Cannot remove SCORPION SAVER/ADPEAK

[hunzeker]

I re-formatted my Win7 computer a week ago, and while re-downloading programs I managed to pick up SCORPION SAVER. Each day since then, I have spent hours trying to remove this adware with virtually every bit of internet instructions I can find.

I have been totally unsuccessful. Each morning I start the computer and SCORPION is back. MalwareTips instructions did not work either.

I'm at my wit's end. Can anyone help?

Hunzeker in Oregon

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

STEP 1: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>

Settings You need to Select in OTL

1. Click the Scan All Users checkbox.
2. Change Standard Registry to All.
3. Check the boxes beside LOP Check and Purity Check.

<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>

<hr />

 

[hunzeker]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

STEP 1: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>

Settings You need to Select in OTL

1. Click the Scan All Users checkbox.
2. Change Standard Registry to All.
3. Check the boxes beside LOP Check and Purity Check.

<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>

<hr />

 

[hunzeker]

Kuttus...thank you so much for your help on this.


OTL logfile created on: 11/23/2013 7:11:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Folders\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 36.80% Memory free
8.00 Gb Paging File | 5.13 Gb Available in Paging File | 64.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.51 Gb Total Space | 301.38 Gb Free Space | 80.90% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 1.37 Gb Free Space | 73.47% Space Free | Partition Type: NTFS
Drive J: | 298.09 Gb Total Space | 119.78 Gb Free Space | 40.18% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 307.95 Gb Free Space | 66.12% Space Free | Partition Type: NTFS

Computer Name: WIN7 | User Name: Folders | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Folders\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (IObit)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (IObit)
PRC - C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe (Plex, Inc.)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe (Hauppauge Computer Works, Inc)
PRC - C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)


========== Modules (No Company Name) ==========

MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_elementtree.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32api.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_socket.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32ts.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._gdi_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32com.shell.shell.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._html2.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_multiprocessing.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32profile.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32crypt.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\pythoncom27.dll ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_ctypes.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._misc_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\PyWinTypes27.dll ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._core_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32security.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_ssl.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._windows_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_hashlib.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32process.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32pdh.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._wizard.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32file.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32inet.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._controls_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\pyexpat.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32event.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\unicodedata.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\select.pyd ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\tag.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\swscale-0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll ()
MOD - C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll ()
MOD - C:\Program Files (x86)\IObit\Driver Booster\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Driver Booster\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Driver Booster\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll ()
MOD - C:\Program Files (x86)\IObit\Driver Booster\SQLite3.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (GenieTimelineService) -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe (Genie9)
SRV:64bit: - (Level Quality Watcher) -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe ()
SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NZ) -- C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdvancedSystemCareService7) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Hauppauge WinTV Extender) -- C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe (Hauppauge Computer Works, Inc)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NZ) -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hcw18bda) -- C:\Windows\SysNative\drivers\hcw18bda.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc. )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.64
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/21 20:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\mozilla_cc@internetdownloadmanager.com: C:\Users\Folders\AppData\Roaming\IDM\idmmzcc5 [2013/11/21 20:43:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Folders\AppData\Roaming\IDM\idmmzcc5 [2013/11/21 20:43:29 | 000,000,000 | ---D | M]

