Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Firefox AVG SafeSearch Malware [Closed]


  • This topic is locked This topic is locked
22 replies to this topic

#1 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 02 February 2014 - 04:22 PM

Hi. I have to admit I've been using torrenting sites and now I've caught something I didn't want. I thought I had enough experience under my belt to download at my own risk but it seems like I still have a lot to learn. The malware seems to make my firefox untrust many sites (even popular ones like Google and Facebook) and just giving me problems in general with firefox. I could use some help.

 

As requested:

 

.
DDS (Ver_11-03-05.01) - NTFS_AMD64  
Run by Z at 16:11:50.65 on Sun 02/02/2014
Internet Explorer: 9.10.9200.16750 BrowserJavaVersion: 10.21.2
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1845.252 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Aqualab\namehelp\nssm.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\Program Files (x86)\Aqualab\namehelp\namehelp.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Z\Downloads\dds(1).scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEPwdBankBHO Class: {56cbb761-da41-4e31-b270-b13b4b0a61d0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Shopop Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BHO-X64: Shopop WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
TB-X64: Shopop Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
AppInit_DLLs-X64: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL -
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2011-3-14 39008]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-3-14 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-3-14 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-3-14 60464]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-20 114448]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
R2 EgisTec Data Security Service;EgisTec Data Security Service;C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-5-27 314736]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-5-27 709488]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\System32\drivers\FPSensor.sys [2011-3-14 35888]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-14 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-29 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-29 701512]
R2 namehelp;namehelp;C:\Program Files (x86)\Aqualab\namehelp\nssm.exe [2012-10-8 156672]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-3-14 28176]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-5-27 162304]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-7 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-10 158976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-4-7 75304]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-22 25928]
R3 vm332avs;Lenovo Camera2;C:\Windows\System32\drivers\vm332avs.sys [2011-1-19 229488]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-20 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-22 257416]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-1-1 115272]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-22 119408]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-14 243744]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-24 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== Created Last 30 ================
.
2014-02-02 21:20:33    --------    d-----w-    C:\Users\Z\AppData\Roaming\SUPERAntiSpyware.com
2014-02-02 21:20:32    --------    d-----w-    C:\Users\Z\AppData\Local\Google
2014-02-02 21:20:19    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-02-02 21:20:19    --------    d-----w-    C:\PROGRA~3\SUPERAntiSpyware.com
2014-02-01 22:09:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Macrovision Shared
2014-02-01 22:08:38    --------    d-----w-    C:\Program Files (x86)\Rosetta Stone
2014-02-01 22:08:34    --------    d-----w-    C:\PROGRA~3\Rosetta Stone
2014-02-01 22:05:28    --------    d-----w-    C:\Users\Z\AppData\Roaming\PowerISO
2014-02-01 22:03:08    325920    ----a-w-    C:\windows\SysWow64\Sendori.dll
2014-02-01 22:00:23    129944    ----a-w-    C:\windows\System32\drivers\scdemu.sys
2014-02-01 22:00:23    --------    d-----w-    C:\Program Files (x86)\PowerISO
2014-01-31 22:51:46    75888    ----a-w-    C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7A8E57FE-CA75-4C56-98F9-1DA9661D8A27}\offreg.dll
2014-01-31 19:50:26    10315576    ----a-w-    C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7A8E57FE-CA75-4C56-98F9-1DA9661D8A27}\mpengine.dll
2014-01-15 23:40:20    --------    d-----w-    C:\Program Files\iPod
2014-01-15 23:40:18    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-01-15 23:40:18    --------    d-----w-    C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-15 23:40:17    --------    d-----w-    C:\Program Files\iTunes
2014-01-15 23:04:30    --------    d-----w-    C:\Program Files\Bonjour
2014-01-15 23:04:30    --------    d-----w-    C:\Program Files (x86)\Bonjour
2014-01-15 08:19:03    99840    ----a-w-    C:\windows\System32\drivers\usbccgp.sys
2014-01-15 08:19:03    7808    ----a-w-    C:\windows\System32\drivers\usbd.sys
2014-01-15 08:19:03    53248    ----a-w-    C:\windows\System32\drivers\usbehci.sys
2014-01-15 08:19:03    343040    ----a-w-    C:\windows\System32\drivers\usbhub.sys
2014-01-15 08:19:03    325120    ----a-w-    C:\windows\System32\drivers\usbport.sys
2014-01-15 08:19:03    30720    ----a-w-    C:\windows\System32\drivers\usbuhci.sys
2014-01-15 08:19:03    25600    ----a-w-    C:\windows\System32\drivers\usbohci.sys
2014-01-15 08:19:02    3156480    ----a-w-    C:\windows\System32\win32k.sys
2014-01-15 08:19:01    376768    ----a-w-    C:\windows\System32\drivers\netio.sys
2014-01-14 21:05:52    --------    d-----w-    C:\Users\Z\AppData\Roaming\WindSolutions
2014-01-14 21:05:51    --------    d-----w-    C:\PROGRA~3\WindSolutions
2014-01-14 20:08:47    33240    ----a-w-    C:\windows\System32\drivers\GEARAspiWDM.sys
2014-01-14 13:54:54    --------    d-----w-    C:\windows\pss
2014-01-14 02:27:40    --------    d-----w-    C:\PROGRA~3\Systweak
2014-01-14 02:27:38    16896    ----a-w-    C:\windows\System32\sasnative64.exe
2014-01-14 02:26:29    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
2014-01-14 02:25:43    20312    ----a-w-    C:\windows\System32\roboot64.exe
2014-01-14 02:17:25    --------    d-----w-    C:\Program Files (x86)\SearchProtect
2014-01-10 16:20:15    --------    d-----w-    C:\Program Files (x86)\BlueStacks
2014-01-10 16:19:29    --------    d-----w-    C:\PROGRA~3\BlueStacksSetup
2014-01-10 16:19:15    --------    d-----w-    C:\PROGRA~3\BlueStacks
.
==================== Find3M  ====================
.
2013-12-18 12:13:56    270496    ------w-    C:\windows\System32\MpSigStub.exe
2013-12-11 10:44:31    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 10:44:31    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26:20    417792    ----a-w-    C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
.
============= FINISH: 16:14:08.75 ===============
 


    Advertisements

Register to Remove


#2 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 03 February 2014 - 02:18 PM

I believe I've somewhat managed to get rid of the problem myself but would still like to get things checked out if possible. I think I'm done with torrents after this scare.

 

Thanks in advance.


Edited by mercenary, 03 February 2014 - 02:18 PM.


#3 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 04 February 2014 - 12:00 PM

:welcome:

Hello mercenary,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


You have C:\Program Files (x86)\MyPC Backup
Our tools will delete that folder!
 

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


3. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo

#4 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 04 February 2014 - 02:24 PM

thanks Jo
 

 

You have C:\Program Files (x86)\MyPC Backup
Our tools will delete that folder!

 

That's fine. I don't remember downloading this tbh.

 

As requested;

 

Security Check:

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 4.6    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

----------

 

The Malwarebytes one came back clean...though it did find a Rootkit initially that I deleted by pressing yes, I believe it was called AppInIt.

