fireice99 Posted February 5, 2014 ID:787054 Share Posted February 5, 2014 Hi, Somehow managed to install this vile program and now I cannot delete it. MalwareBytes scans, CC Cleans, IObit Scans all seem to be unable to detect this spigot program. I am sure i have deleted it from Control panel => Uninstall but I have no idea why http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie and http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p=(search item) keep appearing. Any help is gratefully appreciated. Link to post Share on other sites More sharing options...
Maniac Posted February 5, 2014 ID:787181 Share Posted February 5, 2014 Hello fireice99 and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
fireice99 Posted February 6, 2014 Author ID:787465 Share Posted February 6, 2014 Hello Borislav and thanks for your speedy aid! OTL.txt is per below: OTL logfile created on: 6/2/2014 4:30:52 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tristen\Desktop64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy 5.99 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 59.88% Memory free12.09 Gb Paging File | 9.55 Gb Available in Paging File | 78.97% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 488.28 Gb Total Space | 323.35 Gb Free Space | 66.22% Space Free | Partition Type: NTFSDrive D: | 443.23 Gb Total Space | 408.29 Gb Free Space | 92.12% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: Tristen | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exePRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/12/13 17:44:36 | 001,573,184 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exePRC - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exePRC - [2013/12/11 12:23:04 | 000,526,848 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exePRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exePRC - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exePRC - [2013/11/04 11:01:40 | 001,025,856 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exePRC - [2013/10/25 12:07:12 | 000,469,280 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exePRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exePRC - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exePRC - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ========== Modules (No Company Name) ========== MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dllMOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dllMOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dllMOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2013/12/13 11:24:22 | 000,553,776 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dllMOD - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exeMOD - [2013/12/11 12:22:44 | 000,378,368 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dllMOD - [2013/10/10 12:06:01 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29ab1d8aa9cef7960c27d0e9c78d685a\System.Configuration.ni.dllMOD - [2013/10/10 11:17:43 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\af71e097fedd23dd447153e44826366a\System.Windows.Forms.ni.dllMOD - [2013/10/10 11:17:30 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1e743e5431681bf5d856d2b25cf1f083\System.Core.ni.dllMOD - [2013/10/10 11:17:26 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c265fd5e60d5847789f6fe408c5cec\PresentationFramework.ni.dllMOD - [2013/10/10 11:17:13 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9803a73cdf2d218d14069716ed6feda9\PresentationCore.ni.dllMOD - [2013/10/10 11:17:01 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\89a4ec2a9793e121738ae9111a911bda\WindowsBase.ni.dllMOD - [2013/08/17 12:26:52 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\13ca5a02ada78d39db7c6196120e4301\System.Xml.ni.dllMOD - [2013/08/17 12:26:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dc5209760859839df25e6fc0e9424a0c\System.Drawing.ni.dllMOD - [2013/08/17 12:26:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6581049bfc1c440a67084fd3762a5609\PresentationFramework.Aero.ni.dllMOD - [2013/08/17 12:25:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ab9f3f5c6b8a70ead224186f29eca132\System.ni.dllMOD - [2013/08/17 12:25:42 | 011,498,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\33b224b9839adb5343e0e4b37c802410\mscorlib.ni.dllMOD - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exeMOD - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exeMOD - [2009/10/31 21:42:43 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\SSOle.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2014/02/05 20:12:51 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2014/01/31 03:16:18 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)SRV - [2014/01/08 05:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/04/12 00:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/10/22 12:12:37 | 000,322,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)DRV:64bit: - [2013/10/22 12:09:26 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2013/05/22 18:49:34 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/02/29 21:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2009/07/13 16:16:42 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)DRV:64bit: - [2009/07/13 16:13:51 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)DRV:64bit: - [2009/01/19 14:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)DRV:64bit: - [2008/01/21 10:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)DRV - [2013/11/19 16:10:42 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys -- (UrlFilter)DRV - [2013/11/19 16:10:40 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys -- (RegFilter)DRV - [2013/03/23 15:49:42 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys -- (FileMonitor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyCyBtDtDtDyB0C0DtByCtN0D0Tzu0CyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=657671035&ir=IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ieIE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Yahoo (Enabled)CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},CHR - homepage: http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-chCHR - Extension: Google Docs = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: Turn Off the Lights = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.5_0\CHR - Extension: YouTube = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: HTTPS Everywhere = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\CHR - Extension: AdBlock = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\CHR - Extension: Skype Click to Call = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\CHR - Extension: Google Wallet = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\CHR - Extension: Fullscreen Anything = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh\2_0\CHR - Extension: Gmail = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006/09/19 05:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKLM..\Run: [3180 Scan2PC] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not foundO4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpgO24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpgO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013/12/17 13:07:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/02/06 16:29:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exe[2014/02/05 22:09:38 | 000,000,000 | ---D | C] -- C:\_OTL[2014/02/05 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\vlc[2014/02/05 19:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2014/02/05 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN[2014/02/05 19:05:48 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Malwarebytes[2014/02/05 19:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2014/02/05 19:05:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2014/02/05 19:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2014/02/05 18:38:22 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\uTorrent[2014/01/31 01:35:00 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Media Player Classic[2014/01/31 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Macromedia[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Mozilla[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Mozilla[2014/01/31 01:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla[2014/01/27 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2014/01/27 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2014/01/27 20:05:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\RJC CHEM[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Bio[2014/01/25 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\KI NOTES[2014/01/25 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Physics[2014/01/24 23:22:21 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR[2014/01/24 09:50:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Adobe[2014/01/21 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\My Games[2014/01/21 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Awesomium[2014/01/21 19:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios[2014/01/21 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios[2014/01/21 19:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios[2014/01/16 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Audacity[2014/01/16 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity[2014/01/15 14:35:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\LOLReplay[2014/01/15 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay[2014/01/13 14:07:58 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple[2014/01/13 14:05:25 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple Computer[2014/01/08 22:30:41 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Skype[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/02/06 16:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\OTL.exe[2014/02/06 16:25:38 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2014/02/06 16:25:38 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job[2014/02/06 16:22:08 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2014/02/06 16:22:08 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2014/02/06 16:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2014/02/05 23:12:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2014/02/05 21:57:54 | 000,000,977 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2014/02/05 20:07:16 | 000,000,545 | ---- | M] () -- C:\prefs.js[2014/02/05 19:07:05 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014/02/05 19:05:36 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/01/31 19:41:56 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW[2014/01/30 23:01:04 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk[2014/01/27 21:57:21 | 000,000,972 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk[2014/01/27 20:09:07 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2014/01/21 19:34:13 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk[2014/01/21 19:34:13 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk[2014/01/16 00:40:25 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/01/15 14:35:00 | 000,001,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk[2014/01/15 14:35:00 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk[2014/01/11 17:39:49 | 000,002,053 | ---- | M] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk[2014/01/08 22:30:38 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/02/05 21:57:54 | 000,000,977 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2014/02/05 20:01:53 | 000,000,545 | ---- | C] () -- C:\prefs.js[2014/02/05 19:07:05 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014/02/05 19:05:36 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/01/31 19:41:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW[2014/01/27 21:57:21 | 000,000,972 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk[2014/01/27 20:09:07 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2014/01/21 19:34:13 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk[2014/01/21 19:34:13 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk[2014/01/16 00:40:25 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk[2014/01/16 00:40:25 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/01/15 14:35:00 | 000,001,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk[2014/01/15 14:35:00 | 000,001,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk[2014/01/15 14:35:00 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk[2014/01/08 13:09:04 | 000,002,053 | ---- | C] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk[2014/01/07 14:52:52 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe[2014/01/07 11:15:10 | 000,000,632 | RHS- | C] () -- C:\Users\Tristen\ntuser.pol[2013/12/23 11:49:10 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini[2013/10/30 11:45:51 | 000,741,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/10/07 15:35:48 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll[2013/08/15 16:47:33 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe[2013/08/15 16:46:56 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini[2013/08/15 16:46:53 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll[2013/08/15 16:32:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe[2013/08/15 16:31:51 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe[2013/08/15 16:12:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2013/08/15 15:21:45 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2013/08/15 15:21:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini[2013/08/15 15:21:44 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[2013/08/15 15:21:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[2013/08/15 15:21:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll ========== ZeroAccess Check ========== [2006/11/02 23:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/12 00:22:50 | 000,891,392 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/12 00:23:09 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 10:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software[2013/12/06 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\TuneUp Software[2013/12/14 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVG2013[2014/01/01 21:27:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\GarenaPlus[2013/11/23 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\IObit[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software[2014/02/04 00:44:42 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Audacity[2014/01/21 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Awesomium[2014/01/07 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Garena[2014/02/05 22:37:04 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\GarenaPlus[2014/01/07 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\IObit[2014/01/07 11:29:35 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\LolClient[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\TuneUp Software[2014/02/05 18:54:55 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\uTorrent[2013/09/03 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG[2013/12/14 14:48:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013[2013/12/01 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2014[2014/01/30 10:07:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox[2013/12/22 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena[2014/01/07 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus[2013/11/10 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit[2013/12/05 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient[2013/08/17 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung[2013/12/23 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Link to post Share on other sites More sharing options...
fireice99 Posted February 6, 2014 Author ID:787469 Share Posted February 6, 2014 Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topicHi Borislav, Can't seem to find Extras.txt, only OTL.Txt opens up. (To clarify, I did download uTorrent but I have promptly deleted it after discovering it to be the cause of Spigot. I don't know why it shows up in the report but yup!) Link to post Share on other sites More sharing options...
Maniac Posted February 6, 2014 ID:787700 Share Posted February 6, 2014 Thanks for letting me know! In this case, please generate a DDS log fles too: https://forums.malwarebytes.org/index.php?showtopic=9573 Thanks! Link to post Share on other sites More sharing options...