[2013/11/11 20:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folders\AppData\Roaming\Mozilla\Extensions
[2013/11/23 13:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\extensions
[2013/11/23 13:25:10 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\extensions\ScorpionSaver@jetpack
[2013/11/21 20:32:24 | 000,007,911 | ---- | M] () -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searchplugins\Google.xml
[2013/11/12 18:51:42 | 000,000,905 | ---- | M] () -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searchplugins\yahoo_ff.xml
[2013/11/15 13:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 13:01:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2013/11/21 20:47:55 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/11/21 20:43:29 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5
File not found (No name found) -- C:\USERS\FOLDERS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\333RKO86.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - Extension: Google Drive = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: IDM Integration Module = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.7_1\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: Google Wallet = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\
CHR - Extension: ScorpionSaver = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\8d25ed94-bb32-4930-87d7-4c74dc4f01ce.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [GoogleChromeAutoLaunch_4D58BC9D6CE41938B37776A7615543AA] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [TBHostSupport] C:\Users\Folders\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9174F4D4-A1F3-4903-AEC4-365046D8E2F9}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/23 15:11:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/23 15:10:12 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/11/23 15:10:09 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/11/23 15:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/11/23 15:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/11/23 13:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/11/22 16:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
[2013/11/22 16:51:16 | 000,038,672 | ---- | C] (PCTV Systems S.à r.l.) -- C:\Windows\SysWow64\pcleUtil.dll
[2013/11/22 16:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinTV
[2013/11/22 16:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/11/22 16:51:00 | 000,831,554 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwtvwnd.dll
[2013/11/22 16:51:00 | 000,323,640 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwpnp32.dll
[2013/11/22 16:51:00 | 000,118,849 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysWow64\hcwi2c32.dll
[2013/11/22 16:51:00 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwutl32.dll
[2013/11/22 16:48:57 | 000,912,896 | ---- | C] (Hauppauge Computer Works, Inc) -- C:\Windows\SysNative\drivers\hcw18bda.sys
[2013/11/22 16:48:57 | 000,139,264 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw18prop.ax
[2013/11/22 16:48:57 | 000,117,248 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\hcw18CCv.ax
[2013/11/22 16:48:28 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\autorun
[2013/11/22 12:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/22 10:51:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/22 10:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/11/22 10:39:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/21 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/11/21 20:22:10 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Adobe
[2013/11/21 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\eCyber
[2013/11/21 14:10:52 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Real
[2013/11/21 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/11/20 18:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genie9
[2013/11/20 18:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Genie9
[2013/11/20 17:58:48 | 000,000,000 | R--D | C] -- C:\Users\Folders\Desktop\Backup
[2013/11/20 17:58:47 | 000,000,000 | R--D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
[2013/11/20 17:58:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/20 17:57:45 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Genie9
[2013/11/19 19:02:59 | 000,000,000 | R--D | C] -- C:\Users\Folders\Google Drive
[2013/11/19 14:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
[2013/11/19 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
[2013/11/19 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftMaker Viewer
[2013/11/18 19:25:06 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/11/17 17:02:28 | 000,000,000 | ---D | C] -- C:\Users\Folders\Rail Temp
[2013/11/17 14:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/11/17 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/11/17 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\DOGS
[2013/11/17 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\Documents
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\DISPUTES
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\Booknizer
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\APARTMENTS
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\AA QWEST
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\WAB
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\VERIZON
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\TAXES
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\RES REF
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\PROP TAX
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\PASSWORDS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\OLD EMAILS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\OLD APT
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\LICENSES
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\EMAILS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\EMAIL ADDRESSES
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\SoftMaker
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\LICENSES PASSWORDS
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\BEND APT
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\AppData
[2013/11/16 15:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Preview
[2013/11/16 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Media Preview
[2013/11/16 15:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
[2013/11/16 13:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2013/11/16 13:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
[2013/11/16 12:59:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Foxit Software
[2013/11/16 12:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013/11/16 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\TBHostSupport
[2013/11/15 21:01:58 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\PhotoScape
[2013/11/15 21:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013/11/15 21:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2013/11/15 18:29:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\CrashDumps
[2013/11/15 13:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/11/15 13:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013/11/15 13:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/11/15 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/15 09:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Zone
[2013/11/14 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Qwest
[2013/11/14 19:13:43 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\ccSetx64.sys
[2013/11/14 19:13:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D
[2013/11/14 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/11/14 13:23:04 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/11/14 13:22:51 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/11/13 18:49:24 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysNative\AdpeakProxy64.dll
[2013/11/13 18:49:21 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysWow64\AdpeakProxy.dll
[2013/11/13 18:11:18 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\vlc
[2013/11/13 18:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/11/13 18:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/11/13 18:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/11/13 17:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/11/13 17:26:08 | 001,005,928 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/11/13 17:26:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2013/11/13 17:26:08 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2013/11/13 17:26:07 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2013/11/13 17:20:37 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\AVS4YOU
[2013/11/13 17:20:21 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/11/13 17:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/11/13 17:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/11/13 17:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013/11/13 17:18:22 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/11/13 17:18:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013/11/13 17:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\IDM
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\DMCache
[2013/11/13 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/11/13 17:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/11/13 17:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2013/11/13 16:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/11/13 16:18:30 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\OpenOffice
[2013/11/13 16:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink Personal Digital Vault™
[2013/11/13 16:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CenturyLink Personal Digital Vault
[2013/11/13 14:37:06 | 000,000,000 | ---D | C] -- C:\Users\Folders\Norton Zone
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NZx64
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Zone
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/11/13 14:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/11/13 14:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/11/13 14:33:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/11/13 14:24:03 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Plex
[2013/11/13 14:23:53 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013/11/13 14:23:52 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/11/13 14:23:02 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plex Media Center
[2013/11/13 13:40:46 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Apple Computer
[2013/11/13 13:40:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Plex Media Server
[2013/11/13 13:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2013/11/13 13:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2013/11/13 13:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/11/13 12:40:20 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/11/13 11:43:16 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/13 11:39:57 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/13 11:39:57 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/13 11:39:53 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 11:39:53 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/13 11:39:53 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/13 11:39:53 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/13 11:39:53 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/13 11:39:53 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/13 11:39:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/13 11:39:53 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/13 11:39:53 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/13 11:39:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/13 11:39:53 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/13 11:39:53 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/13 11:39:53 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/13 11:39:53 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/13 11:39:53 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/13 11:39:53 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/13 11:39:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/13 11:39:53 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/13 11:39:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/13 11:39:53 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/13 11:39:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/13 11:39:53 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/13 11:39:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/13 11:39:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/13 11:39:53 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/13 11:39:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/13 11:39:53 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/13 11:39:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/13 11:39:53 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/13 11:39:53 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/13 11:39:53 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/13 11:39:53 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/13 11:39:53 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/13 11:39:53 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/13 11:39:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/13 11:39:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/13 11:39:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/13 11:39:53 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/13 11:39:53 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/13 11:39:53 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/13 11:39:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/13 11:39:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/13 11:39:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/13 11:39:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/13 11:39:53 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/13 11:39:53 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/13 11:39:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 11:39:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/13 11:39:53 | 000,084,992 | ---- | C] (Microsoft Corporation)

 

[kuttus]

STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL

:OTL
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_elementtree.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32api.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_socket.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32ts.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._gdi_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32com.shell.shell.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._html2.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_multiprocessing.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32profile.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32crypt.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\pythoncom27.dll ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_ctypes.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._misc_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\PyWinTypes27.dll ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._core_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32security.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_ssl.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._windows_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\_hashlib.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32process.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32pdh.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._wizard.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32file.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32inet.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\wx._controls_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\pyexpat.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\win32event.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\unicodedata.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI28562\select.pyd ()
[2013/11/23 13:25:10 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\exten​sions\ScorpionSaver@jetpack
[2013/11/21 20:32:24 | 000,007,911 | ---- | M] () -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searc​hplugins\Google.xml
[2013/11/12 18:51:42 | 000,000,905 | ---- | M] () -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searc​hplugins\yahoo_ff.xml
[2013/11/15 13:01:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/21 20:43:29 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5
File not found (No name found) -- C:\USERS\FOLDERS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\333RKO86.DEFAULT\EXTEN​SIONS\ASCSURFINGPROTECTION@IOBIT.COM
CHR - Extension: ScorpionSaver = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\
O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [TBHostSupport] C:\Users\Folders\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)

:commands
[emptytemp]
[reboot]

<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />

 

[hunzeker]

Ok....here's the result:
(although when rebooted, I got a popup message which read "Failed to initialize, infrared remote hardware" which I don't know what it is referring to.

