Page 1 of 4 1234 LastLast
Results 1 to 10 of 34

Thread: Spybot - Search & Destroy unable to remove Delta.Tollbar

  1. #1
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default Spybot - Search & Destroy unable to remove Delta.Tollbar

    Hello,
    Originally, I posted my request at http://forums.spybot.info/showthread...-Delta-Tollbar.

    Anyhow, I was running Spybot - Search & Destroy v2.2.21.0 on Windows 7 32-bit. (ERUNT doesn't support Windows 7. Should I run it? Is there an alternative?)
    After completing a system scan, Spybot - Search & Destroy was unable to remove the following:

    Delta.Tollbar
    Settings :: HKLM\SOWTWARE\DataMngr :: Registry Key :: Adware-000 :: 15E43F9C

    Spybot - Search & Destroy Log (DDS and aswMBR logs are further down)

    Search results from Spybot - Search & Destroy

    31-Jan-14 00:23:00
    Scan took 00:17:41.
    7 items found.


    Delta.Toolbar: [SBI $15E43F9C] Settings (Registry Key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-3422875488-3658502439-2224259970-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3422875488-3658502439-2224259970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Explorer: [SBI $85C2C910] Last Copy/MoveTo folder (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-3422875488-3658502439-2224259970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder


    --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

    2013-09-20 blindman.exe (2.2.18.151)
    2013-09-20 explorer.exe (2.2.18.177)
    2013-09-20 SDBootCD.exe (2.2.18.109)
    2013-09-20 SDCleaner.exe (2.2.18.110)
    2013-09-20 SDDelFile.exe (2.2.18.94)
    2013-06-18 SDDisableProxy.exe
    2013-09-20 SDFiles.exe (2.2.18.135)
    2013-09-20 SDFileScanHelper.exe (2.2.16.1)
    2013-10-15 SDFSSvc.exe (2.2.25.211)
    2013-10-10 SDHookHelper.exe (2.3.30.2)
    2013-10-10 SDHookInst32.exe (2.3.30.2)
    2013-09-20 SDImmunize.exe (2.2.18.130)
    2013-05-16 SDLogReport.exe (2.1.18.107)
    2013-10-14 SDOnAccess.exe (2.2.25.4)
    2013-09-20 SDPESetup.exe (2.2.18.3)
    2013-09-20 SDPEStart.exe (2.2.18.86)
    2013-09-20 SDPhoneScan.exe (2.2.18.28)
    2013-09-20 SDPRE.exe (2.2.18.22)
    2013-09-20 SDPrepPos.exe (2.2.18.10)
    2013-09-20 SDQuarantine.exe (2.2.18.103)
    2013-09-20 SDRootAlyzer.exe (2.2.18.116)
    2013-09-20 SDSBIEdit.exe (2.2.18.39)
    2013-09-20 SDScan.exe (2.2.18.177)
    2013-09-20 SDScript.exe (2.2.18.53)
    2013-10-15 SDSettings.exe (2.2.25.138)
    2013-09-20 SDShell.exe (2.2.18.2)
    2013-09-20 SDShred.exe (2.2.18.107)
    2013-09-20 SDSysRepair.exe (2.2.18.101)
    2013-09-20 SDTools.exe (2.2.18.150)
    2013-07-25 SDTray.exe (2.1.21.129)
    2013-09-20 SDUpdate.exe (2.2.18.91)
    2013-09-20 SDUpdSvc.exe (2.2.18.76)
    2013-09-20 SDWelcome.exe (2.2.21.129)
    2013-09-13 SDWSCSvc.exe (2.2.22.2)
    2013-06-19 spybotsd2-translation-frx.exe
    2013-10-17 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
    2013-05-16 SDAV.dll
    2013-05-16 SDECon32.dll (2.1.18.113)
    2013-04-05 SDEvents.dll (2.1.16.2)
    2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
    2013-10-10 SDHook32.dll (2.3.30.2)
    2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
    2013-05-16 SDLicense.dll (2.1.18.0)
    2013-05-16 SDLists.dll (2.1.18.4)
    2013-05-16 SDResources.dll (2.1.18.7)
    2013-05-16 SDScanLibrary.dll (2.1.18.131)
    2013-05-16 SDTasks.dll (2.1.18.15)
    2013-05-16 SDWinLogon.dll (2.1.18.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2013-05-16 Tools.dll (2.1.18.36)
    2014-01-08 Includes\Adware-000.sbi (*)
    2014-01-08 Includes\Adware-001.sbi (*)
    2014-01-29 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-01-08 Includes\Dialer-000.sbi (*)
    2014-01-08 Includes\Dialer-001.sbi (*)
    2014-01-08 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2014-01-08 Includes\Hijackers-000.sbi (*)
    2014-01-08 Includes\Hijackers-001.sbi (*)
    2014-01-08 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2014-01-08 Includes\Keyloggers-000.sbi (*)
    2014-01-08 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2014-01-14 Includes\Malware-C.sbi (*)
    2013-05-29 Includes\Malware.sbi (*)
    2013-12-23 Includes\MalwareC.sbi (*)
    2014-01-15 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2014-01-29 Includes\PUPS-C.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2014-01-07 Includes\PUPSC.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2014-01-08 Includes\Security-C.sbi (*)
    2014-01-21 Includes\Security.sbi (*)
    2014-01-21 Includes\SecurityC.sbi (*)
    2014-01-08 Includes\Spyware-000.sbi (*)
    2014-01-08 Includes\Spyware-001.sbi (*)
    2014-01-08 Includes\Spyware-C.sbi (*)
    2014-01-21 Includes\Spyware.sbi (*)
    2014-01-21 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-01-15 Includes\Trojans-001.sbi (*)
    2014-01-15 Includes\Trojans-002.sbi (*)
    2014-01-15 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-01-15 Includes\Trojans-005.sbi (*)
    2014-01-15 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-01-15 Includes\Trojans-008.sbi (*)
    2014-01-15 Includes\Trojans-009.sbi (*)
    2014-01-29 Includes\Trojans-C.sbi (*)
    2014-01-15 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-01-15 Includes\Trojans-ZB-000.sbi (*)
    2014-01-15 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-16 Includes\TrojansC-01.sbi (*)
    2014-01-16 Includes\TrojansC-02.sbi (*)
    2014-01-16 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-16 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)

