Jump to content

Unvanquishable Spigot


Recommended Posts

Hi,

 

Somehow managed to install this vile program and now I cannot delete it. MalwareBytes scans, CC Cleans, IObit Scans all seem to be unable to detect this spigot program.

 

I am sure i have deleted it from Control panel => Uninstall but I have no idea why http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie   and

  

http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p=(search item) keep appearing.

 

Any help is gratefully appreciated.

Link to post
Share on other sites

Hello fireice99 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Hello Borislav and thanks for your speedy aid! :) 

OTL.txt is per below:

 

OTL logfile created on: 6/2/2014 4:30:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tristen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
 
5.99 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 59.88% Memory free
12.09 Gb Paging File | 9.55 Gb Available in Paging File | 78.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.28 Gb Total Space | 323.35 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 408.29 Gb Free Space | 92.12% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: Tristen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exe
PRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 17:44:36 | 001,573,184 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/12/11 12:23:04 | 000,526,848 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2013/11/04 11:01:40 | 001,025,856 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
PRC - [2013/10/25 12:07:12 | 000,469,280 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/13 11:24:22 | 000,553,776 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
MOD - [2013/12/11 12:22:44 | 000,378,368 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2013/10/10 12:06:01 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29ab1d8aa9cef7960c27d0e9c78d685a\System.Configuration.ni.dll
MOD - [2013/10/10 11:17:43 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\af71e097fedd23dd447153e44826366a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 11:17:30 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1e743e5431681bf5d856d2b25cf1f083\System.Core.ni.dll
MOD - [2013/10/10 11:17:26 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c265fd5e60d5847789f6fe408c5cec\PresentationFramework.ni.dll
MOD - [2013/10/10 11:17:13 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9803a73cdf2d218d14069716ed6feda9\PresentationCore.ni.dll
MOD - [2013/10/10 11:17:01 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\89a4ec2a9793e121738ae9111a911bda\WindowsBase.ni.dll
MOD - [2013/08/17 12:26:52 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\13ca5a02ada78d39db7c6196120e4301\System.Xml.ni.dll
MOD - [2013/08/17 12:26:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dc5209760859839df25e6fc0e9424a0c\System.Drawing.ni.dll
MOD - [2013/08/17 12:26:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6581049bfc1c440a67084fd3762a5609\PresentationFramework.Aero.ni.dll
MOD - [2013/08/17 12:25:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ab9f3f5c6b8a70ead224186f29eca132\System.ni.dll
MOD - [2013/08/17 12:25:42 | 011,498,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\33b224b9839adb5343e0e4b37c802410\mscorlib.ni.dll
MOD - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
MOD - [2009/10/31 21:42:43 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\SSOle.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/05 20:12:51 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/31 03:16:18 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014/01/08 05:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/12 00:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/10/22 12:12:37 | 000,322,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2013/10/22 12:09:26 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/05/22 18:49:34 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 21:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 16:16:42 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/07/13 16:13:51 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:64bit: - [2009/01/19 14:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)
DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/01/21 10:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - [2013/11/19 16:10:42 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013/11/19 16:10:40 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013/03/23 15:49:42 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys -- (FileMonitor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyCyBtDtDtDyB0C0DtByCtN0D0Tzu0CyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=657671035&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - Extension: Google Docs = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Turn Off the Lights = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.5_0\
CHR - Extension: YouTube = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\
CHR - Extension: AdBlock = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: Skype Click to Call = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Fullscreen Anything = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh\2_0\
CHR - Extension: Gmail = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006/09/19 05:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [3180 Scan2PC] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()
O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/17 13:07:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/06 16:29:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exe
[2014/02/05 22:09:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/05 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\vlc
[2014/02/05 19:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/02/05 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/02/05 19:05:48 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Malwarebytes
[2014/02/05 19:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/05 19:05:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/05 19:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/05 18:38:22 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\uTorrent
[2014/01/31 01:35:00 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Media Player Classic
[2014/01/31 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Macromedia
[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Mozilla
[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Mozilla
[2014/01/31 01:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/01/27 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/27 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/27 20:05:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\RJC CHEM
[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Bio
[2014/01/25 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\KI NOTES
[2014/01/25 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Physics
[2014/01/24 23:22:21 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/01/24 09:50:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Adobe
[2014/01/21 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\My Games
[2014/01/21 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Awesomium
[2014/01/21 19:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2014/01/21 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2014/01/21 19:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2014/01/16 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Audacity
[2014/01/16 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/01/15 14:35:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\LOLReplay
[2014/01/15 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay
[2014/01/13 14:07:58 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple
[2014/01/13 14:05:25 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple Computer
[2014/01/08 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Skype
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/06 16:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exe
[2014/02/06 16:25:38 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/06 16:25:38 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/02/06 16:22:08 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/06 16:22:08 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/06 16:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/05 23:12:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/05 21:57:54 | 000,000,977 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/05 20:07:16 | 000,000,545 | ---- | M] () -- C:\prefs.js
[2014/02/05 19:07:05 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/02/05 19:05:36 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/31 19:41:56 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2014/01/30 23:01:04 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/01/27 21:57:21 | 000,000,972 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/01/27 20:09:07 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/21 19:34:13 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2014/01/21 19:34:13 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk
[2014/01/16 00:40:25 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/01/15 14:35:00 | 000,001,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2014/01/15 14:35:00 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2014/01/11 17:39:49 | 000,002,053 | ---- | M] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk
[2014/01/08 22:30:38 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/05 21:57:54 | 000,000,977 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/05 20:01:53 | 000,000,545 | ---- | C] () -- C:\prefs.js
[2014/02/05 19:07:05 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/02/05 19:05:36 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/31 19:41:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2014/01/27 21:57:21 | 000,000,972 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/01/27 20:09:07 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/21 19:34:13 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2014/01/21 19:34:13 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk
[2014/01/16 00:40:25 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/01/16 00:40:25 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/01/15 14:35:00 | 000,001,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2014/01/15 14:35:00 | 000,001,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2014/01/15 14:35:00 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2014/01/08 13:09:04 | 000,002,053 | ---- | C] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk
[2014/01/07 14:52:52 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2014/01/07 11:15:10 | 000,000,632 | RHS- | C] () -- C:\Users\Tristen\ntuser.pol
[2013/12/23 11:49:10 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini
[2013/10/30 11:45:51 | 000,741,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/07 15:35:48 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/15 16:47:33 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2013/08/15 16:46:56 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2013/08/15 16:46:53 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2013/08/15 16:32:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2013/08/15 16:31:51 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2013/08/15 16:12:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/08/15 15:21:45 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/08/15 15:21:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013/08/15 15:21:44 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/08/15 15:21:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/08/15 15:21:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== ZeroAccess Check ==========
 