fireice99 Posted February 7, 2014 Author ID:787889 Share Posted February 7, 2014 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.25.2Run by Tristen at 19:27:16 on 2014-02-07Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.6134.3259 [GMT 8:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnetwk.exec:\Program Files\Microsoft Security Client\MpCmdRun.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wuauclt.exeC:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.165.3360.0.exeC:\Windows\system32\MpSigStub.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exeC:\Program Files (x86)\Garena Plus\ggdllhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files (x86)\LOLReplay\LOLRecorder.exeC:\Windows\Samsung\PanelMgr\SSMMgr.exeC:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exeC:\Windows\Samsung\PanelMgr\caller64.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\ehome\ehmsas.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\WUDFHost.exeC:\Windows\System32\mobsync.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenteruRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exemRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorunmRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostartmRun: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.1TCP: Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087} : NameServer = 8.8.8.8TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087} : DHCPNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dllx64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-22 17720]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-10 881440]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-1-21 9216]R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-10-22 341824]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-5 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-5 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2013-8-15 229888]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2009-7-13 11576]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-14 5087584]R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2013-10-22 322760]R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [2013-10-22 23048]R3 gwfilt64;gwfilt64;C:\Windows\System32\drivers\gwfilt64.sys [2013-10-22 34840]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-5 25928]R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-1-19 609280]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys [2013-10-22 34848]R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys [2013-10-22 23016]S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-10 2151200]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-12 89920].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2014-02-07 11:10:03 6522 ----a-w- C:\Windows\System32\PerfStringBackup.TMP2014-02-05 12:12:51 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 12:12:51 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe2014-01-15 18:14:26 86054176 ----a-w- C:\Windows\System32\mrt.exe2014-01-07 06:55:33 65536 ----a-w- C:\Windows\IFinst27.exe2013-12-17 05:07:36 0 ----a-w- C:\autoexec.bat2013-12-16 10:36:19 49940480 ----a-w- C:\Program Files (x86)\GUT1931.tmp2013-12-16 05:25:32 49940480 ----a-w- C:\Program Files (x86)\GUTD7AA.tmp2013-11-10 10:23:15 18290536 ----a-w- C:\Windows\System32\nvwgf2umx.dll2013-11-10 10:23:09 15858664 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll2013-11-10 10:23:03 9472600 ----a-w- C:\Windows\SysWow64\nvopencl.dll2013-11-10 10:23:00 11362672 ----a-w- C:\Windows\System32\nvopencl.dll2013-11-10 10:21:58 17560352 ----a-w- C:\Windows\SysWow64\nvcompiler.dll2013-11-10 10:21:55 25256224 ----a-w- C:\Windows\System32\nvcompiler.dll2013-11-10 10:21:46 3067560 ----a-w- C:\Windows\System32\nvapi64.dll2013-11-10 10:21:45 2694664 ----a-w- C:\Windows\SysWow64\nvapi.dll2013-11-10 10:19:50 2809048 ----a-w- C:\Windows\System32\RtPgEx64.dll2013-11-10 10:19:50 1662024 ----a-w- C:\Windows\System32\RTSnMg64.cpl2013-11-10 10:19:45 3641688 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys2013-11-10 10:19:36 2586840 ----a-w- C:\Windows\System32\RtkAPO64.dll2013-11-10 10:19:34 1005784 ----a-w- C:\Windows\System32\RtkApi64.dll2013-11-10 10:19:32 617176 ----a-w- C:\Windows\System32\RtDataProc64.dll2013-11-10 10:19:14 149208 ----a-w- C:\Windows\System32\RCoInstII64.dll2013-11-10 10:19:04 397080 ----a-w- C:\Windows\System32\MBWrp64.dll2013-11-10 10:18:20 2743328 ----a-w- C:\Windows\System32\FMAPO64.dll2013-11-10 10:18:08 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll.============= FINISH: 19:28:24.57 =============== Link to post Share on other sites More sharing options...
fireice99 Posted February 7, 2014 Author ID:787891 Share Posted February 7, 2014 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 15/8/2013 3:06:20 PMSystem Uptime: 7/2/2014 7:03:27 PM (0 hours ago).Motherboard: Acer | | FX58MProcessor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2667/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 488 GiB total, 319.206 GiB free.D: is FIXED (NTFS) - 443 GiB total, 408.294 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}Description: Standard PS/2 KeyboardDevice ID: ACPI\PNP0303\4&6730480&0Manufacturer: (Standard keyboards)Name: Standard PS/2 KeyboardPNP Device ID: ACPI\PNP0303\4&6730480&0Service: i8042prt.Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}Description: Microsoft PS/2 MouseDevice ID: ACPI\PNP0F03\4&6730480&0Manufacturer: MicrosoftName: Microsoft PS/2 MousePNP Device ID: ACPI\PNP0F03\4&6730480&0Service: i8042prt.==== System Restore Points ===================..==== Installed Programs ======================.Adobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Reader X (10.1.9)Advanced SystemCare 7Apple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 2.0.5AVG 2013BlackVue HDBlackVueHDBonjourCCleanerDota 2Driver BoosterGarena - League of LegendsGoogle ChromeGoogle Update HelperHi-Rez Studios Authenticate and Update ServiceHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Intel® Network ConnectionsIObit Malware FighterIObit UninstalleriTunesJava 7 Update 25Java Auto UpdaterK-Lite Mega Codec Pack 7.1.0LOLReplayMaintenance Samsung CLX-3180 SeriesMalwarebytes Anti-Malware version 1.75.0.1300MapleStorySEA 1.35Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NVIDIA Control Panel 331.58NVIDIA Install ApplicationReadiris Pro 10Realtek High Definition Audio DriverSamsung Network PC FaxSamsung Scan AssistantSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Skype Click to CallSkype™ 6.11Smart Defrag 2SmarThru 4SmiteSteamSurfing ProtectionTeamViewer 8TuneUp Utilities 2014Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionVisual Studio 2010 x64 RedistributablesVLC media player 2.1.3WinRAR archiver.==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted February 7, 2014 ID:788096 Share Posted February 7, 2014 Step 1 I recommend you to uninstall the following programs: IObit Malware Fighter IObit Uninstaller More information here: https://forums.malwarebytes.org/index.php?showtopic=29681 Step 2 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyCyBtDtDtDyB0C0DtByCtN0D0Tzu0CyBtCyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=657671035&ir= IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} CHR - default_search_provider: Yahoo (Enabled) CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p= CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}, CHR - homepage: http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ch CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ [2014/02/05 18:38:22 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\uTorrent [2014/02/05 18:54:55 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\uTorrent :files ipconfig /flushdns /c :Commands [emptytemp]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply.Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles Link to post Share on other sites More sharing options...