    DDS Log

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
    Run by Michael at 0:32:59 on 2014-01-31
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\System32\spoolsv.exe
    F:\Program Files\Bluetooth Suite\adminservice.exe
    F:\Program Files\AOMEI Backupper\ABService.exe
    F:\Program Files\DU Meter\DUMeterSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    F:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    F:\Program Files\Wise\Wise Care 365\WiseTray.exe
    F:\Program Files\Process Lasso\processgovernor.exe
    F:\Program Files\Process Lasso\processlasso.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    F:\Program Files\System Explorer\SystemExplorer.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    F:\Program Files\Unlocker\UnlockerAssistant.exe
    F:\Program Files\Bluetooth Suite\BtvStack.exe
    F:\Program Files\Bluetooth Suite\AthBtTray.exe
    F:\Program Files\Glary Utilities 4\Integrator.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    F:\Program Files\WordWeb\wweb32.exe
    F:\Program Files\Classic Shell\ClassicStartMenu.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    F:\Program Files\uTorrent\uTorrent.exe
    F:\Program Files\Ditto\Ditto.exe
    F:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    F:\Program Files\Internet Download Manager\IDMan.exe
    F:\Downloads\Programs\VectorClock-Sunset.exe
    C:\Program Files\Skype\Phone\Skype.exe
    F:\Program Files\PhraseExpress\phraseexpress.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    F:\Program Files\Internet Download Manager\IEMonitor.exe
    F:\PROGRA~1\DU Meter\DUMeter.exe
    F:\Program Files\System Explorer\service\SystemExplorerService.exe
    F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    C:\Windows\system32\sppsvc.exe
    F:\Program Files\tinySpell\tinyspell.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    F:\Program Files\LastPass\nplastpass.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    F:\Program Files\Samsung\Kies\KiesAirMessage.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\explorer.exe
    C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Windows\System32\WUDFHost.exe
    F:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Windows\system32\prevhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = about:blank
    uProxyServer = localhost:21320
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - f:\program files\internet download manager\IDMIECC.dll
    BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - f:\program files\classic shell\ClassicExplorer32.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - f:\program files\java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - f:\program files\bluetooth suite\IEPlugIn.dll
    BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - f:\program files\lastpass\LPToolbar.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - f:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - f:\program files\java\jre7\bin\jp2ssv.dll
    BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - f:\program files\classic shell\ClassicIEDLL_32.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - f:\program files\lastpass\LPToolbar.dll
    TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - f:\program files\classic shell\ClassicExplorer32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [uTorrent] "f:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [tinySpell] f:\program files\tinyspell\tinyspell.exe
    uRun: [Ditto] f:\program files\ditto\Ditto.exe
    uRun: [DU Meter] "f:\program files\du meter\DUMeter.exe" /autostart
    uRun: [Rainlendar2] f:\program files\rainlendar2\Rainlendar2.exe
    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
    uRun: [] f:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe Run
    uRun: [OfficeSyncProcess] "f:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [IDMan] f:\program files\internet download manager\IDMan.exe /onboot
    uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
    uRun: [Programs\Vector-Clock_VectorClock-Sunset] "f:\downloads\programs\VectorClock-Sunset.exe"
    uRun: [GUDelayStartup] f:\program files\glary utilities 4\StartupManager.exe -delayrun
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [KiesPreload] f:\program files\samsung\kies\Kies.exe /preload
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
    mRun: [SystemExplorerAutoStart] "f:\program files\system explorer\SystemExplorer.exe" /TRAY
    mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
    mRun: [UnlockerAssistant] "f:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [AtherosBtStack] "f:\program files\bluetooth suite\BtvStack.exe"
    mRun: [AthBtTray] "f:\program files\bluetooth suite\AthBtTray.exe"
    mRun: [BCSSync] "f:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [IAStorIcon] "f:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe" "f:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
    mRun: [Everything] "f:\program files\everything\Everything.exe" -startup
