Mini Spy

Loading...

Latest Threads

Loading...
 
  1. Before you start!
    All given instructions in this forum are customized for each help request, the tools used may cause damage if used on a computer with different infections. If you think you have similar issues, please post the appropriate logs in our Malware Removal Assistance forum and wait for help.

    Please be aware that removing Malware is a potentially hazardous undertaking. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    We strongly advise you to backup any personal files and folders before you start.
  2. HitmanPro CHRISTMAS GIVEAWAY: REVO UNINSTALLER PRO GIVEAWAY

    Get a free license key for Revo Uninstaller Pro. We are giving away free Revo Uninstaller Pro keys for our awesome members!

    (LIVE) Get now a Revo Uninstaller Pro license key!

Long Startup with a Grey screen with 8 blue bars on top and also BSOD Attack!

Discussion in 'Malware Removal Assistance' started by Aaron8, Mar 28, 2013.

?

How can I optimize my computer to prevent any further problems?

  1. Should I backup my files?

    100.0%
  2. Is it unsafe to use an unsecure Wifi connection?

    50.0%
Multiple votes are allowed.
  1. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    OTL logfile created on: 3/27/2013 11:38:24 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads\Programs
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16521)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.60 Gb Total Physical Memory | 0.38 Gb Available Physical Memory | 23.55% Memory free
    3.69 Gb Paging File | 1.06 Gb Available in Paging File | 28.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 209.33 Gb Total Space | 153.18 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
    Drive D: | 19.39 Gb Total Space | 2.10 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32