fireice99 Posted February 8, 2014 Author ID:788201 Share Posted February 8, 2014 All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!HKEY_USERS\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to change the HomePage.C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\img folder moved successfully.C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.C:\Users\Tristen\AppData\Roaming\uTorrent folder moved successfully.Folder C:\Users\Tristen\AppData\Roaming\uTorrent\ not found.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Tristen\Desktop\cmd.bat deleted successfully.C:\Users\Tristen\Desktop\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Green->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Google Chrome cache emptied: 0 bytes User: Kids->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 0 bytes User: Public User: TEMP->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Tristen->Temp folder emptied: 5304524 bytes->Temporary Internet Files folder emptied: 44227060 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 6652897 bytes->Flash cache emptied: 586 bytes User: user->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 0 bytes->Flash cache emptied: 0 bytes User: wangzhisong %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 6522 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 63248 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 54.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02082014_134635 Files\Folders moved on Reboot...File move failed. C:\Windows\SysNative\PerfStringBackup.TMP scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Hi Borislav, FYI The yahoo search browser still exists, and I have no idea who Wangzhisong is! Link to post Share on other sites More sharing options...
Maniac Posted February 9, 2014 ID:788721 Share Posted February 9, 2014 Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.Step 3 Generate a new fresh OTL log files. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logOTL log Link to post Share on other sites More sharing options...
fireice99 Posted February 9, 2014 Author ID:788739 Share Posted February 9, 2014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Windows Vista Home Premium x64Ran by Tristen on Mon 10/02/2014 at 0:18:04.83~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 10/02/2014 at 0:24:29.00End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
fireice99 Posted February 9, 2014 Author ID:788745 Share Posted February 9, 2014 # AdwCleaner v3.018 - Report created 10/02/2014 at 00:51:05# Updated 28/01/2014 by Xplode# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)# Username : Tristen - USER-PC# Running from : C:\Users\Tristen\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Mozilla Firefox v -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1943 octets] - [10/11/2013 18:28:11]AdwCleaner[R10].txt - [2890 octets] - [05/02/2014 21:47:45]AdwCleaner[R11].txt - [2241 octets] - [10/02/2014 00:50:11]AdwCleaner[R1].txt - [2499 octets] - [11/11/2013 12:13:42]AdwCleaner[R2].txt - [1096 octets] - [11/11/2013 12:34:13]AdwCleaner[R3].txt - [1271 octets] - [18/11/2013 16:08:24]AdwCleaner[R4].txt - [2905 octets] - [04/12/2013 13:34:33]AdwCleaner[R5].txt - [6137 octets] - [04/12/2013 14:45:04]AdwCleaner[R6].txt - [1631 octets] - [17/12/2013 13:18:53]AdwCleaner[R7].txt - [4153 octets] - [17/12/2013 17:00:55]AdwCleaner[R8].txt - [1811 octets] - [19/12/2013 14:40:46]AdwCleaner[R9].txt - [7604 octets] - [23/12/2013 14:43:34]AdwCleaner[s0].txt - [1964 octets] - [10/11/2013 18:29:13]AdwCleaner[s10].txt - [1622 octets] - [10/02/2014 00:51:05]AdwCleaner[s1].txt - [1757 octets] - [11/11/2013 12:15:10]AdwCleaner[s2].txt - [1158 octets] - [11/11/2013 12:35:10]AdwCleaner[s3].txt - [1339 octets] - [18/11/2013 16:09:59]AdwCleaner[s4].txt - [5396 octets] - [04/12/2013 13:35:25]AdwCleaner[s5].txt - [3155 octets] - [04/12/2013 14:45:55]AdwCleaner[s6].txt - [3518 octets] - [17/12/2013 17:02:21]AdwCleaner[s7].txt - [1878 octets] - [19/12/2013 14:41:51]AdwCleaner[s8].txt - [6111 octets] - [23/12/2013 14:44:47]AdwCleaner[s9].txt - [2972 octets] - [05/02/2014 21:50:29] ########## EOF - C:\AdwCleaner\AdwCleaner[s10].txt - [2223 octets] ########## Link to post Share on other sites More sharing options...