[2006/11/02 23:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/12 00:22:50 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/12 00:23:09 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 10:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/06 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\IObit
[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\TuneUp Software
[2013/12/14 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVG2013
[2014/01/01 21:27:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\GarenaPlus
[2013/11/23 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\IObit
[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\IObit
[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software
[2014/02/04 00:44:42 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Audacity
[2014/01/21 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Awesomium
[2014/01/07 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Garena
[2014/02/05 22:37:04 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\GarenaPlus
[2014/01/07 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\IObit
[2014/01/07 11:29:35 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\LolClient
[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\TuneUp Software
[2014/02/05 18:54:55 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\uTorrent
[2013/09/03 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG
[2013/12/14 14:48:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013
[2013/12/01 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2014
[2014/01/30 10:07:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2013/12/22 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena
[2014/01/07 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus
[2013/11/10 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
[2013/12/05 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2013/08/17 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2013/12/23 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >
Link to post
Share on other sites

 

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Hi Borislav,

 

Can't seem to find Extras.txt, only OTL.Txt opens up.

 

(To clarify, I did download uTorrent but I have promptly deleted it after discovering it to be the cause of Spigot. I don't know why it shows up in the report but yup!)

 

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.25.2

Run by Tristen at 19:27:16 on 2014-02-07

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.65.1033.18.6134.3259 [GMT 8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.165.3360.0.exe

C:\Windows\system32\MpSigStub.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

C:\Program Files (x86)\Garena Plus\ggdllhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe

C:\Windows\Samsung\PanelMgr\caller64.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.



mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087} : NameServer = 8.8.8.8

TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome


x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll

x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-22 17720]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-10 881440]

R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-1-21 9216]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-10-22 341824]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-5 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-5 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]

R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2013-8-15 229888]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2009-7-13 11576]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-14 5087584]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2013-10-22 322760]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [2013-10-22 23048]

R3 gwfilt64;gwfilt64;C:\Windows\System32\drivers\gwfilt64.sys [2013-10-22 34840]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-5 25928]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-1-19 609280]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys [2013-10-22 34848]

R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys [2013-10-22 23016]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-10 2151200]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-12 89920]

.