---------

 

OTL:

 

OTL logfile created on: 2/4/2014 2:04:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Z\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.80 Gb Total Physical Memory | 0.50 Gb Available Physical Memory | 27.61% Memory free
3.93 Gb Paging File | 0.83 Gb Available in Paging File | 21.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 166.62 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.84 Gb Free Space | 96.02% Space Free | Partition Type: NTFS
Drive E: | 357.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: Z-PC | User Name: Z | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Z\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Z\Downloads\SecurityCheck.exe ()
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe (Multidmedia Limited                 )
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
PRC - C:\Program Files (x86)\Aqualab\namehelp\nssm.exe ()
PRC - C:\Program Files (x86)\Aqualab\namehelp\namehelp.exe ()
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe (Rosetta Stone Ltd.  )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Z\Downloads\SecurityCheck.exe ()
MOD - C:\Users\Z\AppData\Local\Temp\wrdaf43a38.~lk\2.mdd ()
MOD - C:\Users\Z\AppData\Local\Temp\wrdaf43a38.~lk\5.mdd ()
MOD - C:\Users\Z\AppData\Local\Temp\wrdaf43a38.~lk\1.mdd ()
MOD - C:\Users\Z\AppData\Local\Temp\wrdaf43a38.~lk\0.mdd ()
MOD - C:\Users\Z\AppData\Local\Temp\wrdaf43a38.~lk\3.mdd ()
MOD - C:\Users\Z\AppData\Local\Temp\wrdaf43a38.~lk\4.mdd ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\sqlite3.dll ()
MOD - C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\DataInstaller.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (pcCMService64) -- C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (RtLedService) -- C:\Program Files\Realtek\RtLED\RtLEDService.exe (Realtek Semiconductor Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BackupStack) -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Just Develop It)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (pcCMService) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV - (namehelp) -- C:\Program Files (x86)\Aqualab\namehelp\nssm.exe ()
SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Data Security Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe (Egis Technology Inc. )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {B2F2CD68-F538-42E9-9456-6FA113ABB119}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B2F2CD68-F538-42E9-9456-6FA113ABB119}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: flvto%40hotger.com:1.6.6
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.3.0.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/19 22:20:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/19 22:20:01 | 000,000,000 | ---D | M]
 
[2012/07/22 20:43:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Extensions
[2014/02/03 15:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions
[2014/02/03 15:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\staged
[2012/12/28 14:13:23 | 000,005,886 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\flvto@hotger.com.xpi
[2014/01/20 04:07:27 | 000,736,358 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\stefanvandamme@stefanvd.net.xpi
[2014/01/16 17:30:25 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/03 07:44:17 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/04/03 21:16:41 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/02/03 15:07:06 | 000,943,976 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\staged\stefanvandamme@stefanvd.net.xpi
[2012/08/21 10:27:51 | 000,003,915 | ---- | M] () -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\searchplugins\sweetim.xml
[2013/11/17 23:45:46 | 000,000,915 | ---- | M] () -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\searchplugins\yahoo.xml
[2013/12/19 22:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/19 22:20:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - Extension: Google Docs = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5474319E-5E89-4812-BF29-FC0769CD3B2C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71F9B489-C336-43D3-B15F-BA956CEC6109}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/04 13:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/04 13:26:35 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/04 13:24:57 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/02/04 13:24:13 | 000,000,000 | ---D | C] -- C:\Users\Z\Desktop\mbar
[2014/02/02 15:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/02 15:20:33 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\SUPERAntiSpyware.com
[2014/02/02 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Local\Google
[2014/02/02 15:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/02 15:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/02/02 15:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/02/02 15:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/01 16:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2014/02/01 16:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2014/02/01 16:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2014/02/01 16:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2014/02/01 16:05:28 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\PowerISO
[2014/02/01 16:03:08 | 000,325,920 | ---- | C] (Sendori) -- C:\windows\SysWow64\Sendori.dll
[2014/02/01 16:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/02/01 16:00:23 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\windows\SysNative\drivers\scdemu.sys
[2014/02/01 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2014/01/21 22:26:59 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/01/15 17:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/15 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/15 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/15 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/15 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/15 17:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/15 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/01/15 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/15 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/15 17:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/01/15 02:19:03 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2014/01/15 02:19:03 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2014/01/15 02:19:01 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2014/01/14 15:07:04 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2014/01/14 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\WindSolutions
[2014/01/14 15:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2014/01/14 14:08:47 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2014/01/14 08:07:01 | 000,000,000 | ---D | C] -- C:\Users\Z\Documents\Freemake
[2014/01/14 07:54:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/01/13 20:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/01/13 20:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/01/13 20:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/01/13 20:25:43 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\SysNative\roboot64.exe
[2014/01/13 20:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/01/13 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/01/12 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\Z\Desktop\965TOGQJ
[2014/01/10 10:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/01/10 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2014/01/10 10:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/01/10 10:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/03/26 08:58:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Z\AppData\Roaming\pcouffin.sys
[2012/09/16 17:56:02 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Z\Setup.exe
[1 C:\Users\Z\Documents\*.tmp files -> C:\Users\Z\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/04 13:41:16 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/04 13:26:35 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/04 13:24:57 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/02/04 12:59:12 | 000,000,502 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
[2014/02/04 12:59:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/02/04 02:00:00 | 000,000,502 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
[2014/02/03 17:50:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/03 15:41:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 15:57:19 | 000,002,279 | ---- | M] () -- C:\Users\Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 15:20:22 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/02/01 16:37:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/01 16:37:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/01 16:28:20 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2014/02/01 16:27:55 | 1450,582,016 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/01 16:09:23 | 000,002,571 | ---- | M] () -- C:\Users\Z\Desktop\Rosetta Stone Version 3.lnk
[2014/02/01 16:01:39 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/01/28 18:14:42 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/28 18:14:42 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/28 18:14:42 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/21 22:26:52 | 266,548,433 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/01/15 17:41:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/15 03:21:56 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 03:21:56 | 000,000,192 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2014/01/15 03:21:47 | 000,430,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/14 15:07:05 | 000,001,354 | ---- | M] () -- C:\Users\Z\Desktop\CopyTrans Control Center.lnk
[2014/01/07 09:19:53 | 000,001,067 | ---- | M] () -- C:\Users\Z\Desktop\Project 64.lnk
[1 C:\Users\Z\Documents\*.tmp files -> C:\Users\Z\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/02 15:23:55 | 000,002,279 | ---- | C] () -- C:\Users\Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 15:23:55 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/02 15:20:45 | 000,000,502 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
[2014/02/02 15:20:43 | 000,000,888 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/02 15:20:43 | 000,000,502 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
[2014/02/02 15:20:37 | 000,000,884 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 15:20:22 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/02/01 16:09:23 | 000,002,571 | ---- | C] () -- C:\Users\Z\Desktop\Rosetta Stone Version 3.lnk
[2014/02/01 16:01:39 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/01/21 22:26:52 | 266,548,433 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/01/15 17:41:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/15 17:05:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/14 15:07:05 | 000,001,354 | ---- | C] () -- C:\Users\Z\Desktop\CopyTrans Control Center.lnk
[2014/01/13 20:27:38 | 000,016,896 | ---- | C] () -- C:\windows\SysNative\sasnative64.exe
[2014/01/07 09:19:53 | 000,001,067 | ---- | C] () -- C:\Users\Z\Desktop\Project 64.lnk
[2013/05/11 14:30:18 | 000,000,218 | ---- | C] () -- C:\Users\Z\AppData\Local\recently-used.xbel
[2013/04/04 14:30:34 | 001,616,878 | ---- | C] () -- C:\Users\Z\Localizable.strings
[2013/03/26 08:58:26 | 000,099,384 | ---- | C] () -- C:\Users\Z\AppData\Roaming\inst.exe
[2013/03/26 08:58:26 | 000,007,859 | ---- | C] () -- C:\Users\Z\AppData\Roaming\pcouffin.cat
[2013/03/26 08:58:25 | 000,001,167 | ---- | C] () -- C:\Users\Z\AppData\Roaming\pcouffin.inf
[2013/03/10 11:56:15 | 000,073,746 | ---- | C] () -- C:\Users\Z\the doors-greatest hits SM.jpeg
[2013/01/31 11:46:23 | 000,000,135 | ---- | C] () -- C:\windows\AutoKMS.ini
[2013/01/31 08:56:38 | 733,890,560 | ---- | C] () -- C:\Users\Z\Roy Dean's BJJ Blue Belt Requirements DVD 1.avi
[2013/01/30 22:28:49 | 767,623,168 | ---- | C] () -- C:\Users\Z\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
[2012/12/04 13:02:18 | 000,004,664 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.nfo
[2012/12/03 22:13:06 | 731,793,408 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd4.avi
[2012/12/03 22:11:38 | 732,809,216 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd3.avi
[2012/12/03 22:09:39 | 733,528,064 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd2.avi
[2012/11/22 12:27:27 | 733,980,672 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd1.avi
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/08 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\BitLord
[2013/05/22 14:21:19 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\DAEMON Tools Pro
[2012/09/17 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\Dojotech Software
[2014/02/04 14:02:54 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\foobar2000
[2013/02/09 16:21:00 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\iFunbox_UserCache
[2013/04/04 14:30:35 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\ImTOO
[2014/01/01 14:56:56 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\MotioninJoy
[2012/08/22 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\Notepad++
[2014/02/01 16:05:28 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\PowerISO
[2013/05/01 20:24:10 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\Python-Eggs
[2013/03/28 17:42:19 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\rockbox.org
[2013/12/29 14:35:59 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\Search Protection
[2013/12/30 23:07:23 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\Spotify
[2013/03/25 13:45:47 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\TuneUp Software
[2014/02/01 16:26:11 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\uTorrent
[2013/05/22 14:21:18 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\Vso
[2014/01/14 15:15:32 | 000,000,000 | ---D | M] -- C:\Users\Z\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 