fireice99 Posted February 9, 2014 Author ID:788749 Share Posted February 9, 2014 OTL logfile created on: 10/2/2014 12:57:31 AM - Run 3OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tristen\Desktop\Clean64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy 5.99 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 59.90% Memory free12.09 Gb Paging File | 9.65 Gb Available in Paging File | 79.81% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 488.28 Gb Total Space | 317.06 Gb Free Space | 64.93% Space Free | Partition Type: NTFSDrive D: | 443.23 Gb Total Space | 408.38 Gb Free Space | 92.14% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: Tristen | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/02/06 16:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tristen\Desktop\Clean\OTL.exePRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exePRC - [2013/12/11 12:23:04 | 000,526,848 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exePRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exePRC - [2013/11/04 11:01:40 | 001,025,856 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exePRC - [2013/10/25 12:07:12 | 000,469,280 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exePRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exePRC - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exePRC - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ========== Modules (No Company Name) ========== MOD - [2014/02/02 07:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dllMOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dllMOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dllMOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dllMOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2013/12/13 11:24:22 | 000,553,776 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dllMOD - [2013/12/13 11:24:14 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exeMOD - [2013/12/11 12:22:44 | 000,378,368 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dllMOD - [2013/10/10 12:06:01 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29ab1d8aa9cef7960c27d0e9c78d685a\System.Configuration.ni.dllMOD - [2013/10/10 11:17:43 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\af71e097fedd23dd447153e44826366a\System.Windows.Forms.ni.dllMOD - [2013/10/10 11:17:30 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1e743e5431681bf5d856d2b25cf1f083\System.Core.ni.dllMOD - [2013/10/10 11:17:26 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c265fd5e60d5847789f6fe408c5cec\PresentationFramework.ni.dllMOD - [2013/10/10 11:17:13 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9803a73cdf2d218d14069716ed6feda9\PresentationCore.ni.dllMOD - [2013/10/10 11:17:01 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\89a4ec2a9793e121738ae9111a911bda\WindowsBase.ni.dllMOD - [2013/08/17 12:26:52 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\13ca5a02ada78d39db7c6196120e4301\System.Xml.ni.dllMOD - [2013/08/17 12:26:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dc5209760859839df25e6fc0e9424a0c\System.Drawing.ni.dllMOD - [2013/08/17 12:26:14 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6581049bfc1c440a67084fd3762a5609\PresentationFramework.Aero.ni.dllMOD - [2013/08/17 12:25:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ab9f3f5c6b8a70ead224186f29eca132\System.ni.dllMOD - [2013/08/17 12:25:42 | 011,498,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\33b224b9839adb5343e0e4b37c802410\mscorlib.ni.dllMOD - [2011/07/06 20:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exeMOD - [2011/04/29 15:58:05 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exeMOD - [2009/10/31 21:42:43 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3180\SSOle.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)SRV:64bit: - [2008/01/21 10:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2014/02/05 20:12:51 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2014/01/31 03:16:18 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)SRV - [2014/01/08 05:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/04/28 18:20:25 | 000,229,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/04/12 00:23:49 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/10/22 12:12:37 | 000,322,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)DRV:64bit: - [2013/10/22 12:09:26 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2013/05/22 18:49:34 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/02/29 21:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2009/07/13 16:16:42 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)DRV:64bit: - [2009/07/13 16:13:51 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)DRV:64bit: - [2009/01/19 14:41:48 | 000,609,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)DRV:64bit: - [2008/01/21 10:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ieIE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Yahoo (Enabled)CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},CHR - homepage: http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-chCHR - Extension: Google Docs = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: Turn Off the Lights = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.6_0\CHR - Extension: YouTube = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: HTTPS Everywhere = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.1.3_0\CHR - Extension: AdBlock = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\CHR - Extension: Skype Click to Call = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\CHR - Extension: Google Wallet = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\CHR - Extension: Fullscreen Anything = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh\2_0\CHR - Extension: Gmail = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006/09/19 05:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not foundO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKLM..\Run: [3180 Scan2PC] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [CLX3180_Scan2Pc] C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe ()O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not foundO4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2O7 - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E548628-D52E-4A09-9BFA-0DB85102B218}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpgO24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpgO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013/12/17 13:07:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/02/10 00:49:40 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Desktop\Clean[2014/02/10 00:18:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2014/02/05 22:09:38 | 000,000,000 | ---D | C] -- C:\_OTL[2014/02/05 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\vlc[2014/02/05 19:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2014/02/05 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN[2014/02/05 19:05:48 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Malwarebytes[2014/02/05 19:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2014/02/05 19:05:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2014/02/05 19:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2014/01/31 01:35:00 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Media Player Classic[2014/01/31 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Macromedia[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Mozilla[2014/01/31 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Mozilla[2014/01/31 01:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla[2014/01/27 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2014/01/27 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2014/01/27 20:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2014/01/27 20:05:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\RJC CHEM[2014/01/25 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Bio[2014/01/25 11:57:03 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\KI NOTES[2014/01/25 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\HCI Physics[2014/01/24 23:22:21 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR[2014/01/24 09:50:05 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Adobe[2014/01/21 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\My Games[2014/01/21 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Awesomium[2014/01/21 19:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios[2014/01/21 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios[2014/01/21 19:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios[2014/01/16 00:40:27 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Roaming\Audacity[2014/01/16 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity[2014/01/15 14:35:09 | 000,000,000 | ---D | C] -- C:\Users\Tristen\Documents\LOLReplay[2014/01/15 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay[2014/01/13 14:07:58 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple[2014/01/13 14:05:25 | 000,000,000 | ---D | C] -- C:\Users\Tristen\AppData\Local\Apple Computer[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/02/10 00:53:55 