All processes killed
========== OTL ==========
Folder C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\exten​​sions\ScorpionSaver@jetpack\ not found.
File C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searc​​hplugins\Google.xml not found.
File C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searc​​hplugins\yahoo_ff.xml not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5\META-INF folder moved successfully.
C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5\components9 folder moved successfully.
C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5\components2 folder moved successfully.
C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5\components folder moved successfully.
C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5\chrome folder moved successfully.
C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5 folder moved successfully.
File C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
File C:\Program Files (x86)\ScorpionSaver\IECore.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3821494161-1811066229-1795245934-1001\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport deleted successfully.
C:\Users\Folders\AppData\Local\TBHostSupport\TBHostSupport.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Folders
->Temp folder emptied: 73668141 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 22949204 bytes
->Google Chrome cache emptied: 8946626 bytes
->Flash cache emptied: 602 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 190437 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3270352 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1422267 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46478091 bytes
RecycleBin emptied: 10921641 bytes

Total Files Cleaned = 160.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11252013_233000

Files\Folders moved on Reboot...
C:\Users\Folders\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Folders\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\SysNative\SET68F8.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\JET4D64.tmp moved successfully.
C:\Windows\temp\JETABD8.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[hunzeker]

Also, I've tried numerous malware programs approximately fifteen times, then this morning I got a different looking Scorpion Saver message asking if I wanted a removal of it. I clicked on "yes", and now I notice in the new log results that Scorpion is not there.

I don't understand why they would suddenly cooperate with my wishes....if in fact that really worked and didn't download more junk as a result. The Oldtimer log was run just now, so it is up to date.

 

[kuttus]

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Scan</>,then confirm each time with <>Ok</>.</li>
<li>After the Scan is Over press on Clean ,then confirm each time with <>Ok</>.
</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

---

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

---

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

---

 

[hunzeker]

I mistakenly copied some of the scan results to Softmaker's "Textmaker" document creator. I hope you have the ability to read them. Let me know if not.

# AdwCleaner v3.012 - Report created 22/11/2013 at 10:39:52
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Folders - WIN7
# Running from : C:\Users\Folders\Downloads\Programs\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searchplugins\v9.xml
File Found : C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\user.js
Folder Found C:\Program Files (x86)\Common Files\spigot
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Folders\AppData\Local\Conduit
Folder Found C:\Users\Folders\AppData\LocalLow\Conduit
Folder Found C:\Users\Folders\AppData\Roaming\iSafe
Folder Found C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\Smartbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\prefs.js ]