-----------

 

Extras;

 

OTL Extras logfile created on: 2/4/2014 2:04:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Z\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.80 Gb Total Physical Memory | 0.50 Gb Available Physical Memory | 27.61% Memory free
3.93 Gb Paging File | 0.83 Gb Available in Paging File | 21.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 166.62 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.84 Gb Free Space | 96.02% Space Free | Partition Type: NTFS
Drive E: | 357.70 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: Z-PC | User Name: Z | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06567E2B-3168-44C9-8E54-33C3F39746A5}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FF70259-C0F7-411A-9E5D-6AC4BCB1C1EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{10E2265F-97C3-4F51-AB91-8F89F4D1113B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{11032485-2813-4EDA-B93B-B83FB9DA8E88}" = rport=445 | protocol=6 | dir=out | app=system |
"{16E2A259-FAF7-4F69-8443-57F27CE56F5C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2AACB349-E4F0-4AA5-82CD-7D2975C724B0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2DD6630A-BA96-42D1-AE8F-DC8233C6C02F}" = lport=445 | protocol=6 | dir=in | app=system |
"{2E1267CE-A203-4293-860A-D158014FB480}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{401A6EA0-0855-4550-8F51-B7652855B2A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4EF3B07A-0CEE-41A1-9186-44B3ED507691}" = lport=137 | protocol=17 | dir=in | app=system |
"{54DF1492-37C2-4795-82AE-159D389C9400}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6240D1B6-3BA5-4F6E-B8E2-04EEC0761E14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81A198B5-E338-495A-958E-29442F9A6AC8}" = rport=137 | protocol=17 | dir=out | app=system |
"{96688629-0F05-41B9-9A51-E26D3890070F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AA8F7ACD-EA91-49DF-A7D3-B0FF35CF2919}" = rport=138 | protocol=17 | dir=out | app=system |
"{B8990605-F232-4D17-A19A-D925060D7C63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3CEC164-2C96-4B5D-9D3C-83FF5311C268}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C6D53433-7CFB-47B1-BCD6-D307A55566CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF2B918B-4D6D-44FF-AFD7-86A18D09C22C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D2469D8E-BD8B-4E39-993D-E58486097BE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA43FF8A-16BD-4801-A657-10789C488368}" = lport=138 | protocol=17 | dir=in | app=system |
"{E07BAD9F-19A6-4CE8-A86C-E0C7B8C7591C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E8483015-B69D-47CE-8B51-22A9C2E28D5E}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02090353-6114-4DEE-A58F-F29F0B411E06}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0CB24E31-3DAE-4ABC-9274-813CAD3B5F88}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{17BCB5C3-5628-4A7D-90FC-3074738B3A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{1C2CEAD6-6B43-4109-B715-F24939E2EA2D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{256BC111-D22F-4483-9559-91A64C2BB519}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{257F1E83-931E-42A7-AAD5-2B5FBCBE49DD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{28193434-F9EF-496A-A5D1-6EE673C88FA2}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{28A12FB8-0D82-402D-8780-D8AE4B6B6D7B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3976E7B3-B761-435A-AC3D-B9180EBAF0B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A5BD5B9-3029-4FBF-A933-1F17B494B0B2}" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
"{3BD0B483-9700-4928-89CE-B5AB551239CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3BF5E0A9-4C3F-404C-98A3-32A80CC8A887}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D9B3C3A-F43B-40D3-98E0-831E59D1DD0A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4804B691-8FF2-4FC3-9154-2DF621FA3D1D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{48EECD40-EBAE-4634-B438-323FEC1353D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{56DB8571-D254-40C5-BA97-706EE9A6B9A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{605184E4-A859-41E3-BBC9-E81A0D046D08}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{753B8A90-0E1F-444A-A021-ED84DAA2A63D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8405EF79-58AE-423D-8AB3-EC36D9B40ED2}" = protocol=17 | dir=in | app=c:\users\z\appdata\roaming\utorrent\utorrent.exe |
"{846AE9AA-8AEF-4020-8BF6-4A014CB05754}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{885B92E3-1428-42A7-A83E-82E0F027A4E8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{893CA90A-2DA9-4956-AC48-E1721C84D974}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{956D1394-798E-4971-A19A-00EB14C0AB15}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{B162A2CF-9E93-4B49-8C62-7FC749E2491F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B4F94C89-48B3-4B33-BEE3-899BC2417A66}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{BE2DDFF6-AB39-4657-AB10-80D7F9888665}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BE4B4565-2E21-4DDB-B3EA-CE2AE32BACDB}" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
"{CE4C11D6-276C-4CAA-B722-00C8FB666ED2}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{DDAA8DA5-4434-4412-BB38-A6A743D195BD}" = protocol=6 | dir=in | app=c:\users\z\appdata\roaming\utorrent\utorrent.exe |
"{E5E14413-D1F1-42E5-86D3-D664881E3258}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"TCP Query User{263B00A8-6B8D-4FE1-A2BB-8F685C6BEE57}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{6C727235-4C02-41A9-A9BB-C03BCAD199D0}C:\users\z\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\z\appdata\roaming\spotify\spotify.exe |
"TCP Query User{7AABA090-16AD-41CA-B960-4C5F056346B1}C:\users\z\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\z\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9E25FC82-D78D-4425-9D98-BEF191EF596B}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{D2EF42A5-FD83-4090-8910-8821136FF48D}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{031B1711-4F65-4098-B5D4-B60C2C8BE46E}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{1791839A-BF93-4F4E-A448-051C9DB73EF7}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{6A09EFF1-BC04-432B-B8C0-813FBC865555}C:\users\z\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\z\appdata\roaming\spotify\spotify.exe |
"UDP Query User{96E4CF2A-4DF1-47BC-9F62-BF195B079CD9}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{A25CDD45-1F7E-488D-B98D-AA430EC0982C}C:\users\z\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\z\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.0000
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MyPC Backup" = MyPC Backup
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.60
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DF474D5-1D41-43B5-BEA7-7E320542FD61}" = Shopop
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44181DF6-2751-48C7-B918-72F14508F127}" = BlueStacks Notification Center
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{77936389-BD8F-4888-9234-6D9E423ADF56}" = namehelp
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ASIO4ALL" = ASIO4ALL
"BitLord" = BitLord 2.3
"FL Studio 10" = FL Studio 10
"foobar2000" = foobar2000 v1.1.15
"Google Chrome" = Google Chrome
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"ImTOO iPod Manager" = ImTOO iPod Computer Transfer
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"mIRC" = mIRC
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"PrivitizeVPN" = PrivitizeVPN
"Project 64_is1" = Project 64 version 2.0.0.14
"SpywareBlaster_is1" = SpywareBlaster 4.6
"VeriFace" = VeriFace
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Flux" = f.lux
"Search Protection" = Search Protection
"Spotify" = Spotify
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/1/2014 8:59:22 PM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3618116
 