    Computer Name: MICOMLAPTOP | User Name: owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/27 23:34:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\Programs\OTL.exe
    PRC - [2013/03/27 20:30:06 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/03/22 08:06:12 | 004,445,912 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
    PRC - [2013/03/22 08:06:10 | 000,303,344 | ---- | M] (Steganos Software GmbH) -- C:\Program Files (x86)\OkayFreedom\VPNService.exe
    PRC - [2013/03/22 03:37:18 | 003,573,624 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    PRC - [2013/03/18 10:11:42 | 007,161,208 | ---- | M] (Innovative Solutions) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
    PRC - [2013/03/13 22:52:32 | 000,939,920 | ---- | M] (FlashPeak Inc.) -- C:\Program Files (x86)\SlimBrowser\SBRender.exe
    PRC - [2013/03/13 22:52:30 | 004,163,472 | ---- | M] (FlashPeak Inc.) -- C:\Program Files (x86)\SlimBrowser\sbframe.exe
    PRC - [2013/03/10 19:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2013/02/22 20:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    PRC - [2013/02/22 20:33:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    PRC - [2013/02/22 20:32:54 | 000,321,320 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
    PRC - [2013/02/22 20:31:52 | 001,278,760 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
    PRC - [2013/02/22 20:31:02 | 000,535,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\FBW.exe
    PRC - [2013/02/22 20:30:20 | 000,289,576 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\FBWMgr.exe
    PRC - [2013/02/22 20:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
    PRC - [2013/02/21 20:04:48 | 000,598,312 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
    PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2013/02/02 14:14:18 | 001,635,824 | ---- | M] (Insoft LLC) -- C:\Program Files (x86)\Adguard\Adguard.exe
    PRC - [2013/01/16 14:47:30 | 000,026,456 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
    PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/12 08:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    PRC - [2012/10/20 16:45:53 | 000,963,984 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2012/02/24 08:37:30 | 002,363,720 | ---- | M] (Bootstrap Development, LLC.) -- C:\Program Files (x86)\DriverHive\DriverHiveTray.exe
    PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/10/06 22:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/09/29 14:33:42 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    PRC - [2011/08/19 16:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2010/12/27 18:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2006/06/27 06:34:50 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
    PRC - [2006/06/20 12:37:42 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/26 02:05:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
    MOD - [2013/03/26 02:04:23 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
    MOD - [2013/03/26 02:04:13 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
    MOD - [2013/03/26 02:03:54 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
    MOD - [2013/03/26 02:03:45 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
    MOD - [2013/03/26 02:03:41 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
    MOD - [2013/03/26 02:03:40 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
    MOD - [2013/03/26 02:03:19 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
    MOD - [2013/03/26 02:03:14 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
    MOD - [2013/03/26 02:03:11 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
    MOD - [2013/03/26 02:02:57 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
    MOD - [2013/03/26 01:56:36 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
    MOD - [2013/03/10 19:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
    MOD - [2013/03/10 19:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
    MOD - [2013/03/10 19:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
    MOD - [2013/03/10 19:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
    MOD - [2013/03/10 19:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
    MOD - [2013/03/10 19:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
    MOD - [2013/03/06 15:37:16 | 000,009,088 | ---- | M] () -- C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
    MOD - [2013/02/27 08:21:50 | 000,947,832 | ---- | M] () -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll
    MOD - [2013/02/22 20:30:20 | 000,289,576 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\FBWMgr.exe
    MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2013/01/24 06:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\BrowseToSave\sprotector.dll
    MOD - [2013/01/21 10:22:16 | 000,071,152 | ---- | M] () -- C:\Program Files (x86)\Adguard\libs\redirectapi.dll
    MOD - [2013/01/21 10:22:08 | 000,115,184 | ---- | M] () -- C:\Windows\SysWOW64\redirect\redirect.dll
    MOD - [2013/01/21 10:22:08 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\Adguard\libs\inststlib.dll
    MOD - [2012/11/25 00:54:58 | 000,088,496 | ---- | M] () -- C:\Program Files (x86)\SlimBrowser\EasyHook32.dll
    MOD - [2012/09/03 20:26:56 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\Adguard\System.Data.SQLite.dll
    MOD - [2010/11/20 22:24:09 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2006/07/11 17:42:54 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\DLCQcfg.dll
    MOD - [2006/06/27 06:34:50 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe
    MOD - [2006/06/20 12:37:42 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe
    MOD - [2006/06/20 12:37:08 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqscw.dll
    MOD - [2006/06/09 01:39:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqdrec.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/02/27 08:22:04 | 001,097,848 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe -- (SBUpd)
    SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/07/06 02:08:26 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/07/05 14:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2006/07/13 17:06:18 | 000,546,304 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcqcoms.exe -- (dlcq_device)
    SRV - [2013/03/22 08:06:10 | 000,303,344 | ---- | M] (Steganos Software GmbH) [Auto | Running] -- C:\Program Files (x86)\OkayFreedom\VPNService.exe -- (OkayFreedom VPN Starter Service)
    SRV - [2013/03/18 16:25:30 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
    SRV - [2013/03/12 15:52:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/22 20:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
    SRV - [2013/02/22 20:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2013/02/22 20:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
    SRV - [2013/02/21 20:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
    SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2010/12/27 18:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2006/07/13 16:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlcqcoms.exe -- (dlcq_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/02/27 08:22:06 | 000,040,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys -- (SBUpdd)
    DRV:64bit: - [2013/02/21 20:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
    DRV:64bit: - [2013/02/21 20:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
    DRV:64bit: - [2013/02/08 09:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/11/21 19:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
    DRV:64bit: - [2012/09/14 22:29:16 | 001,981,536 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/14 15:11:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/14 15:11:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/08/19 14:29:32 | 000,391,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/07/06 02:50:28 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/07/06 01:32:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/04/16 05:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/04/16 05:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2011/03/05 02:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/02/15 13:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2010/12/16 14:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/12/02 23:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2009/12/02 23:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2009/12/02 23:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2009/12/02 23:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=D3NaWIT8&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{E013223C-F895-4638-ADCC-49CE1783BE0A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
    IE - HKLM\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=D3NaWIT8&q={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
    IE - HKLM\..\SearchScopes\{E013223C-F895-4638-ADCC-49CE1783BE0A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119351&babsrc=SP_ss&mntrId=449100FF98C1B299
    IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
    IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://go.speedbit.com/search.aspx?s=D3NaWIT8&q={searchTerms}
    IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte-fa-binst/search/redirect/?type=default&user_id=37d0bff9-9820-4053-afe7-c64f44505b3a&query={searchTerms}
    IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
    IE - HKCU\..\SearchScopes\{E013223C-F895-4638-ADCC-49CE1783BE0A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files (x86)\DAP\daplinkchecker [2013/03/22 22:27:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedtestanalysis@SpeedAnalysis.com: C:\Users\owner\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013/03/24 18:02:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{829AD732-F3DB-4011-81C4-135F2FB05D8E}: C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt\ [2013/03/24 18:20:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\infoatoms@infoatoms.com: C:\Program Files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com [2013/03/25 00:36:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/27 21:29:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 19.0.2\extensions\\Components: C:\Program Files (x86)\Pale Moon\components [2013/03/27 22:44:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Pale Moon\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtestanalysis@SpeedAnalysis.com: C:\Users\owner\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013/03/24 18:02:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{829AD732-F3DB-4011-81C4-135F2FB05D8E}: C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt\ [2013/03/24 18:20:21 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\owner\AppData\Roaming\IDM\idmmzcc5 [2013/03/23 01:58:32 | 000,000,000 | ---D | M]