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2014/02/10 00:53:48 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job[2014/02/10 00:52:29 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2014/02/10 00:52:29 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2014/02/10 00:52:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2014/02/10 00:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2014/02/10 00:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2014/02/05 21:57:54 | 000,000,977 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2014/02/05 20:12:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2014/02/05 20:12:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2014/02/05 20:07:16 | 000,000,545 | ---- | M] () -- C:\prefs.js[2014/02/05 19:07:05 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014/02/05 19:05:36 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/01/31 19:41:56 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW[2014/01/30 23:01:04 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk[2014/01/27 21:57:21 | 000,000,972 | ---- | M] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk[2014/01/27 20:09:07 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2014/01/21 19:34:13 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk[2014/01/21 19:34:13 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk[2014/01/16 00:40:25 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/01/15 14:35:00 | 000,001,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk[2014/01/15 14:35:00 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk[2014/01/11 17:39:49 | 000,002,053 | ---- | M] () -- C:\Users\Tristen\Desktop\Google Chrome.lnk[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/02/05 21:57:54 | 000,000,977 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2014/02/05 20:01:53 | 000,000,545 | ---- | C] () -- C:\prefs.js[2014/02/05 19:07:05 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014/02/05 19:05:36 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/01/31 19:41:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW[2014/01/27 21:57:21 | 000,000,972 | ---- | C] () -- C:\Users\Tristen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk[2014/01/27 20:09:07 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2014/01/21 19:34:13 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk[2014/01/21 19:34:13 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk[2014/01/16 00:40:25 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk[2014/01/16 00:40:25 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk[2014/01/15 14:35:00 | 000,001,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk[2014/01/15 14:35:00 | 000,001,756 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk[2014/01/15 14:35:00 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk[2014/01/07 14:52:52 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe[2014/01/07 11:15:10 | 000,000,632 | RHS- | C] () -- C:\Users\Tristen\ntuser.pol[2013/12/23 11:49:10 | 000,000,768 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini[2013/10/30 11:45:51 | 000,741,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/10/07 15:35:48 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll[2013/08/15 16:47:33 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe[2013/08/15 16:46:56 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini[2013/08/15 16:46:53 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll[2013/08/15 16:32:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe[2013/08/15 16:31:51 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe[2013/08/15 16:12:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2013/08/15 15:21:45 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2013/08/15 15:21:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini[2013/08/15 15:21:44 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[2013/08/15 15:21:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[2013/08/15 15:21:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll ========== ZeroAccess Check ========== [2006/11/02 23:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/12 00:22:50 | 000,891,392 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/12 00:23:09 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 10:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software[2013/12/06 11:36:40 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Green\AppData\Roaming\TuneUp Software[2013/12/14 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\AVG2013[2014/01/01 21:27:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\GarenaPlus[2013/11/23 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\IObit[2013/11/27 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\IObit[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software[2014/02/04 00:44:42 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Audacity[2014/01/21 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Awesomium[2014/01/07 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\Garena[2014/02/09 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\GarenaPlus[2014/01/07 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\IObit[2014/01/07 11:29:35 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\LolClient[2013/09/14 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\Tristen\AppData\Roaming\TuneUp Software[2013/09/03 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG[2013/12/14 14:48:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013[2013/12/01 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2014[2014/02/09 15:00:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox[2013/12/22 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena[2014/01/07 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus[2013/11/10 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit[2013/12/05 20:46:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient[2013/08/17 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung[2013/12/23 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Link to post Share on other sites More sharing options...
Maniac Posted February 9, 2014 ID:788751 Share Posted February 9, 2014 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ie IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 CHR - default_search_provider: Yahoo (Enabled) CHR - default_search_provider: search_url = http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms} CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}, CHR - homepage: http://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ch CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\ O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) :files ipconfig /flushdns /c :Commands [emptytemp]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply.Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles Link to post Share on other sites More sharing options...
fireice99 Posted February 10, 2014 Author ID:789117 Share Posted February 10, 2014 All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\S-1-5-21-330252339-2164704957-4068010090-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!HKEY_USERS\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\S-1-5-21-330252339-2164704957-4068010090-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to change the HomePage.File C:\Users\Tristen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1 not found.64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Tristen\Desktop\Clean\cmd.bat deleted successfully.C:\Users\Tristen\Desktop\Clean\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Green->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Google Chrome cache emptied: 0 bytes User: Kids->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 0 bytes User: Public User: TEMP->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Tristen->Temp folder emptied: 3550222 bytes->Temporary Internet Files folder emptied: 70629622 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 11984889 bytes->Flash cache emptied: 820 bytes User: user->Temp folder emptied: 6247095 bytes->Temporary Internet Files folder emptied: 1008052 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 49661450 bytes->Flash cache emptied: 291 bytes User: wangzhisong %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 6522 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 79832 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 137.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02102014_210156 Files\Folders moved on Reboot...File move failed. C:\Windows\SysNative\PerfStringBackup.TMP scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Maniac Posted February 10, 2014 ID:789334 Share Posted February 10, 2014 What is the situation now? Link to post Share on other sites More sharing options...
fireice99 Posted February 11, 2014 Author ID:789374 Share Posted February 11, 2014 Hi Borislav, The browser redirection still exists Deleting Yahoo from list of search engines and replacing it with google as default temporarily restores my comp back to normal, but once i close chrome and reopen it yahoo becomes the default broswer. Link to post Share on other sites More sharing options...