Error - 2/1/2014 8:59:50 PM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 2/1/2014 8:59:50 PM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9797
 
Error - 2/1/2014 8:59:50 PM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9797
 
Error - 2/2/2014 4:33:34 AM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 2/2/2014 4:33:34 AM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8206
 
Error - 2/2/2014 4:33:34 AM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8206
 
Error - 2/2/2014 5:33:47 AM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 2/2/2014 5:33:47 AM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210
 
Error - 2/2/2014 5:33:47 AM | Computer Name = Z-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210
 
[ System Events ]
Error - 6/11/2013 7:42:46 PM | Computer Name = Z-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.
 
Error - 6/19/2013 5:38:15 PM | Computer Name = Z-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 6/19/2013 6:27:26 PM | Computer Name = Z-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 6/19/2013 6:27:31 PM | Computer Name = Z-PC | Source = DCOM | ID = 10010
Description =
 
Error - 6/21/2013 1:26:23 PM | Computer Name = Z-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.
 
Error - 6/22/2013 9:26:15 AM | Computer Name = Z-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Wlansvc service.
 
Error - 6/22/2013 9:27:44 AM | Computer Name = Z-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the AudioEndpointBuilder service.
 
Error - 6/25/2013 5:19:29 PM | Computer Name = Z-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the BFE service.
 
Error - 6/27/2013 4:02:15 AM | Computer Name = Z-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG
 Mobile USB Composite Device.
 
Error - 7/5/2013 4:02:36 PM | Computer Name = Z-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:07:32 PM on ?7/?5/?2013 was unexpected.
 
 
< End of report >
 



#5 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 04 February 2014 - 02:41 PM

Hello mercenary,

P2P - I see you have P2P software µTorrent installed on your machine.
  • Avoid P2P
  • Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
  • Here you will find more information.
Please note:
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
I would advice you, uninstall it now.
You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).
 

***

Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo

#6 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 04 February 2014 - 04:18 PM

I think I messed up. I pressed clean by accident instead of report but before that I had checked out all the files that showed up after the scan...none of those seemed familar, including that PcBackUp you had mentioned before. After the restart I saw a significant difference in how my system was a bit faster. My mistake Jo.

 

As requested;

 

# AdwCleaner v3.018 - Report created 04/02/2014 at 16:11:29
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Z - Z-PC
# Running from : C:\Users\Z\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\Users\Z\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Z\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Deleted : C:\Users\Z\Documents\BitLord
Folder Deleted : C:\Users\Aris\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Aris 2\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Aris 2\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Aris 2\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Z\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Aris 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Aris 2\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Z\AppData\Roaming\MoZilla\Firefox\Profiles\3hutvwbm.default\searchplugins\SweetIm.xml
File Deleted : C:\windows\System32\Tasks\Advanced System Protector
File Deleted : C:\windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\windows\System32\Tasks\RegClean Pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Z\AppData\Roaming\MoZilla\Firefox\Profiles\3hutvwbm.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7454 octets] - [04/02/2014 16:08:42]
AdwCleaner[S0].txt - [7098 octets] - [04/02/2014 16:11:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7158 octets] ##########
 

Thanks your current assistance!



#7 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 04 February 2014 - 05:38 PM

Hello mercenary,

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo

#8 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 05 February 2014 - 04:48 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Z on Tue 02/04/2014 at 22:21:52.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-893635891-571939354-3906648824-1000\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Emptied folder: C:\Users\Z\AppData\Roaming\mozilla\firefox\profiles\3hutvwbm.default\minidumps [486 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/04/2014 at 22:32:32.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

OTL;

 

OTL logfile created on: 2/4/2014 10:40:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Z\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.80 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 23.34% Memory free
3.60 Gb Paging File | 1.44 Gb Available in Paging File | 39.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 167.10 Gb Free Space | 65.75% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.84 Gb Free Space | 96.02% Space Free | Partition Type: NTFS
 
Computer Name: Z-PC | User Name: Z | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Z\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
PRC - C:\Program Files (x86)\Aqualab\namehelp\nssm.exe ()
PRC - C:\Program Files (x86)\Aqualab\namehelp\namehelp.exe ()
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (pcCMService64) -- C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (RtLedService) -- C:\Program Files\Realtek\RtLED\RtLEDService.exe (Realtek Semiconductor Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (pcCMService) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV - (namehelp) -- C:\Program Files (x86)\Aqualab\namehelp\nssm.exe ()
SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Data Security Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe (Egis Technology Inc. )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B2F2CD68-F538-42E9-9456-6FA113ABB119}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: flvto%40hotger.com:1.6.6
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.3.0.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/19 22:20:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/19 22:20:01 | 000,000,000 | ---D | M]
 