Line Found : user_pref("CT3153924.FF19Solved", "true");
Line Found : user_pref("CT3153924.FirstTime", "true");
Line Found : user_pref("CT3153924.FirstTimeFF3", "true");
Line Found : user_pref("CT3153924.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&SearchSource=2&CUI=UN30021211242253510&UM=2&q=");
Line Found : user_pref("CT3153924.Social_Instagram_lastFeed", "");
Line Found : user_pref("CT3153924.UserID", "UN30021211242253510");
Line Found : user_pref("CT3153924.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3153924.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3153924.countryCode", "US");
Line Found : user_pref("CT3153924.defaultSearch", "true");
Line Found : user_pref("CT3153924.enableAlerts", "true");
Line Found : user_pref("CT3153924.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3153924.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3153924.fixPageNotFoundError", "true");
Line Found : user_pref("CT3153924.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3153924.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3153924.fullUserID", "UN30021211242253510.IN.20131112184658");
Line Found : user_pref("CT3153924.installDate", "12/11/2013 18:47:02");
Line Found : user_pref("CT3153924.installId", "stub.exe");
Line Found : user_pref("CT3153924.installSessionId", "{734F526A-0471-440E-9A50-B45271814566}");
Line Found : user_pref("CT3153924.installSp", "TRUE");
Line Found : user_pref("CT3153924.installType", "conduitnsisintegration");
Line Found : user_pref("CT3153924.installUsage", "2013-11-13T05:46:56.7365213+03:00");
Line Found : user_pref("CT3153924.installUsageEarly", "2013-11-13T05:46:45.1300469+03:00");
Line Found : user_pref("CT3153924.installerVersion", "1.7.1.7");
Line Found : user_pref("CT3153924.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3153924.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3153924.keyword", "true");
Line Found : user_pref("CT3153924.lastVersion", "10.22.3.18");
Line Found : user_pref("CT3153924.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3153924.openThankYouPage", "false");
Line Found : user_pref("CT3153924.openUninstallPage", "true");
Line Found : user_pref("CT3153924.originalHomepage", "hxxps://www.google.com/");
Line Found : user_pref("CT3153924.originalSearchAddressUrl", "");
Line Found : user_pref("CT3153924.originalSearchEngine", "Yahoo");
Line Found : user_pref("CT3153924.originalSearchEngineName", "Yahoo");
Line Found : user_pref("CT3153924.revertSettingsEnabled", "false");
Line Found : user_pref("CT3153924.search.searchAppId", "10000002");
Line Found : user_pref("CT3153924.search.searchCount", "0");
Line Found : user_pref("CT3153924.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3153924.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3153924.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3153924.searchRevert", "false");
Line Found : user_pref("CT3153924.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3153924.searchUserMode", "2");
Line Found : user_pref("CT3153924.serviceLayer_services_Configuration_lastUpdate", "1384310833486");
Line Found : user_pref("CT3153924.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1384310835170");
Line Found : user_pref("CT3153924.serviceLayer_services_appsMetadata_lastUpdate", "1384310834383");
Line Found : user_pref("CT3153924.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1384310834458");
Line Found : user_pref("CT3153924.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1384310833498");
Line Found : user_pref("CT3153924.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1384310844885");
Line Found : user_pref("CT3153924.serviceLayer_services_login_10.22.3.18_lastUpdate", "1384310844830");
Line Found : user_pref("CT3153924.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1384310834851");
Line Found : user_pref("CT3153924.serviceLayer_services_searchAPI_lastUpdate", "1384310833478");
Line Found : user_pref("CT3153924.serviceLayer_services_serviceMap_lastUpdate", "1384310832654");
Line Found : user_pref("CT3153924.serviceLayer_services_toolbarContextMenu_lastUpdate", "1384310834917");
Line Found : user_pref("CT3153924.serviceLayer_services_toolbarSettings_lastUpdate", "1384310833066");
Line Found : user_pref("CT3153924.serviceLayer_services_translation_lastUpdate", "1384310835137");
Line Found : user_pref("CT3153924.settingsINI", true);
Line Found : user_pref("CT3153924.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3153924.showToolbarPermission", "false");
Line Found : user_pref("CT3153924.smartbar.CTID", "CT3153924");
Line Found : user_pref("CT3153924.smartbar.Uninstall", "0");
Line Found : user_pref("CT3153924.smartbar.homepage", "true");
Line Found : user_pref("CT3153924.smartbar.toolbarName", "Connect DLCS ");
Line Found : user_pref("CT3153924.startPage", "true");
Line Found : user_pref("CT3153924.toolbarBornServerTime", "13-11-2013");
Line Found : user_pref("CT3153924.toolbarCurrentServerTime", "13-11-2013");
Line Found : user_pref("CT3153924.toolbarLoginClientTime", "Tue Nov 12 2013 18:47:24 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3153924.versionFromInstaller", "10.22.3.18");
Line Found : user_pref("CT3153924.xpeMode", "0");
Line Found : user_pref("CT3306061.ConnectTB_activeApp", "%EF%F4%F9%FA%E7%ED%F8%E7%F3");
Line Found : user_pref("CT3306061.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Found : user_pref("CT3306061.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3306061.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3306061.FF19Solved", "true");
Line Found : user_pref("CT3306061.FirstTime", "true");
Line Found : user_pref("CT3306061.FirstTimeFF3", "true");
Line Found : user_pref("CT3306061.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN36223921992670113&UM=2&q=");
Line Found : user_pref("CT3306061.Social_Instagram_lastFeed", "");
Line Found : user_pref("CT3306061.UserID", "UN36223921992670113");
Line Found : user_pref("CT3306061.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3306061.countryCode", "US");
Line Found : user_pref("CT3306061.defaultSearch", "true");
Line Found : user_pref("CT3306061.embeddedsData", "[{\"appId\":\"130158552044204297\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3306061.enableAlerts", "true");
Line Found : user_pref("CT3306061.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3306061.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3306061.fixPageNotFoundError", "true");
Line Found : user_pref("CT3306061.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3306061.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3306061.fullUserID", "UN36223921992670113.IN.20131115182929");
Line Found : user_pref("CT3306061.installDate", "15/11/2013 18:29:31");
Line Found : user_pref("CT3306061.installId", "stub.exe");
Line Found : user_pref("CT3306061.installSessionId", "{9B7FC2DB-3331-4FD7-A984-7158980CB269}");
Line Found : user_pref("CT3306061.installSp", "TRUE");
Line Found : user_pref("CT3306061.installType", "conduitnsisintegration");
Line Found : user_pref("CT3306061.installUsage", "2013-11-16T05:29:22.8314007+03:00");
Line Found : user_pref("CT3306061.installUsageEarly", "2013-11-16T05:29:21.1622007+03:00");
Line Found : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3306061.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3306061.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3306061.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3306061.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3306061.keyword", "true");
Line Found : user_pref("CT3306061.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=15&CUI=UN36223921992670113&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3306061.lastVersion", "10.22.3.18");
Line Found : user_pref("CT3306061.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3306061.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.matirsoft.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"MatirSoft\",\"EB_TOOLBAR_SUB_DOMAIN\":\"htt[...]
Line Found : user_pref("CT3306061.openThankYouPage", "false");
Line Found : user_pref("CT3306061.openUninstallPage", "true");
Line Found : user_pref("CT3306061.originalHomepage", "hxxps://www.google.com/");
Line Found : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Found : user_pref("CT3306061.originalSearchEngine", "Bing");
Line Found : user_pref("CT3306061.originalSearchEngineName", "Bing");
Line Found : user_pref("CT3306061.revertSettingsEnabled", "true");
Line Found : user_pref("CT3306061.search.searchAppId", "130158552044204297");
Line Found : user_pref("CT3306061.search.searchCount", "0");
Line Found : user_pref("CT3306061.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3306061.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3306061.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3306061.searchRevert", "true");
Line Found : user_pref("CT3306061.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Found : user_pref("CT3306061.searchUserMode", "2");
Line Found : user_pref("CT3306061.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3306061.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3306061.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Found : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3306061\"}");
Line Found : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://ConnectDLC5.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Connect DLC 5 \"}");
Line Found : user_pref("CT3306061.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3306061.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3306061.serviceLayer_services_Configuration_lastUpdate", "1384568990417");
Line Found : user_pref("CT3306061.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1384568991209");
Line Found : user_pref("CT3306061.serviceLayer_services_appsMetadata_lastUpdate", "1384568990961");
Line Found : user_pref("CT3306061.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1384568990639");
Line Found : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1384568990432");
Line Found : user_pref("CT3306061.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1384568991509");
Line Found : user_pref("CT3306061.serviceLayer_services_login_10.22.3.18_lastUpdate", "1384568991514");
Line Found : user_pref("CT3306061.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1384568990927");
Line Found : user_pref("CT3306061.serviceLayer_services_searchAPI_lastUpdate", "1384568990199");
Line Found : user_pref("CT3306061.serviceLayer_services_serviceMap_lastUpdate", "1384568988615");
Line Found : user_pref("CT3306061.serviceLayer_services_toolbarContextMenu_lastUpdate", "1384568991131");
Line Found : user_pref("CT3306061.serviceLayer_services_toolbarSettings_lastUpdate", "1384568989470");
Line Found : user_pref("CT3306061.serviceLayer_services_translation_lastUpdate", "1384568991340");
Line Found : user_pref("CT3306061.settingsINI", true);
Line Found : user_pref("CT3306061.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3306061.showToolbarPermission", "false");
Line Found : user_pref("CT3306061.smartbar.CTID", "CT3306061");
Line Found : user_pref("CT3306061.smartbar.Uninstall", "0");
Line Found : user_pref("CT3306061.smartbar.homepage", "true");
Line Found : user_pref("CT3306061.smartbar.toolbarName", "Connect DLC 5 ");
Line Found : user_pref("CT3306061.startPage", "true");
Line Found : user_pref("CT3306061.toolbarBornServerTime", "16-11-2013");
Line Found : user_pref("CT3306061.toolbarCurrentServerTime", "16-11-2013");
Line Found : user_pref("CT3306061.toolbarInstallDate", "15-11-2013 18:29:29");
Line Found : user_pref("CT3306061.toolbarLoginClientTime", "Fri Nov 15 2013 18:29:51 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3306061.versionFromInstaller", "10.22.3.18");
Line Found : user_pref("CT3306061.xpeMode", "0");
Line Found : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384569214530,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN36223921992670113&UM=2&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "Connect DLC 5 Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN36223921992670113&UM=2&q=");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Found : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN36223921992670113&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN30021211242253510&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN36223921992670113&UM=2[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&SearchSource=2&CUI=UN30021211242253510&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Found : user_pref("smartbar.machineId", "XOYGODJV1GF7UZOUMACLQFLZSKNOHWSDIYGNIBS5BUWL3W+ALKE2GAXW4MS+VEDUDH6NNHO9+YQSCUEF5ZOKRW");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [17505 octets] - [22/11/2013 10:39:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17566 octets] ##########