    [2013/03/22 02:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
    [2013/03/24 18:02:19 | 000,000,000 | ---D | M] (Speed Test Analysis) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com
    [2013/03/21 17:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/03/25 00:36:05 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com

    ========== Chrome ==========

    CHR - homepage:
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.9_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij\3.0.0_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij\3.0.0_0\.svn\text-base\.svn-base
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.6_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb\1.0.0.0_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.2504_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkkkihhgkhmbdplelgdhbfhfohchlhgh\1.1_0\
    CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\owner\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\owner\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
    O2 - BHO: (Wondershare Allmytube) - {1373BA72-5012-496e-9F72-7A426DCF78BB} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
    O2 - BHO: (Bruowse2saavee) - {1F62CBE8-BF4F-660A-7F51-358ED5287B3F} - C:\ProgramData\Bruowse2saavee\514d1e58b1346.dll ()
    O2 - BHO: (Speed Test Analysis) - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (GetSavin 5.0) - {BF29304C-A03A-4CB7-9A2A-C0D6990DC979} - C:\Users\owner\AppData\Local\getsavin\ie\getsavin_1364189401.dll ()
    O2 - BHO: (EbyookBBRRowse) - {C0B5F628-527B-51A7-5458-4D2566582E32} - C:\ProgramData\EbyookBBRRowse\514d1eb79351b.dll ()
    O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
    O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
    O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [dlcqmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe ()
    O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [DriverHiveTray] C:\Program Files (x86)\DriverHive\DriverHiveTray.exe (Bootstrap Development, LLC.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [Adguard] C:\Program Files (x86)\Adguard\Adguard.exe (Insoft LLC)
    O4 - HKCU..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
    O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
    O4 - HKCU..\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [OKAYFREEDOM_Agent] C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe (Steganos Software GmbH)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysWOW64\redirect\redirect64.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\redirect\redirect.dll ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6599D257-9F37-4C22-B73E-BBF22E58544B}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98C1B299-4D80-4243-B0D3-507F42AA284D}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A578AF8D-9F5C-47F2-A21F-372D1634E8E8}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D25EFF4A-D92A-47EF-B32D-83E92F162CE9}: DhcpNameServer = 8.8.8.8
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/27 22:47:27 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Moonchild Productions
    [2013/03/27 22:47:27 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Moonchild Productions
    [2013/03/27 22:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pale Moon
    [2013/03/27 21:38:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\DDMSettings
    [2013/03/27 21:28:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DivX
    [2013/03/27 21:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
    [2013/03/27 21:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2013/03/27 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
    [2013/03/27 21:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
    [2013/03/27 21:01:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Uniblue
    [2013/03/27 21:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
    [2013/03/27 20:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
    [2013/03/27 20:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2013/03/27 20:25:30 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Steganos VPN
    [2013/03/27 20:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
    [2013/03/27 20:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos
    [2013/03/27 20:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OkayFreedom
    [2013/03/27 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Steganos
    [2013/03/27 20:03:13 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\MaskMyIP
    [2013/03/27 20:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MaskMyIP
    [2013/03/27 20:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mask My IP
    [2013/03/27 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MaskMyIP
    [2013/03/27 16:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2013/03/27 15:33:55 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Innovative Solutions
    [2013/03/27 15:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
    [2013/03/27 15:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
    [2013/03/27 15:09:52 | 001,981,536 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
    [2013/03/27 15:06:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\BSD
    [2013/03/27 15:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BSD
    [2013/03/27 15:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverHive
    [2013/03/27 15:05:12 | 002,226,176 | ---- | C] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
    [2013/03/27 15:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverHive
    [2013/03/27 03:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diswy
    [2013/03/26 03:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Diswy
    [2013/03/26 01:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2013/03/26 01:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/03/26 01:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/03/26 01:55:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2013/03/25 22:58:31 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/03/25 19:11:18 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Soulseek Chat Logs
    [2013/03/25 18:28:58 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoulseekQt
    [2013/03/25 18:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoulseekQt
    [2013/03/25 18:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\383E0
    [2013/03/25 18:17:28 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\BearShare
    [2013/03/25 18:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\39238
    [2013/03/25 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare
    [2013/03/25 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BearShare
    [2013/03/25 18:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications
    [2013/03/25 18:09:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E126B434-06DC-448E-8D40-9D498BE72122}
    [2013/03/25 18:01:52 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\FFP
    [2013/03/25 17:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
    [2013/03/25 17:48:33 | 000,893,560 | ---- | C] (Complitly ) -- C:\Program Files (x86)\Common Files\AutoCompletePro.exe
    [2013/03/25 17:45:34 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    [2013/03/25 17:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
    [2013/03/25 16:34:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Free Registry Tuner
    [2013/03/25 16:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricePeep
    [2013/03/25 16:15:18 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Free Windows Tuner
    [2013/03/25 16:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Windows Tuner