=============== File Associations ===============

.

FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M  ====================

.

2014-02-07 11:10:03 6522 ----a-w- C:\Windows\System32\PerfStringBackup.TMP

2014-02-05 12:12:51 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-05 12:12:51 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-01-15 18:14:26 86054176 ----a-w- C:\Windows\System32\mrt.exe

2014-01-07 06:55:33 65536 ----a-w- C:\Windows\IFinst27.exe

2013-12-17 05:07:36 0 ----a-w- C:\autoexec.bat

2013-12-16 10:36:19 49940480 ----a-w- C:\Program Files (x86)\GUT1931.tmp

2013-12-16 05:25:32 49940480 ----a-w- C:\Program Files (x86)\GUTD7AA.tmp

2013-11-10 10:23:15 18290536 ----a-w- C:\Windows\System32\nvwgf2umx.dll

2013-11-10 10:23:09 15858664 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2013-11-10 10:23:03 9472600 ----a-w- C:\Windows\SysWow64\nvopencl.dll

2013-11-10 10:23:00 11362672 ----a-w- C:\Windows\System32\nvopencl.dll

2013-11-10 10:21:58 17560352 ----a-w- C:\Windows\SysWow64\nvcompiler.dll

2013-11-10 10:21:55 25256224 ----a-w- C:\Windows\System32\nvcompiler.dll

2013-11-10 10:21:46 3067560 ----a-w- C:\Windows\System32\nvapi64.dll

2013-11-10 10:21:45 2694664 ----a-w- C:\Windows\SysWow64\nvapi.dll

2013-11-10 10:19:50 2809048 ----a-w- C:\Windows\System32\RtPgEx64.dll

2013-11-10 10:19:50 1662024 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2013-11-10 10:19:45 3641688 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2013-11-10 10:19:36 2586840 ----a-w- C:\Windows\System32\RtkAPO64.dll

2013-11-10 10:19:34 1005784 ----a-w- C:\Windows\System32\RtkApi64.dll

2013-11-10 10:19:32 617176 ----a-w- C:\Windows\System32\RtDataProc64.dll

2013-11-10 10:19:14 149208 ----a-w- C:\Windows\System32\RCoInstII64.dll

2013-11-10 10:19:04 397080 ----a-w- C:\Windows\System32\MBWrp64.dll

2013-11-10 10:18:20 2743328 ----a-w- C:\Windows\System32\FMAPO64.dll

2013-11-10 10:18:08 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll

.

============= FINISH: 19:28:24.57 ===============
Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 15/8/2013 3:06:20 PM

System Uptime: 7/2/2014 7:03:27 PM (0 hours ago)

.

Motherboard: Acer |  | FX58M

Processor: Intel® Core i7 CPU         920  @ 2.67GHz | CPU 1 | 2667/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 488 GiB total, 319.206 GiB free.

D: is FIXED (NTFS) - 443 GiB total, 408.294 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&6730480&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&6730480&0

Service: i8042prt

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&6730480&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&6730480&0

Service: i8042prt

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader X (10.1.9)

Advanced SystemCare 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 2.0.5

AVG 2013

BlackVue HD

BlackVueHD

Bonjour

CCleaner

Dota 2

Driver Booster

Garena - League of Legends

Google Chrome

Google Update Helper

Hi-Rez Studios Authenticate and Update Service

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Network Connections

IObit Malware Fighter

IObit Uninstaller

iTunes

Java 7 Update 25

Java Auto Updater

K-Lite Mega Codec Pack 7.1.0

LOLReplay

Maintenance Samsung CLX-3180 Series

Malwarebytes Anti-Malware version 1.75.0.1300

MapleStorySEA 1.35

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Control Panel 331.58

NVIDIA Install Application

Readiris Pro 10

Realtek High Definition Audio Driver

Samsung Network PC Fax

Samsung Scan Assistant

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 

Skype Click to Call

Skype™ 6.11

Smart Defrag 2

SmarThru 4

Smite

Steam

Surfing Protection

TeamViewer 8

TuneUp Utilities 2014

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Visual Studio 2010 x64 Redistributables

VLC media player 2.1.3

WinRAR archiver

.