=================================================================================

# AdwCleaner v3.013 - Report created 26/11/2013 at 13:22:53
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Folders - WIN7
# Running from : C:\Users\Folders\Downloads\Programs\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [17651 octets] - [22/11/2013 10:39:52]
AdwCleaner[R1].txt - [17712 octets] - [22/11/2013 10:43:07]
AdwCleaner[R2].txt - [1676 octets] - [26/11/2013 13:03:45]
AdwCleaner[R3].txt - [1301 octets] - [26/11/2013 13:21:54]
AdwCleaner[S0].txt - [18143 octets] - [22/11/2013 10:45:22]
AdwCleaner[S1].txt - [1722 octets] - [26/11/2013 13:12:18]
AdwCleaner[S2].txt - [1228 octets] - [26/11/2013 13:22:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1288 octets] ##########

================================================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Folders on Tue 11/26/2013 at 15:27:28.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Folders\AppData\Roaming\mozilla\firefox\profiles\333rko86.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/26/2013 at 16:03:25.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=================================================================================
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.27.02

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 11.0.9600.16428
Folders :: WIN7 [administrator]

11/26/2013 7:15:29 PM
mbar-log-2013-11-26 (19-15-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 370532
Time elapsed: 36 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

=================================================================================
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Folders :: WIN7 [administrator]

Protection: Disabled

11/26/2013 8:27:28 PM
mbam-log-2013-11-26 (20-27-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229146
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\ScorpionSaver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

=================================================================================

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Folders :: WIN7 [administrator]

Protection: Disabled

11/26/2013 8:27:28 PM
mbam-log-2013-11-26 (20-27-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229146
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\ScorpionSaver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[kuttus]

STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />

STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 3: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> <em>(This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</em></li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />

 

[hunzeker]

Thank you very much for your help. It has been nearly two days now with no re-infection, so I think it has been removed. I have to say that Scorpion is the most persistent, troublesome malware I have experienced in 30 years of computer usage.

 

[hunzeker]

SCORPION SAVER IS BACK MORE THAN EVER!

 

[kuttus]

In which Browser it is back? Is it in Google Chrome?

 

[hunzeker]

It is in all three: Firefox, Chrome (my email), and IE.

I just completed scans for Hit Man Pro, ESET, and Kaspersky per your instructions, and no threats were found by them.

Please don't give up on me.

 

[kuttus]

Please run the OTL Scan once more and update me the logs...

 

[hunzeker]

Can find no report for "Extra.txt"....only this summary:

OTL logfile created on: 11/29/2013 1:28:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Folders\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 58.26% Memory free
8.00 Gb Paging File | 5.91 Gb Available in Paging File | 73.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.51 Gb Total Space | 319.10 Gb Free Space | 85.66% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 1.37 Gb Free Space | 73.44% Space Free | Partition Type: NTFS
Drive J: | 298.09 Gb Total Space | 119.47 Gb Free Space | 40.08% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 277.05 Gb Free Space | 59.48% Space Free | Partition Type: NTFS

Computer Name: WIN7 | User Name: Folders | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Folders\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe (Plex, Inc.)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (Adpeak, Inc.)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32com.shell.shell.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_elementtree.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32api.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_socket.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_multiprocessing.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32ts.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._gdi_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_ctypes.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._html2.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32profile.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32crypt.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._core_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_ssl.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._misc_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\pythoncom27.dll ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\PyWinTypes27.dll ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32security.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._windows_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_hashlib.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._wizard.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32file.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32process.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32pdh.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._controls_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32inet.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\unicodedata.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\pyexpat.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32event.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\select.pyd ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\tag.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\swscale-0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (GenieTimelineService) -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe (Genie9)
SRV:64bit: - (Level Quality Watcher) -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe ()
SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV:64bit: - (AdpeakProxy) -- C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (Adpeak, Inc.)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NZ) -- C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdvancedSystemCareService7) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (Hauppauge WinTV Extender) -- C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe (Hauppauge Computer Works, Inc)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NZ) -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hcw18bda) -- C:\Windows\SysNative\drivers\hcw18bda.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc. )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.64
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\mozilla_cc@internetdownloadmanager.com: C:\Users\Folders\AppData\Roaming\IDM\idmmzcc5 [2013/11/25 23:33:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Folders\AppData\Roaming\IDM\idmmzcc5 [2013/11/25 23:33:11 | 000,000,000 | ---D | M]

