient [2013/08/17 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung [2013/12/23 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report >
  9. # AdwCleaner v3.018 - Report created 10/02/2014 at 00:51:05 # Updated 28/01/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : Tristen - USER-PC # Running from : C:\Users\Tristen\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Mozilla Firefox v -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1943 octets] - [10/11/2013 18:28:11] AdwCleaner[R10].txt - [2890 octets] - [05/02/2014 21:47:45] AdwCleaner[R11].txt - [2241 octets] - [10/02/2014 00:50:11] AdwCleaner[R1].txt - [2499 octets] - [11/11/2013 12:13:42] AdwCleaner[R2].txt - [1096 octets] - [11/11/2013 12:34:13] AdwCleaner[R3].txt - [1271 octets] - [18/11/2013 16:08:24] AdwCleaner[R4].txt - [2905 octets] - [04/12/2013 13:34:33] AdwCleaner[R5].txt - [6137 octets] - [04/12/2013 14:45:04] AdwCleaner[R6].txt - [1631 octets] - [17/12/2013 13:18:53] AdwCleaner[R7].txt - [4153 octets] - [17/12/2013 17:00:55] AdwCleaner[R8].txt - [1811 octets] - [19/12/2013 14:40:46] AdwCleaner[R9].txt - [7604 octets] - [23/12/2013 14:43:34] AdwCleaner[s0].txt - [1964 octets] - [10/11/2013 18:29:13] AdwCleaner[s10].txt - [1622 octets] - [10/02/2014 00:51:05] AdwCleaner[s1].txt - [1757 octets] - [11/11/2013 12:15:10] AdwCleaner[s2].txt - [1158 octets] - [11/11/2013 12:35:10] AdwCleaner[s3].txt - [1339 octets] - [18/11/2013 16:09:59] AdwCleaner[s4].txt - [5396 octets] - [04/12/2013 13:35:25] AdwCleaner[s5].txt - [3155 octets] - [04/12/2013 14:45:55] AdwCleaner[s6].txt - [3518 octets] - [17/12/2013 17:02:21] AdwCleaner[s7].txt - [1878 octets] - [19/12/2013 14:41:51] AdwCleaner[s8].txt - [6111 octets] - [23/12/2013 14:44:47] AdwCleaner[s9].txt - [2972 octets] - [05/02/2014 21:50:29] ########## EOF - C:\AdwCleaner\AdwCleaner[s10].txt - [2223 octets] ##########
  10. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.1 (02.04.2014:1) OS: Windows Vista Home Premium x64 Ran by Tristen on Mon 10/02/2014 at 0:18:04.83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 10/02/2014 at 0:24:29.00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to change the HomePage. C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\img folder moved successfully. C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully. C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully. C:\Users\Tristen\AppData\Roaming\uTorrent folder moved successfully. Folder C:\Users\Tristen\AppData\Roaming\uTorrent\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Tristen\Desktop\cmd.bat deleted successfully. C:\Users\Tristen\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Green ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes User: Kids ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes User: Public User: TEMP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Tristen ->Temp folder emptied: 5304524 bytes ->Temporary Internet Files folder emptied: 44227060 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 6652897 bytes ->Flash cache emptied: 586 bytes User: user ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: wangzhisong %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 6522 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 63248 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 54.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02082014_134635 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\PerfStringBackup.TMP scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Hi Borislav, FYI The yahoo search browser still exists, and I have no idea who Wangzhisong is!