==== End Of File ===========================
Link to post
Share on other sites

Step 1

I recommend you to uninstall the following programs:

IObit Malware Fighter

IObit Uninstaller

More information here:

https://forums.malwarebytes.org/index.php?showtopic=29681

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyCyBtDtDtDyB0C0DtByCtN0D0Tzu0CyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=657671035&ir=

    IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie

    IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    CHR - default_search_provider: Yahoo (Enabled)

    CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p=

    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},

    CHR - homepage: http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ch

    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

    [2014/02/05 18:38:22 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\uTorrent

    [2014/02/05 18:54:55 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\uTorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to change the HomePage.

C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\img folder moved successfully.

C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.

C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.

C:\Users\Tristen\AppData\Roaming\uTorrent folder moved successfully.

Folder C:\Users\Tristen\AppData\Roaming\uTorrent\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Tristen\Desktop\cmd.bat deleted successfully.

C:\Users\Tristen\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Green

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

 

User: Kids

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

 

User: Public

 

User: TEMP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Tristen

->Temp folder emptied: 5304524 bytes

->Temporary Internet Files folder emptied: 44227060 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 6652897 bytes

->Flash cache emptied: 586 bytes

 

User: user

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: wangzhisong

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 6522 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 63248 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 54.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 02082014_134635

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\SysNative\PerfStringBackup.TMP scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

 

Hi Borislav,

 

FYI The yahoo search browser still exists, and I have no idea who Wangzhisong is! :)

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3

Generate a new fresh OTL log files.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • OTL log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows Vista Home Premium x64

Ran by Tristen on Mon 10/02/2014 at  0:18:04.83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 10/02/2014 at  0:24:29.00

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

# AdwCleaner v3.018 - Report created 10/02/2014 at 00:51:05

# Updated 28/01/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

# Username : Tristen - USER-PC

# Running from : C:\Users\Tristen\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16526

 

 

-\\ Mozilla Firefox v

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1943 octets] - [10/11/2013 18:28:11]

AdwCleaner[R10].txt - [2890 octets] - [05/02/2014 21:47:45]

AdwCleaner[R11].txt - [2241 octets] - [10/02/2014 00:50:11]

AdwCleaner[R1].txt - [2499 octets] - [11/11/2013 12:13:42]

AdwCleaner[R2].txt - [1096 octets] - [11/11/2013 12:34:13]

AdwCleaner[R3].txt - [1271 octets] - [18/11/2013 16:08:24]

AdwCleaner[R4].txt - [2905 octets] - [04/12/2013 13:34:33]

AdwCleaner[R5].txt - [6137 octets] - [04/12/2013 14:45:04]

AdwCleaner[R6].txt - [1631 octets] - [17/12/2013 13:18:53]

AdwCleaner[R7].txt - [4153 octets] - [17/12/2013 17:00:55]

AdwCleaner[R8].txt - [1811 octets] - [19/12/2013 14:40:46]

AdwCleaner[R9].txt - [7604 octets] - [23/12/2013 14:43:34]

AdwCleaner[s0].txt - [1964 octets] - [10/11/2013 18:29:13]

AdwCleaner[s10].txt - [1622 octets] - [10/02/2014 00:51:05]

AdwCleaner[s1].txt - [1757 octets] - [11/11/2013 12:15:10]

AdwCleaner[s2].txt - [1158 octets] - [11/11/2013 12:35:10]

AdwCleaner[s3].txt - [1339 octets] - [18/11/2013 16:09:59]

AdwCleaner[s4].txt - [5396 octets] - [04/12/2013 13:35:25]

AdwCleaner[s5].txt - [3155 octets] - [04/12/2013 14:45:55]

AdwCleaner[s6].txt - [3518 octets] - [17/12/2013 17:02:21]

AdwCleaner[s7].txt - [1878 octets] - [19/12/2013 14:41:51]

AdwCleaner[s8].txt - [6111 octets] - [23/12/2013 14:44:47]

AdwCleaner[s9].txt - [2972 octets] - [05/02/2014 21:50:29]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s10].txt - [2223 octets] ##########
Link to post
Share on other sites