    [2013/03/25 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Windows Tuner
    [2013/03/25 16:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Tuner
    [2013/03/25 16:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Registry Tuner
    [2013/03/25 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Bigasoft YouTube Downloader Pro
    [2013/03/25 03:04:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2013/03/25 03:04:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2013/03/25 03:04:11 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2013/03/25 03:04:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2013/03/25 03:03:32 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
    [2013/03/25 03:03:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
    [2013/03/25 03:03:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
    [2013/03/25 03:03:28 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
    [2013/03/25 03:03:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
    [2013/03/25 03:03:00 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
    [2013/03/25 03:02:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2013/03/25 00:56:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
    [2013/03/25 00:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bigasoft
    [2013/03/24 23:55:25 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\vlc
    [2013/03/24 23:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2013/03/24 23:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2013/03/24 23:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
    [2013/03/24 23:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDex
    [2013/03/24 19:16:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\MyTurboPC.com
    [2013/03/24 19:16:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DriverCure
    [2013/03/24 19:16:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
    [2013/03/24 19:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MyTurboPC.com
    [2013/03/24 19:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
    [2013/03/24 19:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTurboPC.com
    [2013/03/24 18:56:37 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
    [2013/03/24 18:56:37 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2013/03/24 18:56:37 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2013/03/24 18:56:21 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2013/03/24 18:56:20 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2013/03/24 18:56:20 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2013/03/24 18:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2013/03/24 18:38:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\FastYTD
    [2013/03/24 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Wondershare
    [2013/03/24 18:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
    [2013/03/24 18:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    [2013/03/24 18:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare AllMyTube
    [2013/03/24 18:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare Application Common Data
    [2013/03/24 18:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
    [2013/03/24 18:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast YTD
    [2013/03/24 18:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareAdda.com
    [2013/03/24 17:59:29 | 000,522,363 | ---- | C] (SoftwareAdda.com ) -- C:\Users\owner\Desktop\FastYTDSetupSoftonic.exe
    [2013/03/24 17:54:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Tomabo
    [2013/03/23 21:40:30 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\MediaMonkey
    [2013/03/23 21:38:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\MediaMonkey
    [2013/03/23 21:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
    [2013/03/23 21:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
    [2013/03/23 21:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
    [2013/03/23 02:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap
    [2013/03/23 02:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants Vs. Zombies
    [2013/03/23 01:58:21 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\IDM
    [2013/03/23 01:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
    [2013/03/23 01:58:20 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DMCache
    [2013/03/23 01:58:03 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2013/03/23 01:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2013/03/23 01:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
    [2013/03/22 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP
    [2013/03/22 22:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
    [2013/03/22 22:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
    [2013/03/22 22:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbyookBBRRowse
    [2013/03/22 22:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
    [2013/03/22 22:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\EbyookBBRRowse
    [2013/03/22 22:18:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
    [2013/03/22 22:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bruowse2saavee
    [2013/03/22 22:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Bruowse2saavee
    [2013/03/22 22:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2013/03/22 16:05:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
    [2013/03/22 15:54:53 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/03/22 15:54:52 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/03/22 15:54:51 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/03/22 15:54:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/03/22 15:54:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/03/22 15:54:50 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/03/22 15:54:49 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/03/22 15:54:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/03/22 15:54:48 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/03/22 15:54:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/03/22 15:54:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/03/22 15:54:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/03/22 15:54:46 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/03/22 15:54:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2013/03/22 15:54:46 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/03/22 15:54:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/03/22 15:54:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/03/22 15:54:46 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/03/22 15:54:46 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/03/22 15:54:46 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/03/22 15:54:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/03/22 15:54:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/03/22 15:54:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/03/22 15:54:46 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/03/22 15:54:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/03/22 15:54:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/03/22 15:54:46 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/03/22 15:54:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/03/22 15:54:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/03/22 15:54:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/03/22 15:54:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/03/22 15:54:45 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/03/22 15:54:45 | 001,509,376 | ---- | C] (Microsoft Corporation
     