  12. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 15/8/2013 3:06:20 PM System Uptime: 7/2/2014 7:03:27 PM (0 hours ago) . Motherboard: Acer | | FX58M Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2667/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 488 GiB total, 319.206 GiB free. D: is FIXED (NTFS) - 443 GiB total, 408.294 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: Standard PS/2 Keyboard Device ID: ACPI\PNP0303\4&6730480&0 Manufacturer: (Standard keyboards) Name: Standard PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&6730480&0 Service: i8042prt . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&6730480&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&6730480&0 Service: i8042prt . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Reader X (10.1.9) Advanced SystemCare 7 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 2.0.5 AVG 2013 BlackVue HD BlackVueHD Bonjour CCleaner Dota 2 Driver Booster Garena - League of Legends Google Chrome Google Update Helper Hi-Rez Studios Authenticate and Update Service Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Network Connections IObit Malware Fighter IObit Uninstaller iTunes Java 7 Update 25 Java Auto Updater K-Lite Mega Codec Pack 7.1.0 LOLReplay Maintenance Samsung CLX-3180 Series Malwarebytes Anti-Malware version 1.75.0.1300 MapleStorySEA 1.35 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Control Panel 331.58 NVIDIA Install Application Readiris Pro 10 Realtek High Definition Audio Driver Samsung Network PC Fax Samsung Scan Assistant Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Skype Click to Call Skype™ 6.11 Smart Defrag 2 SmarThru 4 Smite Steam Surfing Protection TeamViewer 8 TuneUp Utilities 2014 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Visual Studio 2010 x64 Redistributables VLC media player 2.1.3 WinRAR archiver . ==== End Of File ===========================
  13. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.25.2 Run by Tristen at 19:27:16 on 2014-02-07 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.6134.3259 [GMT 8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\wuauclt.exe C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.165.3360.0.exe C:\Windows\system32\MpSigStub.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe C:\Program Files (x86)\Garena Plus\ggdllhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe C:\Windows\Samsung\PanelMgr\caller64.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart mRun: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.1 TCP: Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087} : NameServer = 8.8.8.8 TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-22 17720] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952] R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-10 881440] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-1-21 9216] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-10-22 341824] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-5 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-5 701512] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944] R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2013-8-15 229888] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2009-7-13 11576] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-14 5087584] R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2013-10-22 322760] R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [2013-10-22 23048] R3 gwfilt64;gwfilt64;C:\Windows\System32\drivers\gwfilt64.sys [2013-10-22 34840] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-5 25928] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-1-19 609280] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys [2013-10-22 34848] R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys [2013-10-22 23016] S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-10 2151200] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-12 89920] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2014-02-07 11:10:03 6522 ----a-w- C:\Windows\System32\PerfStringBackup.TMP 2014-02-05 12:12:51 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-05 12:12:51 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe 2014-01-15 18:14:26 86054176 ----a-w- C:\Windows\System32\mrt.exe 2014-01-07 06:55:33 65536 ----a-w- C:\Windows\IFinst27.exe 2013-12-17 05:07:36 0 ----a-w- C:\autoexec.bat 2013-12-16 10:36:19 49940480 ----a-w- C:\Program Files (x86)\GUT1931.tmp 2013-12-16 05:25:32 49940480 ----a-w- C:\Program Files (x86)\GUTD7AA.tmp 2013-11-10 10:23:15 18290536 ----a-w- C:\Windows\System32\nvwgf2umx.dll 2013-11-10 10:23:09 15858664 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll 2013-11-10 10:23:03 9472600 ----a-w- C:\Windows\SysWow64\nvopencl.dll 2013-11-10 10:23:00 11362672 ----a-w- C:\Windows\System32\nvopencl.dll 2013-11-10 10:21:58 17560352 ----a-w- C:\Windows\SysWow64\nvcompiler.dll 2013-11-10 10:21:55 25256224 ----a-w- C:\Windows\System32\nvcompiler.dll 2013-11-10 10:21:46 3067560 ----a-w- C:\Windows\System32\nvapi64.dll 2013-11-10 10:21:45 2694664 ----a-w- C:\Windows\SysWow64\nvapi.dll 2013-11-10 10:19:50 2809048 ----a-w- C:\Windows\System32\RtPgEx64.dll 2013-11-10 10:19:50 1662024 ----a-w- C:\Windows\System32\RTSnMg64.cpl 2013-11-10 10:19:45 3641688 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2013-11-10 10:19:36 2586840 ----a-w- C:\Windows\System32\RtkAPO64.dll 2013-11-10 10:19:34 1005784 ----a-w- C:\Windows\System32\RtkApi64.dll 2013-11-10 10:19:32 617176 ----a-w- C:\Windows\System32\RtDataProc64.dll 2013-11-10 10:19:14 149208 ----a-w- C:\Windows\System32\RCoInstII64.dll 2013-11-10 10:19:04 397080 ----a-w- C:\Windows\System32\MBWrp64.dll 2013-11-10 10:18:20 2743328 ----a-w- C:\Windows\System32\FMAPO64.dll 2013-11-10 10:18:08 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll . ============= FINISH: 19:28:24.57 ===============
  14. Hello Borislav and thanks for your speedy aid! OTL.txt is per below: OTL logfile created on: 6/2/2014 4:30:52 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tristen\Desktop64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy 5.99 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 59.88% Memory free12.09 Gb Paging File | 9.55 Gb Available in Paging File | 78.97% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 488.28 Gb Total Space | 323.35 Gb Free Space | 66.22% Space Free | Partition Type: NTFSDrive D: | 443.23 Gb Total Space | 408.29 Gb Free Space | 92.12% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: Tristen | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exePRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/12/13 17:44:36 | 001,573,184 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exePRC - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exePRC - [2013/12/11 12:23:04 | 000,526,848 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exePRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exePRC - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exePRC - [2013/11/04 11:01:40 | 001,025,856 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exePRC - [2013/10/25 12:07:12 | 000,469,280 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exePRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exePRC - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exePRC - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ========== Modules (No Company Name) ========== MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dllMOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dllMOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dllMOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2013/12/13 11:24:22 | 000,553,776 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dllMOD - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exeMOD - [2013/12/11 12:22:44 | 000,378,368 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dllMOD - [2013/10/10 12:06:01 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29ab1d8aa9cef7960c27d0e9c78d685a\System.Configuration.ni.dllMOD - [2013/10/10 11:17:43 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\af71e097fedd23dd447153e44826366a\System.Windows.Forms.ni.dllMOD - [2013/10/10 11:17:30 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1e743e5431681bf5d856d2b25cf1f083\System.Core.ni.dllMOD - [2013/10/10 11:17:26 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c265fd5e60d5847789f6fe408c5cec\PresentationFramework.ni.dllMOD - [2013/10/10 11:17:13 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9803a73cdf2d218d14069716ed6feda9\PresentationCore.ni.dllMOD - [2013/10/10 11:17:01 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\89a4ec2a9793e121738ae9111a911bda\WindowsBase.ni.dllMOD - [2013/08/17 12:26:52 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\13ca5a02ada78d39db7c6196120e4301\System.Xml.ni.dllMOD - [2013/08/17 12:26:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dc5209760859839df25e6fc0e9424a0c\System.Drawing.ni.dllMOD - [2013/08/17 12:26:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6581049bfc1c440a67084fd3762a5609\PresentationFramework.Aero.ni.dllMOD - [2013/08/17 12:25:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ab9f3f5c6b8a70ead224186f29eca132\System.ni.dllMOD - [2013/08/17 12:25:42 | 011,498,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\33b224b9839adb5343e0e4b37c802410\mscorlib.ni.dllMOD - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exeMOD - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exeMOD - [2009/10/31 21:42:43 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\SSOle.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2014/02/05 20:12:51 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2014/01/31 03:16:18 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)SRV - [2014/01/08 05:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/04/12 00:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/10/22 12:12:37 | 000,322,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)DRV:64bit: - [2013/10/22 12:09:26 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2013/05/22 18:49:34 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/02/29 21:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2009/07/13 16:16:42 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)DRV:64bit: - [2009/07/13 16:13:51 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)DRV:64bit: - [2009/01/19 14:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)DRV:64bit: - [2008/01/21 10:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)DRV - [2013/11/19 16:10:42 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys -- (UrlFilter)DRV - [2013/11/19 16:10:40 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys -- (RegFilter)DRV - [2013/03/23 15:49:42 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys -- (FileMonitor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyCyBtDtDtDyB0C0DtByCtN0D0Tzu0CyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=657671035&ir=IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ieIE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Yahoo (Enabled)CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},CHR - homepage: http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-chCHR - Extension: Google Docs = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: Turn Off the Lights = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.5_0\CHR - Extension: YouTube = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: HTTPS Everywhere = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\CHR - Extension: AdBlock = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\CHR - Extension: Skype Click to Call = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\CHR - Extension: Google Wallet = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\CHR - Extension: Fullscreen Anything = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh\2_0\CHR - Extension: Gmail = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006/09/19 05:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKLM..\Run: [3180 Scan2PC] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not foundO4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpgO24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpgO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013/12/17 13:07:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/02/06 16:29:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exe[2014/02/05 22:09:38 | 000,000,000 | ---D | C] -- C:\_OTL[2014/02/05 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\vlc[2014/02/05 19:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2014/02/05 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN[2014/02/05 19:05:48 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Malwarebytes[2014/02/05 19:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2014/02/05 19:05:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2014/02/05 19:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2014/02/05 18:38:22 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\uTorrent[2014/01/31 01:35:00 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Media Player Classic[2014/01/31 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Macromedia[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Mozilla[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Mozilla[2014/01/31 01:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla[2014/01/27 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2014/01/27 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2014/01/27 20:05:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\RJC CHEM[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Bio[2014/01/25 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\KI NOTES[2014/01/25 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Physics[2014/01/24 23:22:21 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR[2014/01/24 