Maniac Posted February 11, 2014 ID:789833 Share Posted February 11, 2014 Please follow the instructions here: https://support.google.com/chrome/answer/3296214?hl=en Close your browser and run it again. Let me know. Link to post Share on other sites More sharing options...
fireice99 Posted February 12, 2014 Author ID:789967 Share Posted February 12, 2014 Hi Borislav, Unfortunately the problem still persists. After resetting, Google is the default, upon closing and reopening the broswer http://sg.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p=%s restores itself as default! Link to post Share on other sites More sharing options...
Maniac Posted February 12, 2014 ID:790274 Share Posted February 12, 2014 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
fireice99 Posted February 13, 2014 Author ID:790550 Share Posted February 13, 2014 ComboFix 14-02-12.01 - Tristen 13/02/2014 19:25:55.1.8 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.6134.4107 [GMT 8:00]Running from: c:\users\Tristen\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-01-13 to 2014-02-13 )))))))))))))))))))))))))))))))..2014-02-13 11:31 . 2014-02-13 11:31 -------- d-----w- c:\users\user\AppData\Local\temp2014-02-13 11:31 . 2014-02-13 11:31 -------- d-----w- c:\users\Tristen\AppData\Local\temp2014-02-13 11:17 . 2014-02-13 11:17 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E88B0D17-9048-497E-92AD-A840340AE4A8}\offreg.dll2014-02-13 08:28 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E88B0D17-9048-497E-92AD-A840340AE4A8}\mpengine.dll2014-02-13 08:24 . 2014-02-13 09:00 1024 ---h--w- C:\AMTAG.BIN2014-02-12 16:59 . 2014-02-05 09:51 599040 ----a-w- c:\windows\system32\vbscript.dll2014-02-12 16:59 . 2014-02-05 09:51 816640 ----a-w- c:\windows\system32\jscript.dll2014-02-12 16:59 . 2014-02-05 08:56 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll2014-02-12 16:59 . 2014-02-05 08:50 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll2014-02-12 16:59 . 2014-02-05 08:49 104448 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll2014-02-12 16:59 . 2014-02-05 09:53 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll2014-02-12 16:59 . 2014-02-05 09:53 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll2014-02-12 16:59 . 2014-02-05 08:50 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll2014-02-12 16:59 . 2014-02-05 10:19 17849344 ----a-w- c:\windows\system32\mshtml.dll2014-02-12 16:59 . 2014-02-05 10:02 10926080 ----a-w- c:\windows\system32\ieframe.dll2014-02-12 10:22 . 2013-12-05 04:48 1869824 ----a-w- c:\windows\system32\msxml3.dll2014-02-12 10:22 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll2014-02-11 14:27 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-02-09 16:18 . 2014-02-09 16:18 -------- d-----w- c:\windows\ERUNT2014-02-05 14:09 . 2014-02-05 14:09 -------- d-----w- C:\_OTL2014-02-05 13:40 . 2014-02-09 06:22 6522 ----a-w- c:\windows\system32\PerfStringBackup.TMP2014-02-05 12:01 . 2014-02-05 12:07 545 ----a-w- C:\prefs.js2014-02-05 11:09 . 2014-02-05 12:10 -------- d-----w- c:\users\Tristen\AppData\Roaming\vlc2014-02-05 11:06 . 2014-02-05 11:06 -------- d-----w- c:\program files (x86)\VideoLAN2014-02-05 11:05 . 2014-02-05 11:05 -------- d-----w- c:\users\Tristen\AppData\Roaming\Malwarebytes2014-02-05 11:05 . 2014-02-05 11:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2014-02-05 11:05 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2014-01-30 17:35 . 2014-02-05 10:54 -------- d-----w- c:\users\Tristen\AppData\Roaming\Media Player Classic2014-01-30 17:09 . 2014-01-30 17:09 -------- d-----w- c:\users\Tristen\AppData\Local\Macromedia2014-01-30 17:08 . 2014-01-30 17:08 -------- d-----w- c:\users\Tristen\AppData\Local\Mozilla2014-01-27 12:08 . 2014-01-27 12:08 -------- d-----w- c:\program files\iPod2014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\program files\iTunes2014-01-27 12:08 . 2014-01-27 12:09 -------- d-----w- c:\program files (x86)\iTunes2014-01-24 01:50 . 2014-01-24 01:50 -------- d-----w- c:\users\Tristen\AppData\Local\Adobe2014-01-24 01:44 . 2013-10-19 08:17 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B50950FA-02ED-4CC3-959F-42427632FC0C}\gapaengine.dll2014-01-21 11:34 . 2014-01-21 11:34 -------- d-----w- c:\users\Tristen\AppData\Roaming\Awesomium2014-01-21 11:34 . 2014-01-21 11:34 -------- d-----w- c:\programdata\Hi-Rez Studios2014-01-21 11:33 . 2014-01-21 11:34 -------- d-----w- c:\program files (x86)\Hi-Rez Studios2014-01-15 16:40 . 2014-02-03 16:44 -------- d-----w- c:\users\Tristen\AppData\Roaming\Audacity2014-01-15 16:40 . 2014-01-15 16:40 -------- d-----w- c:\program files (x86)\Audacity2014-01-15 06:34 . 2014-01-15 06:34 -------- d-----w- c:\program files (x86)\LOLReplay...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-05 12:12 . 2013-11-10 07:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-02-05 12:12 . 2013-08-15 07:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-01-19 07:33 . 2013-08-15 08:10 270496 ------w- c:\windows\system32\MpSigStub.exe2014-01-15 18:14 . 2006-11-02 12:35 86054176 ----a-w- c:\windows\system32\mrt.exe2014-01-07 06:55 . 2014-01-07 06:52 65536 ----a-w- c:\windows\IFinst27.exe2013-12-16 10:36 . 