    Attached Files:

  2. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Hi and welcome to MalwareTips! :)

    I'm Fiery and I would gladly assist you in removing the malware on your computer.

    Before we start:
    • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
    • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
    • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
    • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
    • The absence of symptoms does not mean your PC is fully disinfected.
    • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
    • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

    [hr]

    Can you attach the OTL log as well? Just like you did for the aswMBR.txt. The OTL is too long to fit into one post :)
     
  3. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    Thanks, Fiery, that's a quick response! How do I add the OTL attachment?
     
  4. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Click "new reply" and scroll down to the attachment section. Choose the file then press add attachment to upload the file :)
     
  5. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    Added.
     

    Attached Files:

    • OTL.Txt
      File size:
      300.3 KB
      Views:
      66
  6. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Your PC is severely infected. The OTL fix will hopefully get your PC back online for now but there are still a lot of files we have to remove.

    Step 1: Open OTL. Under custom scan/fixes, copy and paste the following:

    Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

    Step 2:, Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
    • Click delete
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt

    Step 3: Please download Junkware Removal Tool to your desktop from here
    • Turn off your antivirus software now to avoid potential conflicts
    • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
    • The tool will open and start scanning your system
    • Please be patient as this can take a while to complete depending on your system's specifications
    • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
    • Post the contents of JRT.txt into your next reply

    Step 4:

    Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select Run as Administrator to start
    • Wait until Prescan has finished, then click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • Click delete and wait until it saids deleting finished
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
      Exit/Close RogueKiller+
     
  7. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    I tried the first step and once the OTL program got to processing the Delta Toolbar it froze and said Not Responding.
     
  8. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    AdwCleaner attachment file.
     

    Attached Files:

  9. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    The JRT was not compatible with my computer. Mine is a Windows 7 PC 64-Bit Home Premium.
     
  10. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    Bleeping Computer's 7-Zip folder was corrupted, it wouldn't run the JRT.
     