[2012/07/22 20:43:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Extensions
[2014/02/04 16:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions
[2012/12/28 14:13:23 | 000,005,886 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\flvto@hotger.com.xpi
[2014/02/04 16:14:56 | 000,943,976 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\stefanvandamme@stefanvd.net.xpi
[2014/01/16 17:30:25 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/03 07:44:17 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/04/03 21:16:41 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/11/17 23:45:46 | 000,000,915 | ---- | M] () -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\searchplugins\yahoo.xml
[2013/12/19 22:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/19 22:20:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - Extension: Google Docs = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5474319E-5E89-4812-BF29-FC0769CD3B2C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71F9B489-C336-43D3-B15F-BA956CEC6109}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/04 22:21:39 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/02/04 15:48:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/04 13:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/04 13:26:35 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/04 13:24:57 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/02/04 13:24:13 | 000,000,000 | ---D | C] -- C:\Users\Z\Desktop\mbar
[2014/02/02 15:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/02 15:20:33 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\SUPERAntiSpyware.com
[2014/02/02 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Local\Google
[2014/02/02 15:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/02 15:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/02/02 15:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/02/02 15:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/01 16:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2014/02/01 16:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2014/02/01 16:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2014/02/01 16:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2014/02/01 16:05:28 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\PowerISO
[2014/02/01 16:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/02/01 16:00:23 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\windows\SysNative\drivers\scdemu.sys
[2014/02/01 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2014/01/21 22:26:59 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/01/15 17:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/15 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/15 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/15 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/15 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/15 17:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/15 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/01/15 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/15 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/15 17:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/01/15 02:19:03 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2014/01/15 02:19:03 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2014/01/15 02:19:01 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2014/01/14 15:07:04 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2014/01/14 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\WindSolutions
[2014/01/14 15:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2014/01/14 14:08:47 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2014/01/14 08:07:01 | 000,000,000 | ---D | C] -- C:\Users\Z\Documents\Freemake
[2014/01/14 07:54:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/01/12 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\Z\Desktop\965TOGQJ
[2014/01/10 10:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/01/10 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2014/01/10 10:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/01/10 10:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/03/26 08:58:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Z\AppData\Roaming\pcouffin.sys
[2012/09/16 17:56:02 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Z\Setup.exe
[1 C:\Users\Z\Documents\*.tmp files -> C:\Users\Z\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/04 22:41:01 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/04 22:17:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/02/04 16:21:16 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/04 16:21:16 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/04 16:14:22 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/04 16:14:06 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2014/02/04 16:13:43 | 1450,582,016 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/04 15:39:35 | 000,000,502 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
[2014/02/04 13:26:35 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/04 13:24:57 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/02/04 02:00:00 | 000,000,502 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
[2014/02/03 17:50:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/02 15:57:19 | 000,002,279 | ---- | M] () -- C:\Users\Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 15:20:22 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/02/01 16:09:23 | 000,002,571 | ---- | M] () -- C:\Users\Z\Desktop\Rosetta Stone Version 3.lnk
[2014/02/01 16:01:39 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/01/28 18:14:42 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/28 18:14:42 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/28 18:14:42 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/21 22:26:52 | 266,548,433 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/01/15 17:41:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/15 03:21:56 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 03:21:56 | 000,000,192 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2014/01/15 03:21:47 | 000,430,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/14 15:07:05 | 000,001,354 | ---- | M] () -- C:\Users\Z\Desktop\CopyTrans Control Center.lnk
[2014/01/07 09:19:53 | 000,001,067 | ---- | M] () -- C:\Users\Z\Desktop\Project 64.lnk
[1 C:\Users\Z\Documents\*.tmp files -> C:\Users\Z\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/02 15:23:55 | 000,002,279 | ---- | C] () -- C:\Users\Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 15:23:55 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/02 15:20:45 | 000,000,502 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
[2014/02/02 15:20:43 | 000,000,888 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/02 15:20:43 | 000,000,502 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
[2014/02/02 15:20:37 | 000,000,884 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 15:20:22 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/02/01 16:09:23 | 000,002,571 | ---- | C] () -- C:\Users\Z\Desktop\Rosetta Stone Version 3.lnk
[2014/02/01 16:01:39 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/01/21 22:26:52 | 266,548,433 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/01/15 17:41:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/15 17:05:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/14 15:07:05 | 000,001,354 | ---- | C] () -- C:\Users\Z\Desktop\CopyTrans Control Center.lnk
[2014/01/13 20:27:38 | 000,016,896 | ---- | C] () -- C:\windows\SysNative\sasnative64.exe
[2014/01/07 09:19:53 | 000,001,067 | ---- | C] () -- C:\Users\Z\Desktop\Project 64.lnk
[2013/05/11 14:30:18 | 000,000,218 | ---- | C] () -- C:\Users\Z\AppData\Local\recently-used.xbel
[2013/04/04 14:30:34 | 001,616,878 | ---- | C] () -- C:\Users\Z\Localizable.strings
[2013/03/26 08:58:26 | 000,099,384 | ---- | C] () -- C:\Users\Z\AppData\Roaming\inst.exe
[2013/03/26 08:58:26 | 000,007,859 | ---- | C] () -- C:\Users\Z\AppData\Roaming\pcouffin.cat
[2013/03/26 08:58:25 | 000,001,167 | ---- | C] () -- C:\Users\Z\AppData\Roaming\pcouffin.inf
[2013/03/10 11:56:15 | 000,073,746 | ---- | C] () -- C:\Users\Z\the doors-greatest hits SM.jpeg
[2013/01/31 11:46:23 | 000,000,135 | ---- | C] () -- C:\windows\AutoKMS.ini
[2013/01/31 08:56:38 | 733,890,560 | ---- | C] () -- C:\Users\Z\Roy Dean's BJJ Blue Belt Requirements DVD 1.avi
[2013/01/30 22:28:49 | 767,623,168 | ---- | C] () -- C:\Users\Z\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
[2012/12/04 13:02:18 | 000,004,664 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.nfo
[2012/12/03 22:13:06 | 731,793,408 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd4.avi
[2012/12/03 22:11:38 | 732,809,216 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd3.avi
[2012/12/03 22:09:39 | 733,528,064 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd2.avi
[2012/11/22 12:27:27 | 733,980,672 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd1.avi
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 

Computer is running much better now



#9 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 05 February 2014 - 06:37 AM

Hi mercenary,

it appears that you use PrivitizeVPN.
This program comes with some adware, my advice to you is: Uninstall it, if it is not really needed.
http://www.geek.com/...izevpn-1511785/

Had you earlier installed AutoKMS, which appears to be a crack for MS Office?
I'll remove some traces of it with the following script, but we can only go on helping you, if you can confirm that you've uninstalled it.

We do not approve of nor support illegal software. Cracked software is not only unethical, it's a good way to get your machine infected. Malware and virus authors love to spread their infections via cracks. I recommend you cease this activity and get rid of any cracked software.

Don't download/run keygens or cracks..Most are infected by some kind of malware.
At the least you get adware popups and junk links to junk sites. At worst -- system could be destroyed resulting in need to do total wipe/re-install & personal info such as credit card numbers/bank passwords stolen.

Crack sites are just as bad.
Simply visiting the site out of curiosity just to see if a "crack" is even available without downloading can get you infected because the sites themselves take advantage of exploitable software/OS to infect it.



Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:5C321E34
    [2014/01/15 03:21:56 | 000,000,192 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
    [2013/01/31 11:46:23 | 000,000,135 | ---- | C] () -- C:\windows\AutoKMS.ini
    
    :Commands
    [purity]
    [emptytemp]
    

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

***


Run OTL again.
  • Double click on the OTL icon to run it. Vista / Windows 7/8 users right-click and select
  • Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

    ***



    Scan with SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
    :filefind
    *AutoKMS.*
    *AutoKMS*
    
    :dir
    %userprofile% /s *AutoKMS*
    C:\Program Files (x86) /s *AutoKMS*
    C:\Program Files /s *AutoKMS*
    C:\Windows /s *AutoKMS*
    
    :regfind
    AutoKMS
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt

    ***


Graduate of the WTT Classroom
Cheers,
Jo

#10 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 05 February 2014 - 03:07 PM

I must have downloaded Privitize a long time ago because I don't remember in recent memory. I downloaded that crack some time ago because I needed the program but I found out I have safer free alternatives now like Open Office. Do I just delete Privitze off Add/Remove programs?