OTL logfile created on: 10/2/2014 12:57:31 AM - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tristen\Desktop\Clean

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

 

5.99 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 59.90% Memory free

12.09 Gb Paging File | 9.65 Gb Available in Paging File | 79.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 488.28 Gb Total Space | 317.06 Gb Free Space | 64.93% Space Free | Partition Type: NTFS

Drive D: | 443.23 Gb Total Space | 408.38 Gb Free Space | 92.14% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: Tristen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\Clean\OTL.exe

PRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe

PRC - [2013/12/11 12:23:04 | 000,526,848 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

PRC - [2013/11/04 11:01:40 | 001,025,856 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

PRC - [2013/10/25 12:07:12 | 000,469,280 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exe

PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

PRC - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/02/02 07:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll

MOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll

MOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2013/12/13 11:24:22 | 000,553,776 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll

MOD - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe

MOD - [2013/12/11 12:22:44 | 000,378,368 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll

MOD - [2013/10/10 12:06:01 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29ab1d8aa9cef7960c27d0e9c78d685a\System.Configuration.ni.dll

MOD - [2013/10/10 11:17:43 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\af71e097fedd23dd447153e44826366a\System.Windows.Forms.ni.dll

MOD - [2013/10/10 11:17:30 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1e743e5431681bf5d856d2b25cf1f083\System.Core.ni.dll

MOD - [2013/10/10 11:17:26 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c265fd5e60d5847789f6fe408c5cec\PresentationFramework.ni.dll

MOD - [2013/10/10 11:17:13 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9803a73cdf2d218d14069716ed6feda9\PresentationCore.ni.dll

MOD - [2013/10/10 11:17:01 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\89a4ec2a9793e121738ae9111a911bda\WindowsBase.ni.dll

MOD - [2013/08/17 12:26:52 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\13ca5a02ada78d39db7c6196120e4301\System.Xml.ni.dll

MOD - [2013/08/17 12:26:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dc5209760859839df25e6fc0e9424a0c\System.Drawing.ni.dll

MOD - [2013/08/17 12:26:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6581049bfc1c440a67084fd3762a5609\PresentationFramework.Aero.ni.dll

MOD - [2013/08/17 12:25:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ab9f3f5c6b8a70ead224186f29eca132\System.ni.dll

MOD - [2013/08/17 12:25:42 | 011,498,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\33b224b9839adb5343e0e4b37c802410\mscorlib.ni.dll

MOD - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

MOD - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe

MOD - [2009/10/31 21:42:43 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\SSOle.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)

SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2014/02/05 20:12:51 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/01/31 03:16:18 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2014/01/08 05:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)

SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)

SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/04/12 00:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/10/22 12:12:37 | 000,322,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)

DRV:64bit: - [2013/10/22 12:09:26 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/05/22 18:49:34 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/02/29 21:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 16:16:42 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)

DRV:64bit: - [2009/07/13 16:13:51 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)

DRV:64bit: - [2009/01/19 14:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)

DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)

DRV:64bit: - [2008/01/21 10:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie

IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Yahoo (Enabled)

CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},


CHR - Extension: Google Docs = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Turn Off the Lights = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.6_0\

CHR - Extension: YouTube = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: HTTPS Everywhere = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\

CHR - Extension: AdBlock = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\

CHR - Extension: Skype Click to Call = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\

CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\

CHR - Extension: Google Wallet = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

CHR - Extension: Fullscreen Anything = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh\2_0\

CHR - Extension: Gmail = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2006/09/19 05:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [3180 Scan2PC] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()

O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013/12/17 13:07:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/02/10 00:49:40 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Desktop\Clean

[2014/02/10 00:18:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/02/05 22:09:38 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/02/05 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\vlc

[2014/02/05 19:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2014/02/05 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2014/02/05 19:05:48 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Malwarebytes

[2014/02/05 19:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2014/02/05 19:05:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/02/05 19:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2014/01/31 01:35:00 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Media Player Classic

[2014/01/31 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Macromedia

[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Mozilla

[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Mozilla

[2014/01/31 01:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2014/01/27 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2014/01/27 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2014/01/27 20:05:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\RJC CHEM