  11. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Download Farbar Recovery Scan Tool from the below link:
    <ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

    <li>Plug the flashdrive into the infected PC.</li>

    <li>Enter <>System Recovery Options</>.</li>

    <>To enter System Recovery Options from the Advanced Boot Options:</>
    <ul>
    <li>Restart the computer.</li>
    <li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
    <li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
    <li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
    <li>Select the operating system you want to repair, and then click <>Next</>.</li>
    <li>Select your user account an click <>Next</>.</li>
    </ul>

    <li>On the System Recovery Options menu you will get the following options:</span>
    <pre>Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt</pre>
    <ol>
    <li>Select <>Command Prompt</></li>
    <li>In the command window type in <[b]>notepad</[b]> and press <[b]>Enter</[b]>.</li>
    <li>The notepad opens. Under File menu select <[b]>Open</[b]>.</li>
    <li>Select "Computer" and find your flash drive letter and close the notepad.</li>
    <li>In the command window type <[b]><span style="color: #ff0000;">e</span>:\frst64</[b]> and press <[b]>Enter</[b]>
    <[b]>Note:</[b]><span style="color: #ff0000;"> Replace letter <[b]>e</[b]> with the drive letter of your flash drive.</span></li>
    <li>The tool will start to run.</li>
    <li>When the tool opens click <[b]>Yes</[b]> to disclaimer.</li>
    <li>Press <[b]>Scan</[b]> button.</li>
    <li><[b]>FRST</[b]> will let you know when the scan is complete and has written the <[b]>FRST.txt</[b]> to file, close the message.
    <li>Type [b]exit[/b]</li>
    <li>Please copy and paste [b]FRST.txt[/b] in your next reply</li></li>
    </ol>
    </ul>[/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b]
     
    Last edited by a moderator: Mar 13, 2014
  12. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    [b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b]

    JRT Scan Result[/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b]
     

    Attached Files:

    • JRT.txt
      File size:
      10 KB
      Views:
      81
    Last edited by a moderator: Mar 13, 2014
  13. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    Roguekill info
    --- Backup : No backup found ---
    --- Desktop ---
    DIR: C:\Users\Public\Desktop -> Attributes restored
    --- Quick launch ---
    --- Programs ---
    DIR: .cache -> Attributes restored
    DIR: InstallShield Installation Information -> Attributes restored
    DIR: Temp -> Attributes restored
    DIR: Uninstall Information -> Attributes restored
    --- Start menu ---
    --- My documents ---
    DIR: EffectManualOrder -> Attributes restored
    --- My favorites ---
    --- My music ---
    --- My pictures ---
    --- My videos ---
    --- User folder ---
    DIR: AppData -> Attributes restored
    DIR: downloads -> Attributes restored
    DIR: {5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ -> Attributes restored
    DIR: WebSlices~ -> Attributes restored
    DIR: Feeds Cache -> Attributes restored
    DIR: 0ECUY5MN -> Attributes restored
    DIR: 13OE2EA9 -> Attributes restored
    DIR: L33EGQAL -> Attributes restored
    DIR: XLW8HEX8 -> Attributes restored
    DIR: DOMStore -> Attributes restored
    DIR: FILQNVJ9 -> Attributes restored
    DIR: K99QDK84 -> Attributes restored
    DIR: WQHXVOCK -> Attributes restored
    DIR: Art Cache -> Attributes restored
    DIR: DOMStore -> Attributes restored
    DIR: MediaCache -> Attributes restored
    DIR: Low -> Attributes restored
    DIR: Cookies -> Attributes restored
    DIR: Low -> Attributes restored
    DIR: IECompatCache -> Attributes restored
    DIR: Low -> Attributes restored
    DIR: IECompatUACache -> Attributes restored
    DIR: Low -> Attributes restored
    DIR: IEDownloadHistory -> Attributes restored
    DIR: IETldCache -> Attributes restored
    DIR: Low -> Attributes restored
    DIR: PrivacIE -> Attributes restored
    DIR: Low -> Attributes restored