 

OTL Fix;

 

All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
C:\Windows\Tasks\AutoKMS.job moved successfully.
C:\Windows\AutoKMS.ini moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Aris
->Temp folder emptied: 28476540 bytes
->Temporary Internet Files folder emptied: 8223649 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1145596934 bytes
->Flash cache emptied: 32493 bytes
 
User: Aris 2
->Temp folder emptied: 102109626 bytes
->Temporary Internet Files folder emptied: 204867212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77658956 bytes
->Flash cache emptied: 651 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 62544 bytes
->Temporary Internet Files folder emptied: 55507 bytes
->FireFox cache emptied: 78894452 bytes
->Flash cache emptied: 5943 bytes
 
User: Public
 
User: Z
->Temp folder emptied: 198159176 bytes
->Temporary Internet Files folder emptied: 997876 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 76384290 bytes
->Google Chrome cache emptied: 13648282 bytes
->Flash cache emptied: 34655 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4772510 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46437664 bytes
RecycleBin emptied: 2926 bytes
 
Total Files Cleaned = 1,894.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02052014_140032

Files\Folders moved on Reboot...
C:\Users\Z\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Z\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Z\AppData\Local\Mozilla\Firefox\Profiles\3hutvwbm.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Z\AppData\Local\Mozilla\Firefox\Profiles\3hutvwbm.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Z\AppData\Local\Mozilla\Firefox\Profiles\3hutvwbm.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Z\AppData\Local\Mozilla\Firefox\Profiles\3hutvwbm.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Z\AppData\Local\Mozilla\Firefox\Profiles\3hutvwbm.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Z\AppData\Local\Mozilla\Firefox\Profiles\3hutvwbm.default\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

OTL;

 

OTL logfile created on: 2/5/2014 2:18:25 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Z\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.80 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 26.69% Memory free
3.60 Gb Paging File | 1.53 Gb Available in Paging File | 42.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 168.49 Gb Free Space | 66.30% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.84 Gb Free Space | 96.02% Space Free | Partition Type: NTFS
 
Computer Name: Z-PC | User Name: Z | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Z\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
PRC - C:\Program Files (x86)\Aqualab\namehelp\nssm.exe ()
PRC - C:\Program Files (x86)\Aqualab\namehelp\namehelp.exe ()
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (pcCMService64) -- C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (RtLedService) -- C:\Program Files\Realtek\RtLED\RtLEDService.exe (Realtek Semiconductor Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (pcCMService) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent)
SRV - (namehelp) -- C:\Program Files (x86)\Aqualab\namehelp\nssm.exe ()
SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Data Security Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe (Egis Technology Inc. )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{B2F2CD68-F538-42E9-9456-6FA113ABB119}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: flvto%40hotger.com:1.6.6
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.3.0.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/19 22:20:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/19 22:20:01 | 000,000,000 | ---D | M]
 
[2012/07/22 20:43:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Extensions
[2014/02/04 16:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions
[2012/12/28 14:13:23 | 000,005,886 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\flvto@hotger.com.xpi
[2014/02/04 16:14:56 | 000,943,976 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\stefanvandamme@stefanvd.net.xpi
[2014/01/16 17:30:25 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/03 07:44:17 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/04/03 21:16:41 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/11/17 23:45:46 | 000,000,915 | ---- | M] () -- C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\searchplugins\yahoo.xml
[2013/12/19 22:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/19 22:20:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - Extension: Google Docs = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5474319E-5E89-4812-BF29-FC0769CD3B2C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71F9B489-C336-43D3-B15F-BA956CEC6109}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/05 14:00:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/04 22:21:39 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/02/04 15:48:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/04 13:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/04 13:26:35 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/04 13:24:57 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/02/04 13:24:13 | 000,000,000 | ---D | C] -- C:\Users\Z\Desktop\mbar
[2014/02/02 15:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/02 15:20:33 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\SUPERAntiSpyware.com
[2014/02/02 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Local\Google
[2014/02/02 15:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/02 15:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/02/02 15:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/02/02 15:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/01 16:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2014/02/01 16:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2014/02/01 16:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2014/02/01 16:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2014/02/01 16:05:28 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\PowerISO
[2014/02/01 16:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/02/01 16:00:23 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\windows\SysNative\drivers\scdemu.sys
[2014/02/01 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2014/01/21 22:26:59 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/01/15 17:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/15 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/15 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/15 17:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/15 17:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/15 17:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/15 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/01/15 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/15 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/15 17:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/01/15 02:19:03 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2014/01/15 02:19:03 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2014/01/15 02:19:01 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2014/01/14 15:07:04 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2014/01/14 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Z\AppData\Roaming\WindSolutions
[2014/01/14 15:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2014/01/14 14:08:47 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2014/01/14 08:07:01 | 000,000,000 | ---D | C] -- C:\Users\Z\Documents\Freemake
[2014/01/14 07:54:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/01/12 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\Z\Desktop\965TOGQJ
[2014/01/10 10:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/01/10 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2014/01/10 10:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/01/10 10:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/03/26 08:58:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Z\AppData\Roaming\pcouffin.sys
[2012/09/16 17:56:02 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Z\Setup.exe
[1 C:\Users\Z\Documents\*.tmp files -> C:\Users\Z\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/05 14:20:06 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/05 14:20:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/05 14:12:48 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/05 14:12:32 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2014/02/05 14:12:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/02/05 14:12:17 | 1450,582,016 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/05 13:51:27 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/05 07:22:17 | 000,000,502 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
[2014/02/05 04:46:31 | 000,000,502 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
[2014/02/04 13:26:35 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/04 13:24:57 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/02/03 17:50:30 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/02 15:57:19 | 000,002,279 | ---- | M] () -- C:\Users\Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 15:20:22 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/02/01 16:09:23 | 000,002,571 | ---- | M] () -- C:\Users\Z\Desktop\Rosetta Stone Version 3.lnk
[2014/02/01 16:01:39 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/01/28 18:14:42 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/28 18:14:42 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/28 18:14:42 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/21 22:26:52 | 266,548,433 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/01/15 17:41:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/15 03:21:56 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 03:21:47 | 000,430,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/14 15:07:05 | 000,001,354 | ---- | M] () -- C:\Users\Z\Desktop\CopyTrans Control Center.lnk
[2014/01/07 09:19:53 | 000,001,067 | ---- | M] () -- C:\Users\Z\Desktop\Project 64.lnk
[1 C:\Users\Z\Documents\*.tmp files -> C:\Users\Z\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/02 15:23:55 | 000,002,279 | ---- | C] () -- C:\Users\Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 15:23:55 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/02 15:20:45 | 000,000,502 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
[2014/02/02 15:20:43 | 000,000,888 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/02 15:20:43 | 000,000,502 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
[2014/02/02 15:20:37 | 000,000,884 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 15:20:22 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/02/01 16:09:23 | 000,002,571 | ---- | C] () -- C:\Users\Z\Desktop\Rosetta Stone Version 3.lnk
[2014/02/01 16:01:39 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/01/21 22:26:52 | 266,548,433 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/01/15 17:41:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/15 17:05:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/14 15:07:05 | 000,001,354 | ---- | C] () -- C:\Users\Z\Desktop\CopyTrans Control Center.lnk
[2014/01/13 20:27:38 | 000,016,896 | ---- | C] () -- C:\windows\SysNative\sasnative64.exe
[2014/01/07 09:19:53 | 000,001,067 | ---- | C] () -- C:\Users\Z\Desktop\Project 64.lnk
[2013/05/11 14:30:18 | 000,000,218 | ---- | C] () -- C:\Users\Z\AppData\Local\recently-used.xbel
[2013/04/04 14:30:34 | 001,616,878 | ---- | C] () -- C:\Users\Z\Localizable.strings
[2013/03/26 08:58:26 | 000,099,384 | ---- | C] () -- C:\Users\Z\AppData\Roaming\inst.exe
[2013/03/26 08:58:26 | 000,007,859 | ---- | C] () -- C:\Users\Z\AppData\Roaming\pcouffin.cat
[2013/03/26 08:58:25 | 000,001,167 | ---- | C] () -- C:\Users\Z\AppData\Roaming\pcouffin.inf
[2013/03/10 11:56:15 | 000,073,746 | ---- | C] () -- C:\Users\Z\the doors-greatest hits SM.jpeg
[2013/01/31 08:56:38 | 733,890,560 | ---- | C] () -- C:\Users\Z\Roy Dean's BJJ Blue Belt Requirements DVD 1.avi
[2013/01/30 22:28:49 | 767,623,168 | ---- | C] () -- C:\Users\Z\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso
[2012/12/04 13:02:18 | 000,004,664 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.nfo
[2012/12/03 22:13:06 | 731,793,408 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd4.avi
[2012/12/03 22:11:38 | 732,809,216 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd3.avi
[2012/12/03 22:09:39 | 733,528,064 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd2.avi
[2012/11/22 12:27:27 | 733,980,672 | ---- | C] () -- C:\Users\Z\pablo.popovitch.nogi.exposed.cd1.avi
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