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtkNGUI.exe" -s
    mRun: [WordWeb] "f:\program files\wordweb\wweb32.exe" -startup
    mRun: [Classic Start Menu] "f:\program files\classic shell\ClassicStartMenu.exe" -autorun
    uPolicies-Explorer: NoNetConnectDisconnect = dword:1
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
    mPolicies-Explorer: HideClock = dword:1
    mPolicies-Explorer: LockTaskbar = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: SynchronousMachineGroupPolicy = dword:0
    mPolicies-System: SynchronousUserGroupPolicy = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - f:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - f:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - f:\progra~1\microsoft office\office14\EXCEL.EXE/3000
    IE: LastPass - c:\users\michael\appdata\locallow\lastpass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - c:\users\michael\appdata\locallow\lastpass\context.html?cmd=fillforms
    IE: Se&nd to OneNote - f:\progra~1\microsoft office\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - f:\program files\lastpass\LPToolbar.dll
    IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - f:\program files\classic shell\ClassicIE_32.exe
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - f:\program files\bluetooth suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048} : NameServer = 8.8.8.8,8.8.4.4,
    TCP: Interfaces\{8D455361-BC46-4759-9F56-A31844B9B5F5} : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
    TCP: Interfaces\{8D455361-BC46-4759-9F56-A31844B9B5F5} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    AppInit_DLLs= ~
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\program files\microsoft office\office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\15vdszyg.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.th4u.com
    FF - prefs.js: keyword.URL - hxxp://th.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIIPT.dll
    FF - plugin: c:\program files\intel\intel(r) management engine components\ipt\npIntelWebAPIUpdater.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\users\michael\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\users\michael\appdata\roaming\mozilla\plugins\npo1d.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
    FF - plugin: f:\progra~1\microsoft office\office14\NPAUTHZ.DLL
    FF - plugin: f:\progra~1\microsoft office\office14\NPSPWRAP.DLL
    FF - plugin: f:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: f:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: f:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: f:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: f:\program files\videolan\vlc\npvlc.dll
    FF - plugin: f:\program files\wordweb\wcapturemoz\plugins\npWCX.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? ????????tI";????4????t"
    R? ampa;ampa
    R? androidusb;SAMSUNG Android Composite ADB Interface Driver
    R? ATHDFU;Atheros Valkyrie USB BootROM
    R? AtiDCM;AtiDCM
    R? avckf;avckf
    R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
    R? BrowserDefendert;BrowserDefendert
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? IEEtwCollectorService;Internet Explorer ETW Collector Service
    R? Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface
    R? LiveUpdateSvc;LiveUpdate
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? Revoflt;Revoflt
    R? SkypeUpdate;Skype Updater
    R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
    R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
    R? ssadmdm;SAMSUNG Android USB Modem Drivers
    R? ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM)
    R? TsUsbFlt;TsUsbFlt
    R? TsUsbGD;Remote Desktop Generic USB Device
    R? WatAdminSvc;Windows Activation Technologies Service
    R? WiseBootAssistant;Wise Boot Assistant
    S? ambakdrv;ambakdrv
    S? ammntdrv;ammntdrv
    S? amwrtdrv;amwrtdrv
    S? asmthub3;ASMedia USB3 Hub Service
    S? asmtxhci;ASMEDIA XHCI Service
    S? AthBTPort;Atheros Virtual Bluetooth Class
    S? AtherosSvc;AtherosSvc
    S? avc3;avc3
    S? Backupper Service;AOMEI Backupper Scheduler Service
    S? bdfwfpf;bdfwfpf
    S? BootDefragDriver;BootDefragDriver
    S? BTATH_A2DP;Bluetooth A2DP Audio Driver
    S? BTATH_BUS;Atheros Bluetooth Bus
    S? BTATH_HCRP;Bluetooth HCRP Server driver
    S? BTATH_LWFLT;Bluetooth LWFLT Device
    S? BTATH_RCP;Bluetooth AVRCP Device
    S? BtFilter;BtFilter
    S? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
    S? DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver
    S? DUMeterSvc;DU Meter Service
    S? gzflt;gzflt
    S? gzserv;Bitdefender Antivirus Free Edition
    S? HWiNFO32;HWiNFO32/64 Kernel Driver
    S? iaStorA;iaStorA
    S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
    S? iaStorF;iaStorF
    S? IDMWFP;IDMWFP
    S? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
    S? Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service
    S? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
    S? MBAMProtector;MBAMProtector