[2013/11/11 20:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folders\AppData\Roaming\Mozilla\Extensions
[2013/11/28 18:09:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\extensions
[2013/11/21 20:32:24 | 000,007,911 | ---- | M] () -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searchplugins\Google.xml
[2013/11/12 18:51:42 | 000,000,905 | ---- | M] () -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searchplugins\yahoo_ff.xml
[2013/11/25 23:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2013/11/25 23:33:11 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5
File not found (No name found) -- C:\USERS\FOLDERS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\333RKO86.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Drive = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: avast! Online Security = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_1\
CHR - Extension: IDM Integration Module = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.7_1\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\8d25ed94-bb32-4930-87d7-4c74dc4f01ce.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [GoogleChromeAutoLaunch_4D58BC9D6CE41938B37776A7615543AA] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [GoogleDriveSync] c:\program files (x86)\google\drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9174F4D4-A1F3-4903-AEC4-365046D8E2F9}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/23 15:11:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/28 16:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/11/28 14:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\ScorpionSaver Services
[2013/11/28 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\IDM2
[2013/11/28 11:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Genie9
[2013/11/28 11:34:39 | 000,000,000 | ---D | C] -- C:\0f4b1c2beb7b6dabc8ddb5daad65d67a
[2013/11/28 10:18:12 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\autorun
[2013/11/27 20:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
[2013/11/27 20:10:07 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Systweak
[2013/11/27 20:10:06 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/11/27 16:08:43 | 000,000,000 | ---D | C] -- C:\b1e34f6098ca96049f4c
[2013/11/27 16:06:54 | 000,000,000 | ---D | C] -- C:\4d3d87bbdec4022af663ac6a6c75
[2013/11/27 16:04:12 | 000,000,000 | ---D | C] -- C:\f287f11a16765c212c1b6c
[2013/11/27 16:01:31 | 000,000,000 | ---D | C] -- C:\e407f43d348aefaebea4b46177
[2013/11/27 16:00:45 | 000,000,000 | ---D | C] -- C:\5733db8184d72843ca1e49ed71b62fc1
[2013/11/27 15:59:42 | 000,000,000 | ---D | C] -- C:\31b674d54c6afb206866
[2013/11/27 13:29:55 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/11/27 13:29:53 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/11/26 20:55:06 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/26 20:55:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/26 20:53:44 | 000,000,000 | ---D | C] -- C:\7b324cffb58ae272b47de342
[2013/11/26 18:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/11/26 16:37:17 | 000,047,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/11/26 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinTV
[2013/11/26 13:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hauppauge
[2013/11/26 13:48:29 | 000,000,000 | ---D | C] -- C:\Hauppauge
[2013/11/26 13:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/11/25 23:28:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/25 22:58:22 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/11/23 15:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/11/23 15:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/11/22 16:51:16 | 000,038,672 | ---- | C] (PCTV Systems S.à r.l.) -- C:\Windows\SysWow64\pcleUtil.dll
[2013/11/22 16:51:00 | 000,831,554 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwtvwnd.dll
[2013/11/22 16:51:00 | 000,323,640 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwpnp32.dll
[2013/11/22 16:51:00 | 000,118,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysWow64\hcwi2c32.dll
[2013/11/22 16:51:00 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwutl32.dll
[2013/11/22 16:48:57 | 000,912,896 | ---- | C] (Hauppauge Computer Works, Inc) -- C:\Windows\SysNative\drivers\hcw18bda.sys
[2013/11/22 16:48:57 | 000,139,264 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw18prop.ax
[2013/11/22 16:48:57 | 000,117,248 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\hcw18CCv.ax
[2013/11/22 12:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/22 10:51:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/22 10:39:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/21 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/11/21 20:22:10 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Adobe
[2013/11/21 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\eCyber
[2013/11/21 14:10:52 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Real
[2013/11/21 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/11/20 18:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genie9
[2013/11/20 18:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Genie9
[2013/11/20 17:58:48 | 000,000,000 | R--D | C] -- C:\Users\Folders\Desktop\Backup
[2013/11/20 17:58:47 | 000,000,000 | R--D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
[2013/11/20 17:58:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/20 17:57:45 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Genie9
[2013/11/19 19:02:59 | 000,000,000 | R--D | C] -- C:\Users\Folders\Google Drive
[2013/11/19 14:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
[2013/11/19 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
[2013/11/19 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftMaker Viewer
[2013/11/18 19:25:06 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/11/17 17:02:28 | 000,000,000 | ---D | C] -- C:\Users\Folders\Rail Temp
[2013/11/17 14:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/11/17 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/11/17 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\DOGS
[2013/11/17 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\Documents
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\DISPUTES
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\Booknizer
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\APARTMENTS
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\AA QWEST
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\WAB
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\VERIZON
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\TAXES
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\RES REF
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\PROP TAX
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\PASSWORDS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\OLD EMAILS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\OLD APT
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\LICENSES
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\EMAILS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\EMAIL ADDRESSES
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\SoftMaker
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\LICENSES PASSWORDS
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\BEND APT
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\AppData
[2013/11/16 15:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Preview
[2013/11/16 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Media Preview
[2013/11/16 15:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
[2013/11/16 13:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2013/11/16 13:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
[2013/11/16 12:59:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Foxit Software
[2013/11/16 12:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013/11/15 21:01:58 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\PhotoScape
[2013/11/15 21:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013/11/15 21:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2013/11/15 18:29:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\CrashDumps
[2013/11/15 13:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/11/15 13:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013/11/15 13:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/11/15 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/15 09:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Zone
[2013/11/14 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Qwest
[2013/11/14 19:13:43 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\ccSetx64.sys
[2013/11/14 19:13:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D
[2013/11/14 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/11/14 13:23:04 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/11/14 13:22:51 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/11/13 18:49:24 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysNative\AdpeakProxy64.dll
[2013/11/13 18:49:21 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysWow64\AdpeakProxy.dll
[2013/11/13 18:11:18 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\vlc
[2013/11/13 18:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/11/13 18:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/11/13 18:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/11/13 17:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/11/13 17:26:08 | 001,005,928 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/11/13 17:26:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2013/11/13 17:26:08 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2013/11/13 17:26:07 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2013/11/13 17:20:37 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\AVS4YOU
[2013/11/13 17:20:21 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/11/13 17:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/11/13 17:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/11/13 17:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013/11/13 17:18:22 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/11/13 17:18:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013/11/13 17:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\IDM
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\DMCache
[2013/11/13 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/11/13 17:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/11/13 17:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2013/11/13 16:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/11/13 16:18:30 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\OpenOffice
[2013/11/13 16:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink Personal Digital Vault™
[2013/11/13 16:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CenturyLink Personal Digital Vault
[2013/11/13 14:37:06 | 000,000,000 | ---D | C] -- C:\Users\Folders\Norton Zone
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NZx64
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Zone
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/11/13 14:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/11/13 14:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/11/13 14:33:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/11/13 14:24:03 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Plex
[2013/11/13 14:23:53 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013/11/13 14:23:52 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/11/13 14:23:02 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plex Media Center
[2013/11/13 13:40:46 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Apple Computer
[2013/11/13 13:40:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Plex Media Server
[2013/11/13 13:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2013/11/13 13:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2013/11/13 13:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/11/13 12:40:20 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/11/13 11:43:16 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/13 11:39:57 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/13 11:39:57 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/13 11:39:53 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 11:39:53 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/13 11:39:53 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/13 11:39:53 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/13 11:39:53 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/13 11:39:53 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/13 11:39:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/13 11:39:53 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/13 11:39:53 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/13 11:39:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/13 11:39:53 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/13 11:39:53 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/13 11:39:53 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/13 11:39:53 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/13 11:39:53 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/13 11:39:53 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/13 11:39:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/13 11:39:53 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/13 11:39:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/13 11:39:53 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/13 11:39:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/13 11:39:53 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/13 11:39:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/13 11:39:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/13 11:39:53 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/13 11:39:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/13 11:39:53 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/13 11:39:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/13 11:39:53 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/13 11:39:53 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/13 11:39:53 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/13 11:39:53 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/13 11:39:53 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/13 11:39:53 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/13 11:39:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/13 11:39:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/13 11:39:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/13 11:39:53 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/13 11:39:53 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/13 11:39:53 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/13 11:39:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/13 11:39:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/13 11:39:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/13 11:39:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/13 11:39:53 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/13 11:39:53 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/13 11:39:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 11:39:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/13 11:39:53 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/13 11:39:53 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/13 11:39:53 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/13 11:39:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/13 11:39:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/13 11:39:53 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/13 11:39:53 | 000,071,680 | ---- | C] (