 


    Advertisements

Register to Remove


#11 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 05 February 2014 - 03:18 PM

I'm sorry but posting the contents of the SystemLook log freezes my browser for some reason. I tried it 3 times and I had to shut down Firefox through Task Manager because it was unresponsive. I even tried to post it separately on a second post a 4th time but it was the same thing. Seems kind of strange to me.



#12 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 05 February 2014 - 03:31 PM

Hi mercenary,

you can add the SystemLook.txt as an attachment.
If you edit your answer, use the "More Reply Options" button. After doing this, at the bottom there appear buttons to attach files.
Navigate to this file and upload it.

 

Do I just delete Privitze off Add/Remove programs?

Not delete > uninstall it:
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select a program you want to uninstall, and then click Uninstall.
 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs



***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Graduate of the WTT Classroom
Cheers,
Jo

#13 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 05 February 2014 - 05:58 PM

So I tried the attachment way but apparently the file is 40.2 MB big. And I know this is the correct one because when I open it it's the log itself, nothing else. It surprises me a .txt file can be this big. I followed all the instructions so I don't know why this is giving me a hard time.

 

ComboFix on the other hand ran smoothly;

 

ComboFix 14-02-05.02 - Z 02/05/2014  15:49:31.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1845.471 [GMT -6:00]
Running from: c:\users\Z\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Z\AppData\Roaming\inst.exe
c:\users\Z\Documents\~ytCE4C.tmp
c:\windows\s.bat
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-05 to 2014-02-05  )))))))))))))))))))))))))))))))
.
.
2014-02-05 22:00 . 2014-02-05 22:00    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-02-05 22:00 . 2014-02-05 22:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-05 20:00 . 2014-02-05 20:00    --------    d-----w-    C:\_OTL
2014-02-05 04:21 . 2014-02-05 04:21    --------    d-----w-    c:\windows\ERUNT
2014-02-04 21:48 . 2014-02-04 22:12    --------    d-----w-    C:\AdwCleaner
2014-02-04 19:26 . 2014-02-04 19:53    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-04 19:26 . 2014-02-04 19:26    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-04 19:24 . 2014-02-04 19:24    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-04 09:13 . 2014-02-05 21:59    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{46C9EBE6-3C61-44EC-A56A-D622477D04F6}\offreg.dll
2014-02-04 09:08 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{46C9EBE6-3C61-44EC-A56A-D622477D04F6}\mpengine.dll
2014-02-02 21:20 . 2014-02-02 21:20    --------    d-----w-    c:\users\Z\AppData\Roaming\SUPERAntiSpyware.com
2014-02-02 21:20 . 2014-02-02 21:24    --------    d-----w-    c:\users\Z\AppData\Local\Google
2014-02-02 21:20 . 2014-02-02 21:24    --------    d-----w-    c:\program files (x86)\Google
2014-02-02 21:20 . 2014-02-02 21:20    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-02-02 21:20 . 2014-02-02 21:20    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2014-02-01 22:09 . 2014-02-01 22:09    --------    d-----w-    c:\program files (x86)\Common Files\Macrovision Shared
2014-02-01 22:08 . 2014-02-01 22:08    --------    d-----w-    c:\program files (x86)\Rosetta Stone
2014-02-01 22:08 . 2014-02-04 02:07    --------    d-----w-    c:\programdata\Rosetta Stone
2014-02-01 22:05 . 2014-02-01 22:05    --------    d-----w-    c:\users\Z\AppData\Roaming\PowerISO
2014-02-01 22:00 . 2014-02-01 22:01    --------    d-----w-    c:\program files (x86)\PowerISO
2014-02-01 22:00 . 2013-10-23 14:11    129944    ----a-w-    c:\windows\system32\drivers\scdemu.sys
2014-01-15 23:40 . 2014-01-15 23:40    --------    d-----w-    c:\program files\iPod
2014-01-15 23:40 . 2014-01-15 23:41    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-15 23:40 . 2014-01-15 23:41    --------    d-----w-    c:\program files (x86)\iTunes
2014-01-15 23:40 . 2014-01-15 23:41    --------    d-----w-    c:\program files\iTunes
2014-01-15 23:05 . 2014-01-15 23:05    --------    d-----w-    c:\program files (x86)\Apple Software Update
2014-01-15 23:04 . 2014-01-15 23:04    --------    d-----w-    c:\program files\Common Files\Apple
2014-01-15 23:04 . 2014-01-15 23:04    --------    d-----w-    c:\program files\Bonjour
2014-01-15 23:04 . 2014-01-15 23:04    --------    d-----w-    c:\program files (x86)\Bonjour
2014-01-15 23:04 . 2014-01-15 23:40    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2014-01-15 08:19 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 08:19 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 08:19 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 08:19 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 08:19 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 08:19 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 08:19 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 08:19 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-15 08:19 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-14 21:05 . 2014-01-14 21:15    --------    d-----w-    c:\users\Z\AppData\Roaming\WindSolutions
2014-01-14 21:05 . 2014-01-14 21:10    --------    d-----w-    c:\programdata\WindSolutions
2014-01-14 20:08 . 2012-08-21 19:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2014-01-14 02:27 . 2012-07-25 18:03    16896    ----a-w-    c:\windows\system32\sasnative64.exe
2014-01-14 01:46 . 2014-01-14 01:48    --------    d-----w-    c:\users\Aris 2
2014-01-10 16:20 . 2014-01-14 14:00    --------    d-----w-    c:\program files (x86)\BlueStacks
2014-01-10 16:19 . 2014-01-10 16:20    --------    d-----w-    c:\programdata\BlueStacks
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 12:13 . 2012-07-23 03:00    270496    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-11 10:44 . 2012-07-23 04:40    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 10:44 . 2012-07-23 04:40    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26 . 2013-12-11 13:24    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 13:24    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-11 13:24    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 13:24    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"VitaKeyTSR"="c:\program files (x86)\EgisTec BioExcess\EgisTSR.exe" [2010-05-28 376176]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-03-14 3122528]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-03-02 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2013-02-08 196784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-10-23 337432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 EgisTec Data Security Service;EgisTec Data Security Service;c:\program files (x86)\EgisTec BioExcess\EgisDSService.exe;c:\program files (x86)\EgisTec BioExcess\EgisDSService.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 namehelp;namehelp;c:\program files (x86)\Aqualab\namehelp\nssm.exe;c:\program files (x86)\Aqualab\namehelp\nssm.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe;c:\program files\Realtek\RtLED\RtLEDService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-03 23:44    1211720    ----a-w-    c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 10:44]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 21:20]
.
2014-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 21:20]
.
2014-02-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 43c95507-6eb6-4e1f-bdfe-ee76624bd54c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-02-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 87e12a3c-de15-40b6-a694-38fb9f0dbc8a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-03-14 19:14    1502720    ----a-w-    c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-09 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-09 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-09 415256]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with ImTOO iPhone Transfer Platinum - c:\program files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\3hutvwbm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-BitLord - c:\program files (x86)\BitLord 2\Bitlord-uninst.exe
AddRemove-ImTOO iPod Manager - c:\program files (x86)\ImTOO\iPod Computer Transfer\Uninstall.exe
AddRemove-Search Protection - c:\users\Z\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Aqualab\namehelp\namehelp.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2014-02-05  16:51:19 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-05 22:51
.
Pre-Run: 181,331,722,240 bytes free
Post-Run: 180,943,949,824 bytes free
.
- - End Of File - - 79D938931BE59057D890FE88A016234B
 