    S? MBAMScheduler;MBAMScheduler
    S? MBAMService;MBAMService
    S? MEI;Intel(R) Management Engine Interface
    S? MpFilter;Microsoft Malware Protection Driver
    S? NvStreamSvc;NVIDIA Streamer Service
    S? nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
    S? SDScannerService;Spybot-S&D 2 Scanner Service
    S? SDUpdateService;Spybot-S&D 2 Updating Service
    S? SDWSCService;Spybot-S&D 2 Security Center Service
    S? Skype C2C Service;Skype C2C Service
    S? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
    S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
    S? SystemExplorerHelpService;System Explorer Service
    S? TeamViewer9;TeamViewer 9
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\win32pad.exe="f:\program files\win32pad\win32pad.exe" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-01-28 12:26:25 1573488 ----a-w- c:\windows\ampa.exe
    2014-01-28 12:26:25 14448 ----a-w- c:\windows\system32\ampa.sys
    2014-01-22 16:55:06 -------- d-----w- c:\users\michael\appdata\local\Skype
    2014-01-22 11:16:04 -------- d-----w- c:\users\michael\appdata\roaming\GlarySoft
    2014-01-22 11:16:02 14528 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
    2014-01-22 11:16:02 101664 ----a-w- c:\windows\system32\BootDefrag.exe
    2014-01-18 10:12:00 243904 ----a-w- c:\windows\system32\StartMenuHelper32.dll
    2014-01-16 23:37:52 108000 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2014-01-15 11:43:12 2349056 ----a-w- c:\windows\system32\win32k.sys
    2014-01-15 11:43:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
    2014-01-15 11:43:04 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2014-01-15 11:43:04 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2014-01-15 11:43:04 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2014-01-15 11:43:04 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2014-01-15 11:43:04 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2014-01-15 11:43:04 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2014-01-15 11:43:04 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2014-01-15 11:39:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-01-11 16:16:27 -------- d-----w- c:\program files\common files\Innovative Solutions
    2014-01-11 15:51:19 -------- d-----w- c:\users\michael\appdata\local\Innovative Solutions
    2014-01-11 15:32:44 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
    2014-01-07 15:54:43 -------- d-----w- c:\users\michael\appdata\roaming\DropboxMaster
    2014-01-07 03:34:51 -------- d-----w- c:\users\michael\appdata\roaming\Wise Care 365
    2014-01-07 01:19:31 -------- d-----w- c:\users\michael\appdata\roaming\ChemTable Software
    2014-01-07 01:09:09 -------- d-----w- c:\users\michael\appdata\local\ChemTable Software
    2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
    2014-01-04 16:26:05 50688 ----a-w- c:\windows\system32\admwprox.dll
    2014-01-04 16:26:05 154624 ----a-w- c:\windows\system32\iisRtl.dll
    2014-01-04 16:26:03 26624 ----a-w- c:\windows\system32\ahadmin.dll
    2014-01-04 16:26:03 15360 ----a-w- c:\windows\system32\iisreset.exe
    2014-01-04 16:26:03 10752 ----a-w- c:\windows\system32\wamregps.dll
    2014-01-04 16:26:02 8192 ----a-w- c:\windows\system32\iisrstap.dll
    2014-01-04 06:41:36 -------- d-----w- c:\windows\system32\BestPractices
    2014-01-04 06:41:36 -------- d-----w- C:\inetpub
    2013-12-31 19:17:43 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
    .
    ==================== Find3M ====================
    .
    2014-01-28 12:27:41 1024 ---h--w- C:\AMTAG.BIN
    2014-01-14 11:56:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-01-14 11:56:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-01-11 10:04:48 3329288 ----a-w- c:\windows\system32\wweb32.dll
    2013-12-29 17:08:04 9357824 ----a-w- c:\program files\common files\lpuninstall.exe
    2013-12-08 04:01:50 1024 ---ha-w- C:\SYSTAG.BIN
    2013-12-03 19:23:26 892704 ----a-w- c:\windows\system32\nvhdagenco32.dll
    2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
    2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-11-26 08:29:52 108032 ------w- c:\windows\system32\ieetwcollector.exe
    2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
    2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
    2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
    2013-11-26 05:53:51 16384 ----a-w- C:\FixitRegBackup.reg
    2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-11-16 14:08:33 73368 ----a-w- c:\windows\system32\drivers\hola_mon_drv.sys
    2013-11-16 14:08:33 476056 ----a-w- c:\windows\system32\drivers\hola_drv.sys
    2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-11-05 12:47:54 2888536 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
    2013-11-05 11:55:00 38385664 ----a-w- c:\windows\system32\RCoRes.dat
    2013-11-04 12:26:24 124632 ----a-w- c:\windows\system32\RtkCoInstII.dll
    2013-11-04 04:11:44 2328792 ----a-w- c:\windows\system32\RtkAPO.dll
    .
    ============= FINISH: 0:35:09.66 ===============