 

[kuttus]

This logs are not Fully Uploaded.... Upload the Log File once again.

 

[hunzeker]

OTL logfile created on: 11/29/2013 1:28:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Folders\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 58.26% Memory free
8.00 Gb Paging File | 5.91 Gb Available in Paging File | 73.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.51 Gb Total Space | 319.10 Gb Free Space | 85.66% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 1.37 Gb Free Space | 73.44% Space Free | Partition Type: NTFS
Drive J: | 298.09 Gb Total Space | 119.47 Gb Free Space | 40.08% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 277.05 Gb Free Space | 59.48% Space Free | Partition Type: NTFS

Computer Name: WIN7 | User Name: Folders | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Folders\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe (Plex, Inc.)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Python Software Foundation)
PRC - C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (Adpeak, Inc.)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
PRC - C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32com.shell.shell.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_elementtree.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32api.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_socket.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_multiprocessing.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32ts.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._gdi_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_ctypes.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._html2.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32profile.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32crypt.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._core_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_ssl.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._misc_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\pythoncom27.dll ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\PyWinTypes27.dll ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32security.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._windows_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\_hashlib.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._wizard.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32file.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32process.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32pdh.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\wx._controls_.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32inet.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\unicodedata.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\pyexpat.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\win32event.pyd ()
MOD - C:\Users\Folders\AppData\Local\Temp\_MEI26402\select.pyd ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\tag.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\swscale-0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (GenieTimelineService) -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe (Genie9)
SRV:64bit: - (Level Quality Watcher) -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe ()
SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV:64bit: - (AdpeakProxy) -- C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (Adpeak, Inc.)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NZ) -- C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdvancedSystemCareService7) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (Hauppauge WinTV Extender) -- C:\Program Files (x86)\WinTV\Extend\WinTVExtender.exe (Hauppauge Computer Works, Inc)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NZ) -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hcw18bda) -- C:\Windows\SysNative\drivers\hcw18bda.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc. )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.64
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\mozilla_cc@internetdownloadmanager.com: C:\Users\Folders\AppData\Roaming\IDM\idmmzcc5 [2013/11/25 23:33:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Folders\AppData\Roaming\IDM\idmmzcc5 [2013/11/25 23:33:11 | 000,000,000 | ---D | M]