 

thanks for your patience Jo.



#14 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 06 February 2014 - 02:38 AM

Hi mercenary,

sorry my mistake. Something was wrong with my script.

Let's try this:
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following code box into the main textfield:
:filefind
AutoKMS*
PrivitizeVPN*

:regfind
AutoKMS
PrivitizeVPN
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



***


n3uobiT.jpg Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

***


Graduate of the WTT Classroom
Cheers,
Jo

#15 mercenary

mercenary

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 06 February 2014 - 09:15 AM

It's all good

 

SystemLook;

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:07 on 06/02/2014 by Z
Administrator - Elevation successful

========== filefind ==========

Searching for "AutoKMS*"
C:\Windows\System32\Tasks\AutoKMS    --a---- 2426 bytes    [17:46 31/01/2013]    [13:55 14/01/2014] B2BC231CDE08697786871C0846C08FB5
C:\_OTL\MovedFiles\02052014_140032\C_Windows\AutoKMS.ini    --a---- 135 bytes    [17:46 31/01/2013]    [17:46 31/01/2013] 48A77273E8C545DCB70EEE3866CD2123
C:\_OTL\MovedFiles\02052014_140032\C_Windows\Tasks\AutoKMS.job    --a---- 192 bytes    [17:46 31/01/2013]    [09:21 15/01/2014] 2C6E1DBBE76805DE040F2E1A3EF1BB35

Searching for "PrivitizeVPN*"
C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe    --a---- 196784 bytes    [19:56 08/02/2013]    [19:56 08/02/2013] 430739F114507DD2EA78D180A34FF9F3
C:\Users\Z\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN\PrivitizeVPN.lnk    --a---- 1175 bytes    [19:56 08/02/2013]    [19:56 08/02/2013] C391B2BC4D19AD03F2C13FF12B752642

========== regfind ==========

Searching for "AutoKMS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A99D13A-16E4-46A5-8EBE-F27CFA950FD7}]
"Path"="\AutoKMS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS]

Searching for "PrivitizeVPN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PrivitizeVPN"="C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PrivitizeVPN]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PrivitizeVPN]
"DisplayName"="PrivitizeVPN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PrivitizeVPN]
"DisplayIcon"="C:\Program Files (x86)\PrivitizeVPN\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PrivitizeVPN]
"UninstallString"="C:\Program Files (x86)\PrivitizeVPN\uninstall.exe /vpn"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PrivitizeVPN]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PrivitizeVPN]
"Path"="C:\Program Files (x86)\PrivitizeVPN"

-= EOF =-

 

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\adwcleaner\quarantine\c\users\z\documents\bitlord\imtoo ipod computer transfer 5.2.0 build-20120302 {blaze69}\crack\imfc0.dll.vir
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\programdata\bluestacks\userdata\inputmapper\com.fluik.plumbercrack.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsands.cfg
c:\programdata\bluestacks\userdata\inputmapper\com.polarbit.crackingsandsads.cfg
c:\users\z\documents\utorrent\convertxtodvd v5.0.0.31 + crack [chattchitto rg]\chattchitto rg.nfo
c:\users\z\documents\utorrent\convertxtodvd v5.0.0.31 + crack [chattchitto rg]\chattchitto rg.url
c:\users\z\documents\utorrent\convertxtodvd v5.0.0.31 + crack [chattchitto rg]\convertxtodvd v5.0.0.31 + crack [chattchitto rg].exe
c:\users\z\downloads\flstudio_10.0_crack.exe
c:\users\z\downloads\mirc_v7.22_+_crack-serials_[chattchitto_rg]_secure.exe
c:\users\z\downloads\mirc.v7.32.cracked-eat\eat.nfo
c:\users\z\downloads\mirc.v7.32.cracked-eat\eatmr732.zip
c:\users\z\downloads\mirc.v7.32.cracked-eat\file_id.diz
c:\users\z\downloads\mirc.v7.32.cracked-eat\eatmr732\eat.nfo
c:\users\z\downloads\mirc.v7.32.cracked-eat\eatmr732\eatmr732.rar
c:\users\z\downloads\mirc.v7.32.cracked-eat\eatmr732\file_id.diz
c:\users\z\downloads\rosetta stone 3.4.5\crack\readme.txt
c:\users\z\downloads\rosetta stone 3.4.5\crack\mac\mdm.dat
c:\users\z\downloads\rosetta stone 3.4.5\crack\win\rosettastoneversion3.exe
c:\users\z\mirc v7.27 cracked-eat\eat.nfo
c:\users\z\mirc v7.27 cracked-eat\file_id.diz
c:\users\z\mirc v7.27 cracked-eat\mirc727.exe
c:\users\z\mirc v7.27 cracked-eat\crack\mirc.exe
c:\users\z\mirc v7.27 cracked-eat\crack\mirc.reg
c:\users\z\mirc v7.27 cracked-eat\crack\mirc.txt
c:\users\z\mirc v7.27 cracked-eat\other\torrent downloaded from ahashare.com.txt
c:\users\z\mirc v7.27 cracked-eat\other\torrent downloaded from demonoid.me.txt
c:\users\z\mirc v7.27 cracked-eat\other\torrent downloaded from digtorrent.org.txt
c:\users\z\mirc v7.27 cracked-eat\other\torrent downloaded from extratorrent.com.txt
c:\users\z\mirc v7.27 cracked-eat\other\torrent downloaded from torrentmafia.org.txt
c:\users\z\virtual dj v7.0 pro + crack [chattchitto rg]\chattchitto rg.nfo
c:\users\z\virtual dj v7.0 pro + crack [chattchitto rg]\chattchitto rg.url
c:\users\z\virtual dj v7.0 pro + crack [chattchitto rg]\virtual dj v7.0 pro + crack [chattchitto rg].exe
scanner sequence 3.ZZ.11.FTAPLZ
 ----- EOF -----
 


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users