    attach.zip

    aswMBR Log

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-01-31 00:49:10
    -----------------------------
    00:49:10.301 OS Version: Windows 6.1.7601 Service Pack 1
    00:49:10.301 Number of processors: 4 586 0x2A07
    00:49:10.303 ComputerName: MICHAEL-PC UserName: Michael
    00:49:13.003 Initialize success
    01:00:56.532 AVAST engine defs: 14013000
    01:01:25.641 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
    01:01:25.643 Disk 0 Vendor: ST330062 3.AA Size: 286168MB BusType: 11
    01:01:25.761 Disk 0 MBR read successfully
    01:01:25.769 Disk 0 MBR scan
    01:01:25.906 Disk 0 Windows 7 default MBR code
    01:01:25.911 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
    01:01:25.936 Disk 0 Partition - 00 05 Extended 246167 MB offset 81915435
    01:01:25.957 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 81915498
    01:01:25.977 Disk 0 Partition - 00 05 Extended 20732 MB offset 286712055
    01:01:25.996 Disk 0 scanning sectors +586067265
    01:01:26.185 Disk 0 scanning C:\Windows\system32\drivers
    01:01:47.921 Service scanning
    01:01:51.453 Service bdfwfpf F:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
    01:01:51.478 Service bdselfpr F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys **LOCKED** 5
    01:02:23.352 Modules scanning
    01:02:35.518 Disk 0 trace - called modules:
    01:02:35.545 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys halmacpi.dll storport.sys iaStorA.sys
    01:02:35.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88d83518]
    01:02:35.552 3 CLASSPNP.SYS[8c65659e] -> nt!IofCallDriver -> [0x88d83a70]
    01:02:35.556 5 iaStorF.sys[8c5f7868] -> nt!IofCallDriver -> [0x87c40828]
    01:02:35.559 7 ACPI.sys[8baca3d4] -> nt!IofCallDriver -> \Device\00000067[0x86949228]
    01:02:36.112 AVAST engine scan C:\Windows
    01:02:39.012 AVAST engine scan C:\Windows\system32
    01:09:24.707 AVAST engine scan C:\Windows\system32\drivers
    01:09:45.586 AVAST engine scan C:\Users\Michael
    01:17:55.738 AVAST engine scan C:\ProgramData
    01:19:08.208 Scan finished successfully
    01:19:52.469 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
    01:19:52.498 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

    ====

    Thank you in advance for assistance.

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hi and welcome

    Tweaking.com Registry Backup

    Tweaking.com Registry Backup
    • Download the tool found here to your Desktop so it is easy to find.
    • Double click on the file you just downloaded
      to install it to your system.
    • Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
      **Note** The tool should automatically open to the Backup Registry tab.


    • Press Backup Now
    • When the back up is complete, the tool will tell you that Successful */* Files Backed Up
    • You have now successfully backed up your Registry.


    Once you have the tool downloaded there is a tab labeled Settings where you can set where the backups are saved at.