[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Bio

[2014/01/25 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\KI NOTES

[2014/01/25 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Physics

[2014/01/24 23:22:21 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2014/01/24 09:50:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Adobe

[2014/01/21 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\My Games

[2014/01/21 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Awesomium

[2014/01/21 19:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios

[2014/01/21 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios

[2014/01/21 19:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios

[2014/01/16 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Audacity

[2014/01/16 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2014/01/15 14:35:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\LOLReplay

[2014/01/15 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay

[2014/01/13 14:07:58 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple

[2014/01/13 14:05:25 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple Computer

[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/02/10 00:53:55 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/02/10 00:53:48 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job

[2014/02/10 00:52:29 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2014/02/10 00:52:29 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2014/02/10 00:52:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/02/10 00:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/02/10 00:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/02/05 21:57:54 | 000,000,977 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2014/02/05 20:12:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014/02/05 20:12:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014/02/05 20:07:16 | 000,000,545 | ---- | M] () -- C:\prefs.js

[2014/02/05 19:07:05 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2014/02/05 19:05:36 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/31 19:41:56 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2014/01/30 23:01:04 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk

[2014/01/27 21:57:21 | 000,000,972 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2014/01/27 20:09:07 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/01/21 19:34:13 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk

[2014/01/21 19:34:13 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk

[2014/01/16 00:40:25 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk

[2014/01/15 14:35:00 | 000,001,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk

[2014/01/15 14:35:00 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2014/01/11 17:39:49 | 000,002,053 | ---- | M] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk

[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/02/05 21:57:54 | 000,000,977 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2014/02/05 20:01:53 | 000,000,545 | ---- | C] () -- C:\prefs.js

[2014/02/05 19:07:05 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2014/02/05 19:05:36 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/31 19:41:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2014/01/27 21:57:21 | 000,000,972 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2014/01/27 20:09:07 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/01/21 19:34:13 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk

[2014/01/21 19:34:13 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk

[2014/01/16 00:40:25 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

[2014/01/16 00:40:25 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk

[2014/01/15 14:35:00 | 000,001,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk

[2014/01/15 14:35:00 | 000,001,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk

[2014/01/15 14:35:00 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2014/01/07 14:52:52 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe

[2014/01/07 11:15:10 | 000,000,632 | RHS- | C] () -- C:\Users\Tristen\ntuser.pol

[2013/12/23 11:49:10 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini

[2013/10/30 11:45:51 | 000,741,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/10/07 15:35:48 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2013/08/15 16:47:33 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe

[2013/08/15 16:46:56 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini

[2013/08/15 16:46:53 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll

[2013/08/15 16:32:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe

[2013/08/15 16:31:51 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe

[2013/08/15 16:12:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/08/15 15:21:45 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2013/08/15 15:21:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2013/08/15 15:21:44 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2013/08/15 15:21:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2013/08/15 15:21:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

 

========== ZeroAccess Check ==========

 

[2006/11/02 23:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/12 00:22:50 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/12 00:23:09 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 10:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit

[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2013/12/06 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\IObit

[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\TuneUp Software

[2013/12/14 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVG2013

[2014/01/01 21:27:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\GarenaPlus

[2013/11/23 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\IObit

[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\IObit

[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software

[2014/02/04 00:44:42 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Audacity

[2014/01/21 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Awesomium

[2014/01/07 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Garena

[2014/02/09 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\GarenaPlus

[2014/01/07 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\IObit

[2014/01/07 11:29:35 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\LolClient

[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\TuneUp Software

[2013/09/03 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG

[2013/12/14 14:48:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013

[2013/12/01 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2014

[2014/02/09 15:00:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox

[2013/12/22 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena

[2014/01/07 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus

[2013/11/10 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit

[2013/12/05 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient

[2013/08/17 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung

[2013/12/23 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software

 

========== Purity Check ==========

 

 

 

< End of report >
Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie

    IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    CHR - default_search_provider: Yahoo (Enabled)

    CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}

    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},

    CHR - homepage: http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ch

    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\

    O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found

    O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to change the HomePage.

File C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1 not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.

C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Tristen\Desktop\Clean\cmd.bat deleted successfully.