[2013/11/11 20:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folders\AppData\Roaming\Mozilla\Extensions
[2013/11/28 18:09:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\extensions
[2013/11/21 20:32:24 | 000,007,911 | ---- | M] () -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searchplugins\Google.xml
[2013/11/12 18:51:42 | 000,000,905 | ---- | M] () -- C:\Users\Folders\AppData\Roaming\Mozilla\Firefox\Profiles\333rko86.default\searchplugins\yahoo_ff.xml
[2013/11/25 23:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2013/11/25 23:33:11 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\FOLDERS\APPDATA\ROAMING\IDM\IDMMZCC5
File not found (No name found) -- C:\USERS\FOLDERS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\333RKO86.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Drive = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: avast! Online Security = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_1\
CHR - Extension: IDM Integration Module = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.7_1\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Folders\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\8d25ed94-bb32-4930-87d7-4c74dc4f01ce.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [GoogleChromeAutoLaunch_4D58BC9D6CE41938B37776A7615543AA] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [GoogleDriveSync] c:\program files (x86)\google\drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3821494161-1811066229-1795245934-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9174F4D4-A1F3-4903-AEC4-365046D8E2F9}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/23 15:11:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/28 16:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/11/28 14:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\ScorpionSaver Services
[2013/11/28 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\IDM2
[2013/11/28 11:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Genie9
[2013/11/28 11:34:39 | 000,000,000 | ---D | C] -- C:\0f4b1c2beb7b6dabc8ddb5daad65d67a
[2013/11/28 10:18:12 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\autorun
[2013/11/27 20:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
[2013/11/27 20:10:07 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Systweak
[2013/11/27 20:10:06 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/11/27 16:08:43 | 000,000,000 | ---D | C] -- C:\b1e34f6098ca96049f4c
[2013/11/27 16:06:54 | 000,000,000 | ---D | C] -- C:\4d3d87bbdec4022af663ac6a6c75
[2013/11/27 16:04:12 | 000,000,000 | ---D | C] -- C:\f287f11a16765c212c1b6c
[2013/11/27 16:01:31 | 000,000,000 | ---D | C] -- C:\e407f43d348aefaebea4b46177
[2013/11/27 16:00:45 | 000,000,000 | ---D | C] -- C:\5733db8184d72843ca1e49ed71b62fc1
[2013/11/27 15:59:42 | 000,000,000 | ---D | C] -- C:\31b674d54c6afb206866
[2013/11/27 13:29:55 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/11/27 13:29:53 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/11/26 20:55:06 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/26 20:55:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/26 20:53:44 | 000,000,000 | ---D | C] -- C:\7b324cffb58ae272b47de342
[2013/11/26 18:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/11/26 16:37:17 | 000,047,064 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/11/26 13:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinTV
[2013/11/26 13:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hauppauge
[2013/11/26 13:48:29 | 000,000,000 | ---D | C] -- C:\Hauppauge
[2013/11/26 13:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/11/25 23:28:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/25 22:58:22 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/11/23 15:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/11/23 15:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/11/22 16:51:16 | 000,038,672 | ---- | C] (PCTV Systems S.à r.l.) -- C:\Windows\SysWow64\pcleUtil.dll
[2013/11/22 16:51:00 | 000,831,554 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwtvwnd.dll
[2013/11/22 16:51:00 | 000,323,640 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwpnp32.dll
[2013/11/22 16:51:00 | 000,118,840 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysWow64\hcwi2c32.dll
[2013/11/22 16:51:00 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysWow64\hcwutl32.dll
[2013/11/22 16:48:57 | 000,912,896 | ---- | C] (Hauppauge Computer Works, Inc) -- C:\Windows\SysNative\drivers\hcw18bda.sys
[2013/11/22 16:48:57 | 000,139,264 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\SysNative\hcw18prop.ax
[2013/11/22 16:48:57 | 000,117,248 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\hcw18CCv.ax
[2013/11/22 12:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/22 10:51:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/22 10:39:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/21 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/11/21 20:22:10 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Adobe
[2013/11/21 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\eCyber
[2013/11/21 14:10:52 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Real
[2013/11/21 14:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/11/20 18:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genie9
[2013/11/20 18:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Genie9
[2013/11/20 17:58:48 | 000,000,000 | R--D | C] -- C:\Users\Folders\Desktop\Backup
[2013/11/20 17:58:47 | 000,000,000 | R--D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
[2013/11/20 17:58:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/20 17:57:45 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Genie9
[2013/11/19 19:02:59 | 000,000,000 | R--D | C] -- C:\Users\Folders\Google Drive
[2013/11/19 14:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
[2013/11/19 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
[2013/11/19 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftMaker Viewer
[2013/11/18 19:25:06 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/11/17 17:02:28 | 000,000,000 | ---D | C] -- C:\Users\Folders\Rail Temp
[2013/11/17 14:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/11/17 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/11/17 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\DOGS
[2013/11/17 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\Documents
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\DISPUTES
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\Booknizer
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\APARTMENTS
[2013/11/17 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\AA QWEST
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\WAB
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\VERIZON
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\TAXES
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\RES REF
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\PROP TAX
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\PASSWORDS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\OLD EMAILS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\OLD APT
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\LICENSES
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\EMAILS
[2013/11/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\EMAIL ADDRESSES
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\SoftMaker
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\LICENSES PASSWORDS
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\BEND APT
[2013/11/17 14:32:43 | 000,000,000 | ---D | C] -- C:\Users\Folders\Documents\AppData
[2013/11/16 15:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Preview
[2013/11/16 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Media Preview
[2013/11/16 15:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
[2013/11/16 13:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2013/11/16 13:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
[2013/11/16 12:59:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Foxit Software
[2013/11/16 12:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013/11/15 21:01:58 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\PhotoScape
[2013/11/15 21:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013/11/15 21:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2013/11/15 18:29:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\CrashDumps
[2013/11/15 13:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/11/15 13:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013/11/15 13:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/11/15 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/15 09:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Zone
[2013/11/14 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Qwest
[2013/11/14 19:13:43 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\ccSetx64.sys
[2013/11/14 19:13:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D
[2013/11/14 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/11/14 13:23:04 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/11/14 13:22:51 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/11/13 18:49:24 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysNative\AdpeakProxy64.dll
[2013/11/13 18:49:21 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysWow64\AdpeakProxy.dll
[2013/11/13 18:11:18 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\vlc
[2013/11/13 18:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/11/13 18:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/11/13 18:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/11/13 17:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/11/13 17:26:08 | 001,005,928 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/11/13 17:26:08 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2013/11/13 17:26:08 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2013/11/13 17:26:07 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2013/11/13 17:20:37 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\AVS4YOU
[2013/11/13 17:20:21 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/11/13 17:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/11/13 17:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/11/13 17:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013/11/13 17:18:22 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/11/13 17:18:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013/11/13 17:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\IDM
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/11/13 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\DMCache
[2013/11/13 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/11/13 17:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/11/13 17:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2013/11/13 16:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/11/13 16:18:30 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\OpenOffice
[2013/11/13 16:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink Personal Digital Vault™
[2013/11/13 16:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CenturyLink Personal Digital Vault
[2013/11/13 14:37:06 | 000,000,000 | ---D | C] -- C:\Users\Folders\Norton Zone
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NZx64
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Zone
[2013/11/13 14:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/11/13 14:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/11/13 14:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/11/13 14:33:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/11/13 14:24:03 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Plex
[2013/11/13 14:23:53 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013/11/13 14:23:52 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013/11/13 14:23:02 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plex Media Center
[2013/11/13 13:40:46 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Apple Computer
[2013/11/13 13:40:40 | 000,000,000 | ---D | C] -- C:\Users\Folders\AppData\Local\Plex Media Server
[2013/11/13 13:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2013/11/13 13:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2013/11/13 13:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/11/13 12:40:20 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/11/13 11:43:16 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/13 11:39:57 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/13 11:39:57 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/13 11:39:53 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 11:39:53 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/13 11:39:53 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/13 11:39:53 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/13 11:39:53 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/13 11:39:53 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/13 11:39:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/13 11:39:53 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/13 11:39:53 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/13 11:39:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/13 11:39:53 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/13 11:39:53 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/13 11:39:53 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/13 11:39:53 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/13 11:39:53 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/13 11:39:53 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/13 11:39:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/13 11:39:53 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/13 11:39:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/13 11:39:53 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/13 11:39:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/13 11:39:53 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/13 11:39:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/13 11:39:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/13 11:39:53 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/13 11:39:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/13 11:39:53 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/13 11:39:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/13 11:39:53 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/13 11:39:53 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/13 11:39:53 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/13 11:39:53 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/13 11:39:53 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/13 11:39:53 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/13 11:39:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/13 11:39:53 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/13 11:39:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/13 11:39:53 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/13 11:39:53 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/13 11:39:53 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/13 11:39:53 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/13 11:39:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/13 11:39:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/13 11:39:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/13 11:39:53 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/13 11:39:53 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/13 11:39:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 11:39:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/13 11:39:53 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/13 11:39:53 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/13 11:39:53 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/13 11:39:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/13 11:39:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/13 11:39:53 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/13 11:39:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEY

 

[kuttus]

Still not Full

 

[hunzeker]

Still not Full