09:50:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Adobe[2014/01/21 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\My Games[2014/01/21 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Awesomium[2014/01/21 19:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios[2014/01/21 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios[2014/01/21 19:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios[2014/01/16 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Audacity[2014/01/16 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity[2014/01/15 14:35:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\LOLReplay[2014/01/15 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay[2014/01/13 14:07:58 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple[2014/01/13 14:05:25 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple Computer[2014/01/08 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Skype[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/02/06 16:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exe[2014/02/06 16:25:38 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2014/02/06 16:25:38 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job[2014/02/06 16:22:08 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2014/02/06 16:22:08 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2014/02/06 16:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2014/02/05 23:12:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2014/02/05 21:57:54 | 000,000,977 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2014/02/05 20:07:16 | 000,000,545 | ---- | M] () -- C:\prefs.js[2014/02/05 19:07:05 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014/02/05 19:05:36 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/01/31 19:41:56 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW[2014/01/30 23:01:04 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk[2014/01/27 21:57:21 | 000,000,972 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk[2014/01/27 20:09:07 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2014/01/21 19:34:13 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk[2014/01/21 19:34:13 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk[2014/01/16 00:40:25 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/01/15 14:35:00 | 000,001,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk[2014/01/15 14:35:00 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk[2014/01/11 17:39:49 | 000,002,053 | ---- | M] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk[2014/01/08 22:30:38 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/02/05 21:57:54 | 000,000,977 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2014/02/05 20:01:53 | 000,000,545 | ---- | C] () -- C:\prefs.js[2014/02/05 19:07:05 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014/02/05 19:05:36 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/01/31 19:41:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW[2014/01/27 21:57:21 | 000,000,972 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk[2014/01/27 20:09:07 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2014/01/21 19:34:13 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk[2014/01/21 19:34:13 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk[2014/01/16 00:40:25 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk[2014/01/16 00:40:25 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/01/15 14:35:00 | 000,001,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk[2014/01/15 14:35:00 | 000,001,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk[2014/01/15 14:35:00 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk[2014/01/08 13:09:04 | 000,002,053 | ---- | C] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk[2014/01/07 14:52:52 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe[2014/01/07 11:15:10 | 000,000,632 | RHS- | C] () -- C:\Users\Tristen\ntuser.pol[2013/12/23 11:49:10 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini[2013/10/30 11:45:51 | 000,741,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/10/07 15:35:48 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll[2013/08/15 16:47:33 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe[2013/08/15 16:46:56 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini[2013/08/15 16:46:53 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll[2013/08/15 16:32:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe[2013/08/15 16:31:51 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe[2013/08/15 16:12:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2013/08/15 15:21:45 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2013/08/15 15:21:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini[2013/08/15 15:21:44 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[2013/08/15 15:21:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[2013/08/15 15:21:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll ========== ZeroAccess Check ========== [2006/11/02 23:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/12 00:22:50 | 000,891,392 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/12 00:23:09 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 10:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software[2013/12/06 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\TuneUp Software[2013/12/14 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVG2013[2014/01/01 21:27:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\GarenaPlus[2013/11/23 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\IObit[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software[2014/02/04 00:44:42 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Audacity[2014/01/21 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Awesomium[2014/01/07 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Garena[2014/02/05 22:37:04 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\GarenaPlus[2014/01/07 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\IObit[2014/01/07 11:29:35 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\LolClient[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\TuneUp Software[2014/02/05 18:54:55 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\uTorrent[2013/09/03 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG[2013/12/14 14:48:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013[2013/12/01 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2014[2014/01/30 10:07:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox[2013/12/22 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena[2014/01/07 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus[2013/11/10 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit[2013/12/05 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient[2013/08/17 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung[2013/12/23 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.