    ************************************************

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    (use correct version for your system.....Which system am I using?)


    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Thank you for the reply, Juliet.

    1. I have successfully backed up my registry with the Tweaking.com - Registry Backup 1.6.9. Although, I was not able to download it from bleepingcomputer.com, so I downloaded it from majorgeeks.com.

    14/14 Registry Files Backed up.

    ************************************************

    2. Farbar Recovery Scan Tool

    Here is the First.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
    Ran by Michael (administrator) on MICHAEL-PC on 31-01-2014 23:00:48
    Running from C:\Users\Michael\Desktop
    Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) ===================

    (Bitdefender) F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Atheros Commnucations) F:\Program Files\Bluetooth Suite\AdminService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AOMEI Tech Co., Ltd.) F:\Program Files\AOMEI Backupper\ABService.exe
    (Hagel Technologies Ltd.) F:\Program Files\DU Meter\DUMeterSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Bitdefender) F:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    (WiseCleaner.com) F:\Program Files\Wise\Wise Care 365\WiseTray.exe
    (Bitsum LLC) F:\Program Files\Process Lasso\ProcessGovernor.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    (Bitsum LLC) F:\Program Files\Process Lasso\ProcessLasso.exe
    (Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    (Malwarebytes Corporation) F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    (Mister Group) F:\Program Files\System Explorer\SystemExplorer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    () F:\Program Files\Unlocker\UnlockerAssistant.exe
    () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    (Atheros Commnucations) F:\Program Files\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) F:\Program Files\Bluetooth Suite\AthBtTray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Glarysoft Ltd) F:\Program Files\Glary Utilities 4\Integrator.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    (WordWeb Software) F:\Program Files\WordWeb\wweb32.exe
    (IvoSoft) F:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (BitTorrent, Inc.) F:\Program Files\uTorrent\uTorrent.exe
    () F:\Program Files\Ditto\Ditto.exe
    () F:\Program Files\Rainlendar2\Rainlendar2.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (Tonec Inc.) F:\Program Files\Internet Download Manager\IDMan.exe
    () F:\Downloads\Programs\VectorClock-Sunset.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Bartels Media GmbH) F:\Program Files\PhraseExpress\phraseexpress.exe
    (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Hagel Technologies Ltd.) F:\Program Files\DU Meter\DUMeter.exe
    (Mister Group) F:\Program Files\System Explorer\service\SystemExplorerService.exe
    (Tonec Inc.) F:\Program Files\Internet Download Manager\IEMonitor.exe
    (Samsung Electronics Co., Ltd.) F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    (Intel Corporation) F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Samsung Electronics) F:\Program Files\Samsung\Kies\KiesAirMessage.exe
    (Samsung) F:\Program Files\Samsung\Kies\Kies.exe
    (Intel Corporation) F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Google Inc.) C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (KEDMI Scientific Computing) F:\Program Files\tinySpell\tinyspell.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (LastPass) F:\Program Files\LastPass\nplastpass.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Gennady Feldman) F:\Program Files\Win32Pad\win32pad.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Tweaking.com) F:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Tweaking.com) F:\Program Files\Tweaking.com\Registry Backup\files\vss_start.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) F:\Program Files\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_32.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Tweaking.com) F:\Program Files\Tweaking.com\Registry Backup\files\vss_pause.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
    HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
    HKLM\...\Run: [SystemExplorerAutoStart] - F:\Program Files\System Explorer\SystemExplorer.exe [2860064 2013-11-30] (Mister Group)
    HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation)
    HKLM\...\Run: [UnlockerAssistant] - F:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
    HKLM\...\Run: [AtherosBtStack] - F:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-13] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] - F:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-13] (Atheros Commnucations)
    HKLM\...\Run: [BCSSync] - F:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM\...\Run: [IAStorIcon] - F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [Everything] - F:\Program Files\Everything\Everything.exe [602624 2009-03-13] ()
    HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6336216 2013-11-04] (Realtek Semiconductor)
    HKLM\...\Run: [WordWeb] - F:\Program Files\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
    HKLM\...\Run: [Classic Start Menu] - F:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-01-18] (IvoSoft)
    HKLM\...\Policies\Explorer: [HideClock] 1
    HKLM\...\Policies\Explorer: [LockTaskbar] 1
    HKCU\...\Run: [uTorrent] - F:\Program Files\uTorrent\uTorrent.exe [968592 2013-04-19] (BitTorrent, Inc.)
    HKCU\...\Run: [tinySpell] - F:\Program Files\tinySpell\tinyspell.exe [281088 2012-11-12] (KEDMI Scientific Computing)
    HKCU\...\Run: [Ditto] - F:\Program Files\Ditto\Ditto.exe [1433200 2012-11-08] ()
    HKCU\...\Run: [DU Meter] - F:\Program Files\DU Meter\DUMeter.exe [4245400 2013-07-31] (Hagel Technologies Ltd.)
    HKCU\...\Run: [Rainlendar2] - F:\Program Files\Rainlendar2\Rainlendar2.exe [2611808 2014-01-20] ()
    HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
    HKCU\...\Run: [] - F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
    HKCU\...\Run: [OfficeSyncProcess] - F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
    HKCU\...\Run: [IDMan] - F:\Program Files\Internet Download Manager\IDMan.exe [3825232 2014-01-17] (Tonec Inc.)
    HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    HKCU\...\Run: [Programs\Vector-Clock_VectorClock-Sunset] - F:\Downloads\Programs\VectorClock-Sunset.exe [1162096 2013-07-09] ()
    HKCU\...\Run: [GUDelayStartup] - F:\Program Files\Glary Utilities 4\StartupManager.exe [37152 2014-01-22] (Glarysoft Ltd)
    HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20724384 2014-01-14] (Skype Technologies S.A.)
    HKCU\...\Run: [KiesPreload] - F:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
    HKCU\...\Policies\Explorer: [NoNetConnectDisconnect] 1
    HKCU\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    MountPoints2: {ee116688-99b5-11e2-8e97-806e6f6e6963} - G:\setup.exe
    AppInit_DLLs: ~ => File Not Found
    Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    ProxyServer: localhost:21320
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKCU - {6BD0964E-8B2C-4F7F-B683-D9D918FFD511} URL = http://th.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
    BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - F:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - F:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - F:\Program Files\LastPass\LPToolbar.dll (LastPass)
    BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - F:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - F:\Program Files\LastPass\LPToolbar.dll (LastPass)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - F:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048}: [NameServer]8.8.8.8,8.8.4.4,
    Tcpip\..\Interfaces\{8D455361-BC46-4759-9F56-A31844B9B5F5}: [NameServer]8.8.8.8,8.8.4.4,192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default
    FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\user.js
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://www.th4u.com
    FF Keyword.URL: hxxp://th.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 - F:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin: @java.com/DTPlugin,version=10.51.2 - F:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 - F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - F:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - F:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.0 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michael\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\searchplugins\google-translate-any--en.xml
    FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\searchplugins\googlecom-in-english.xml
    FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\searchplugins\yahoo-answers.xml
    FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-01-23]
    FF Extension: AccelerateTab - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\speeddial@instair.net [2013-08-20]
    FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\staged [2014-01-23]
    FF Extension: LastPass - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\support@lastpass.com [2013-12-30]
    FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\trash [2014-01-23]
    FF Extension: Add Google Search To New Tab Page - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2013-09-17]
    FF HKLM\...\Firefox\Extensions: [wcapturex@deskperience.com] - F:\Program Files\WordWeb\\WCaptureMoz
    FF Extension: WordWeb one-click lookup - F:\Program Files\WordWeb\\WCaptureMoz [2013-04-02]
    FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5 [2014-01-17]
    FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\Michael\AppData\Roaming\IDM\idmmzcc5 [2014-01-17]
    FF StartMenuInternet: FIREFOX.EXE - F:\Program Files\Mozilla Firefox\firefox.exe