C:\Users\Tristen\Desktop\Clean\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Green

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

 

User: Kids

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

 

User: Public

 

User: TEMP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Tristen

->Temp folder emptied: 3550222 bytes

->Temporary Internet Files folder emptied: 70629622 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 11984889 bytes

->Flash cache emptied: 820 bytes

 

User: user

->Temp folder emptied: 6247095 bytes

->Temporary Internet Files folder emptied: 1008052 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 49661450 bytes

->Flash cache emptied: 291 bytes

 

User: wangzhisong

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 6522 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 79832 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 137.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 02102014_210156

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\SysNative\PerfStringBackup.TMP scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix 14-02-12.01 - Tristen 13/02/2014  19:25:55.1.8 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.65.1033.18.6134.4107 [GMT 8:00]

Running from: c:\users\Tristen\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2014-01-13 to 2014-02-13  )))))))))))))))))))))))))))))))

.

.

2014-02-13 11:31 . 2014-02-13 11:31 -------- d-----w- c:\users\user\AppData\Local\temp

2014-02-13 11:31 . 2014-02-13 11:31 -------- d-----w- c:\users\Tristen\AppData\Local\temp

2014-02-13 11:17 . 2014-02-13 11:17 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E88B0D17-9048-497E-92AD-A840340AE4A8}\offreg.dll

2014-02-13 08:28 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E88B0D17-9048-497E-92AD-A840340AE4A8}\mpengine.dll

2014-02-13 08:24 . 2014-02-13 09:00 1024 ---h--w- C:\AMTAG.BIN

2014-02-12 16:59 . 2014-02-05 09:51 599040 ----a-w- c:\windows\system32\vbscript.dll

2014-02-12 16:59 . 2014-02-05 09:51 816640 ----a-w- c:\windows\system32\jscript.dll

2014-02-12 16:59 . 2014-02-05 08:56 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll

2014-02-12 16:59 . 2014-02-05 08:50 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2014-02-12 16:59 . 2014-02-05 08:49 104448 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll

2014-02-12 16:59 . 2014-02-05 09:53 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2014-02-12 16:59 . 2014-02-05 09:53 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2014-02-12 16:59 . 2014-02-05 08:50 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2014-02-12 16:59 . 2014-02-05 10:19 17849344 ----a-w- c:\windows\system32\mshtml.dll

2014-02-12 16:59 . 2014-02-05 10:02 10926080 ----a-w- c:\windows\system32\ieframe.dll

2014-02-12 10:22 . 2013-12-05 04:48 1869824 ----a-w- c:\windows\system32\msxml3.dll

2014-02-12 10:22 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll

2014-02-11 14:27 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-02-09 16:18 . 2014-02-09 16:18 -------- d-----w- c:\windows\ERUNT

2014-02-05 14:09 . 2014-02-05 14:09 -------- d-----w- C:\_OTL

2014-02-05 13:40 . 2014-02-09 06:22 6522 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2014-02-05 12:01 . 2014-02-05 12:07 545 ----a-w- C:\prefs.js

2014-02-05 11:09 . 2014-02-05 12:10 -------- d-----w- c:\users\Tristen\AppData\Roaming\vlc

2014-02-05 11:06 . 2014-02-05 11:06 -------- d-----w- c:\program files (x86)\VideoLAN

2014-02-05 11:05 . 2014-02-05 11:05 -------- d-----w- c:\users\Tristen\AppData\Roaming\Malwarebytes

2014-02-05 11:05 . 2014-02-05 11:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-05 11:05 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-01-30 17:35 . 2014-02-05 10:54 -------- d-----w- c:\users\Tristen\AppData\Roaming\Media Player Classic

2014-01-30 17:09 . 2014-01-30 17:09 -------- d-----w- c:\users\Tristen\AppData\Local\Macromedia

2014-01-30 17:08 . 2014-01-30 17:08 -------- d-----w- c:\users\Tristen\AppData\Local\Mozilla

2014-01-27 12:08 . 2014-01-27 12:08 -------- d-----w- c:\program files\iPod

2014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\program files\iTunes

2014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\program files (x86)\iTunes

2014-01-24 01:50 . 2014-01-24 01:50 -------- d-----w- c:\users\Tristen\AppData\Local\Adobe

2014-01-24 01:44 . 2013-10-19 08:17 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B50950FA-02ED-4CC3-959F-42427632FC0C}\gapaengine.dll