2013-12-16 10:36 49940480 ----a-w- c:\program files (x86)\GUT1931.tmp2013-12-16 05:25 . 2013-12-16 05:25 49940480 ----a-w- c:\program files (x86)\GUTD7AA.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe""SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe""iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe""AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY.S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]..HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-02-04 15:33 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-10 12:12].2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11 05:13].2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-11 05:13]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-11-10 13653208]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{99E5FA8F-BB6E-4548-B1C1-67F1C431C087}: NameServer = 8.8.8.8.- - - - ORPHANS REMOVED - - - -.ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exeSafeBoot-WudfPfSafeBoot-WudfRdAddRemove-LoL - c:\program files (x86)\GarenaLoL\uninst.exeAddRemove-Steam - c:\program files (x86)\Steam\uninstall.exeAddRemove-Steam App 570 - c:\program files (x86)\Steam\steam.exeAddRemove-{EF36D026-6634-4BED-A82F-D1EDCD4BE68C}_is1 - c:\program files (x86)\Wizet\MapleStorySEA\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,c0,31,77,38,7e,d6,4b,ad,9b,13,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,c0,31,77,38,7e,d6,4b,ad,9b,13,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.Completion time: 2014-02-13 19:33:46ComboFix-quarantined-files.txt 2014-02-13 11:33.Pre-Run: 366,172,495,872 bytes freePost-Run: 366,034,075,648 bytes free.- - End Of File - - 68A3FDDC06526E5B62F8D1795DD872075C616939100B85E558DA92B899A0FC36 Link to post Share on other sites More sharing options...
Maniac Posted February 13, 2014 ID:790798 Share Posted February 13, 2014 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
fireice99 Posted February 14, 2014 Author ID:791048 Share Posted February 14, 2014 C:\Users\All Users\InstallMate\{2DA05166-31C6-4048-A2A3-79E4F6437390}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.27.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir a variant of MSIL/Toolbar.Linkury.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir a variant of MSIL/Toolbar.Linkury.E potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir a variant of MSIL/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\SnapDo.exe.vir a variant of Win32/Toolbar.Linkury.A potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\srbs.dll.vir a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\ExtInstaller\2.exe.vir a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir a variant of Win32/Toolbar.Linkury.D potentially unwanted application deleted - quarantinedC:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\OpenCandy\F957C95FC66B4E2AB1682D7A7AE7F03B\pcspeedup.exe.vir a variant of Win32/Speedchecker.A potentially unwanted application deleted - quarantinedC:\ProgramData\InstallMate\{2DA05166-31C6-4048-A2A3-79E4F6437390}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantinedC:\Users\Green\Downloads\u.zip Win32/UltraReach potentially unsafe application deleted - quarantinedC:\Users\user\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantinedC:\Users\user\Downloads\asc7-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantinedC:\Users\user\Downloads\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantinedC:\Users\user\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantinedC:\Users\user\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantinedC:\Users\user\Downloads\u (1).zip Win32/UltraReach potentially unsafe application deleted - quarantinedC:\Users\user\Downloads\u.zip Win32/UltraReach.AF potentially unsafe application deleted - quarantinedC:\Users\user\Downloads\u1303.zip Win32/UltraReach potentially unsafe application deleted - quarantinedC:\Users\user\Downloads\u\u1301.exe Win32/UltraReach.AF potentially unsafe application deleted - quarantinedC:\Users\user\Downloads\u1303\u1303.exe Win32/UltraReach potentially unsafe application deleted - quarantinedC:\Windows\Installer\MSIB98A.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application deleted - quarantinedD:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 12.zip Win32/UltraReach potentially unsafe application deleted - quarantinedD:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 3.zip Win32/UltraReach potentially unsafe application deleted - quarantinedD:\USER-PC\Backup Set 2013-12-14 181403\Backup Files 2013-12-14 181403\Backup files 9.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined Link to post Share on other sites More sharing options...
Maniac Posted February 15, 2014 ID:791618 Share Posted February 15, 2014 Step 1 Please locate and manually delete the following folders: C:\Users\All Users\InstallMate C:\ProgramData\InstallMate Step 2 Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
fireice99 Posted February 16, 2014 Author ID:791925 Share Posted February 16, 2014 Hi, It had no infections detected. My browser is also Google by default now, no more redirection. I presume the malware has been removed somehow? Link to post Share on other sites More sharing options...
Recommended Posts