    Drives found : [C:D:E:F:Q:]
    --- [C:] \Device\HarddiskVolume2 -- 0x3 --> Restoring... ---
    DIR: boot -> Attributes restored
    DIR: HP -> Attributes restored
    DIR: ProgramData -> Attributes restored
    DIR: SC Info -> Attributes restored
    DIR: Common Files -> Attributes restored
    DIR: 4.0 -> Attributes restored
    DIR: 3.5 -> Attributes restored
    DIR: EvoParser -> Attributes restored
    DIR: 4.0 -> Attributes restored
    DIR: UNO -> Attributes restored
    DIR: 3.5 -> Attributes restored
    DIR: Server -> Attributes restored
    DIR: rm -> Attributes restored
    DIR: WwanSvc -> Attributes restored
    DIR: Profiles -> Attributes restored
    DIR: {E126B434-06DC-448E-8D40-9D498BE72122} -> Attributes restored
    DIR: {FBD38C9D-3733-43E5-91B0-5416123D09D4} -> Attributes restored
    DIR: SYSTEM.SAV -> Attributes restored
    DIR: Default -> Attributes restored
    DIR: AppData -> Attributes restored
    DIR: OLReg -> Attributes restored
    DIR: 4.0 -> Attributes restored
    DIR: Favorites -> Attributes restored
    DIR: Libraries -> Attributes restored
    DIR: TempRec -> Attributes restored
    DIR: TempSBE -> Attributes restored
    --- [D:] \Device\HarddiskVolume3 -- 0x3 --> Restoring... ---
    DIR: D: -> Attributes restored
    DIR: boot -> Attributes restored
    DIR: FactoryUpdate -> Attributes restored
    DIR: hp -> Attributes restored
    DIR: preload -> Attributes restored
    DIR: RM_Reserve -> Attributes restored
    --- [E:] \Device\HarddiskVolume4 -- 0x3 --> Restoring... ---
    --- [F:] \Device\CdRom0 -- 0x5 --> Skipped. ---
    --- [Q:] \Device\SftVol -- 0x3 --> Restoring... ---
     
  14. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Can you run Farbar Recovery Scan Tool now? :)

    Instructions are in post 11: http://malwaretips.com/Thread-Long-Startup-with-a-Grey-screen-with-8-blue-bars-on-top-and-also-BSOD-Attack?pid=113840#pid113840
     
  15. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    Yes, I did but I had to do it without the command prompt, it said that the Flash drive was G when I was in normal mode but in the notepad in command prompt it said it was H. I tried to go to the folder to see if FRST64 was there and it showed it in the normal mode but not in the command prompt mode. Anyway, earlier I downloaded Farbar and posted it on my taskbar. Since it didn't work in the command prompt, I ran it normally and the info is attached.
     

    Attached Files:

    • FRST.txt
      File size:
      134.6 KB
      Views:
      101
  16. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    FRST doesn't function properly if you run it in normal mode. Can you go back into system recovery command prompt and just type: H:\frst64

    You don't have to go into the folder and see if FRST is there or not. If FRST is in the USB, it will run, assuming you have the correct drive.
     
  17. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    I tried it and it didn't work. It just showed H: as a command. I closed it but it didn't make a difference. FRST64 did show on the flash drive.
     
  18. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    :DI finally got it to work!
     

    Attached Files:

    • FRST.txt
      File size:
      142.1 KB
      Views:
      126
  19. Aaron8

    Aaron8 Regular Member

    Reputation:
    0
    Joined:
    Mar 27, 2013
    Messages:
    50
    Likes Received:
    0
    What's the next step?
     
  20. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    12
    Open notepad and copy & paste the following:

    and save it as fixlist.txt onto your flash drive.

    Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

    Next: Please download ComboFix from one of these locations:

    <a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
    <a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>

    <>* IMPORTANT !!! Save ComboFix to your Desktop as ComboFix.exe</>
    <ul>
    <li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
    <li>Double click on Combo-Fix & follow the prompts.</li>
    <li>As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's ly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.</li>
    <li>Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.</li>
    </ul>
    **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    <img src="http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif" alt="Posted Image" />
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    <img src="http://img.photobucket.com/albums/v706/ried7/whatnext.png" alt="Posted Image" />
    Click on <>Yes</>, to continue scanning for malware.

    When finished, ComboFix will produce a log.

    <>Note:</>
    1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
    2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
     
    Last edited by a moderator: Mar 13, 2014

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.