2014-01-21 11:34 . 2014-01-21 11:34 -------- d-----w- c:\users\Tristen\AppData\Roaming\Awesomium

2014-01-21 11:34 . 2014-01-21 11:34 -------- d-----w- c:\programdata\Hi-Rez Studios

2014-01-21 11:33 . 2014-01-21 11:34 -------- d-----w- c:\program files (x86)\Hi-Rez Studios

2014-01-15 16:40 . 2014-02-03 16:44 -------- d-----w- c:\users\Tristen\AppData\Roaming\Audacity

2014-01-15 16:40 . 2014-01-15 16:40 -------- d-----w- c:\program files (x86)\Audacity

2014-01-15 06:34 . 2014-01-15 06:34 -------- d-----w- c:\program files (x86)\LOLReplay

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-05 12:12 . 2013-11-10 07:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-02-05 12:12 . 2013-08-15 07:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-19 07:33 . 2013-08-15 08:10 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-01-15 18:14 . 2006-11-02 12:35 86054176 ----a-w- c:\windows\system32\mrt.exe

2014-01-07 06:55 . 2014-01-07 06:52 65536 ----a-w- c:\windows\IFinst27.exe

2013-12-16 10:36 . 2013-12-16 10:36 49940480 ----a-w- c:\program files (x86)\GUT1931.tmp

2013-12-16 05:25 . 2013-12-16 05:25 49940480 ----a-w- c:\program files (x86)\GUTD7AA.tmp

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

.

S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-04 15:33 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-10 12:12]

.

2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11 05:13]

.

2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11 05:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-11-10 13653208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm



mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-LoL - c:\program files (x86)\GarenaLoL\uninst.exe

AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe

AddRemove-Steam App 570 - c:\program files (x86)\Steam\steam.exe

AddRemove-{EF36D026-6634-4BED-A82F-D1EDCD4BE68C}_is1 - c:\program files (x86)\Wizet\MapleStorySEA\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,c0,31,77,38,7e,d6,4b,ad,9b,13,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,c0,31,77,38,7e,d6,4b,ad,9b,13,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2014-02-13  19:33:46

ComboFix-quarantined-files.txt  2014-02-13 11:33

.

Pre-Run: 366,172,495,872 bytes free

Post-Run: 366,034,075,648 bytes free

.

- - End Of File - - 68A3FDDC06526E5B62F8D1795DD87207

5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Users\All Users\InstallMate\{2DA05166-31C6-4048-A2A3-79E4F6437390}\Custom.dll Win32/InstalleRex.M potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.27.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir a variant of MSIL/Toolbar.Linkury.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SnapDo.exe.vir a variant of Win32/Toolbar.Linkury.A potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\srbs.dll.vir a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\ExtInstaller\2.exe.vir a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantined

C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\OpenCandy\F957C95FC66B4E2AB1682D7A7AE7F03B\pcspeedup.exe.vir a variant of Win32/Speedchecker.A potentially unwanted application deleted - quarantined

C:\ProgramData\InstallMate\{2DA05166-31C6-4048-A2A3-79E4F6437390}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined

C:\Users\Green\Downloads\u.zip Win32/UltraReach potentially unsafe application deleted - quarantined

C:\Users\user\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\user\Downloads\asc7-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined

C:\Users\user\Downloads\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined

C:\Users\user\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\user\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Users\user\Downloads\u (1).zip Win32/UltraReach potentially unsafe application deleted - quarantined

C:\Users\user\Downloads\u.zip Win32/UltraReach.AF potentially unsafe application deleted - quarantined

C:\Users\user\Downloads\u1303.zip Win32/UltraReach potentially unsafe application deleted - quarantined

C:\Users\user\Downloads\u\u1301.exe Win32/UltraReach.AF potentially unsafe application deleted - quarantined

C:\Users\user\Downloads\u1303\u1303.exe Win32/UltraReach potentially unsafe application deleted - quarantined

C:\Windows\Installer\MSIB98A.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantined

D:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 12.zip Win32/UltraReach potentially unsafe application deleted - quarantined

D:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 3.zip Win32/UltraReach potentially unsafe application deleted - quarantined

D:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 9.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
Link to post
Share on other sites

Step 1

Please locate and manually delete the following folders:

C:\Users\All Users\InstallMate

C:\ProgramData\InstallMate

Step 2

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.