    Chrome:
    =======
    CHR HomePage: hxxp://www.th4u.com/
    CHR DefaultSearchKeyword: http://www.google.com/ncr
    CHR DefaultNewTabURL:
    CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12]
    CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-15]
    CHR Extension: (Live Earnings Checker for Google AdSense™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbicjibfhlghijbhbcmppmajlmgbgoh [2013-05-23]
    CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-15]
    CHR Extension: (Hola Better Internet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-04-15]
    CHR Extension: (LastPass) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-04-15]
    CHR Extension: (IDM Integration Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-07-27]
    CHR Extension: (Wikipedia Quick Hints) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnhgfghebflgcndlbppfanbchpgmkna [2013-04-15]
    CHR Extension: (TV for Google Chrome™) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe [2013-05-15]
    CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-12-07]
    CHR Extension: (Thesaurus Extension) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlghihanpgbalbphnffoehfkbcfcpic [2013-04-15]
    CHR Extension: (Google Dictionary (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-04-15]
    CHR Extension: (FastestFox for Chrome) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-04-15]
    CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (Google Publisher Toolbar) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2013-05-23]
    CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-15]
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-01-17]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
    CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - F:\Program Files\WordWeb\wcxChrome.crx [2013-04-02]
    CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-12]

    ========================== Services (Whitelisted) =================

    R2 AtherosSvc; F:\Program Files\Bluetooth Suite\adminservice.exe [68768 2011-03-13] (Atheros Commnucations)
    R2 Backupper Service; F:\Program Files\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
    R2 DUMeterSvc; F:\Program Files\DU Meter\DUMeterSvc.exe [2385304 2013-07-31] (Hagel Technologies Ltd.)
    R2 gzserv; F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [54424 2013-10-08] (Bitdefender)
    R2 IAStorDataMgrSvc; F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2013-02-13] (Intel(R) Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-02-13] (Intel(R) Corporation)
    R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)
    R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
    R2 MBAMScheduler; F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S3 Microsoft SharePoint Workspace Audit Service; F:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14573856 2013-08-28] (NVIDIA Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    R3 SystemExplorerHelpService; F:\Program Files\System Explorer\service\SystemExplorerService.exe [567256 2012-11-25] (Mister Group)
    S2 WiseBootAssistant; F:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)
    S2 BrowserDefendert; No ImagePath
    S2 LiveUpdateSvc; No ImagePath
    S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    U2 楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數＀￿" [x]

    ==================== Drivers (Whitelisted) ====================

    R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] ()
    R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] ()
    S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-11-29] ()
    R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] ()
    R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
    R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
    R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-13] (Atheros)
    S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [43680 2011-03-13] (Windows (R) Win 7 DDK provider)
    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
    S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
    R1 bdfwfpf; F:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [108008 2013-10-23] (Bitdefender SRL)
    R1 bdselfpr; F:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-10-23] (BitDefender LLC)
    R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
    R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-13] (Atheros)
    R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-13] (Atheros)
    R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-13] (Atheros)
    R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-13] (Atheros)
    R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-13] (Atheros)
    R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-13] (Atheros)
    R3 DUMeterDrv; F:\Program Files\DU Meter\DUMETR32.SYS [19944 2013-03-01] (Hagel Technologies Ltd.)
    R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2013-02-21] (Intel Corporation)
    R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
    R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [21624 2013-04-01] (REALiX(tm))
    R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [505192 2013-08-07] (Intel Corporation)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25448 2013-08-07] (Intel Corporation)
    R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [106296 2012-09-17] (JMicron Technology Corp.)
    S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
    R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85976 2013-03-20] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-08-20] (NVIDIA Corporation)
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
    U5 UnlockerDriver5; F:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-05] ()

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-31 23:00 - 2014-01-31 23:02 - 00031439 _____ C:\Users\Michael\Desktop\FRST.txt
    2014-01-31 22:58 - 2014-01-31 22:55 - 01137152 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
    2014-01-31 22:57 - 2014-01-31 23:00 - 00000000 ____D C:\FRST
    2014-01-31 22:49 - 2014-01-31 22:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MICHAEL-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
    2014-01-31 22:48 - 2014-01-31 22:48 - 00000000 ____D C:\RegBackup
    2014-01-31 22:41 - 2014-01-31 22:41 - 00001062 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-01-31 21:13 - 2014-01-31 21:13 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-01-31 21:12 - 2014-01-31 21:12 - 00000352 _____ C:\Windows\PFRO.log
    2014-01-31 20:41 - 2014-01-31 20:41 - 00000674 _____ C:\Users\Michael\Desktop\The Bat!.lnk
    2014-01-31 20:29 - 2014-01-31 20:29 - 00000000 ____D C:\ProgramData\SetApp
    2014-01-31 20:12 - 2013-11-15 19:25 - 00010112 _____ C:\Users\Michael\ACCOUNT.~FLB
    2014-01-31 15:01 - 2014-01-31 15:01 - 00109208 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-01-31 15:00 - 2014-01-31 21:13 - 00000672 _____ C:\Windows\setupact.log
    2014-01-31 15:00 - 2014-01-31 15:00 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-31 14:59 - 2014-01-31 15:00 - 00409816 _____ C:\Windows\system32\FNTCACHE.DAT
    2014-01-31 07:56 - 2014-01-31 22:55 - 00048281 _____ C:\Windows\WindowsUpdate.log
    2014-01-31 01:19 - 2014-01-31 01:19 - 00002419 _____ C:\Users\Michael\Desktop\aswMBR.txt
    2014-01-31 01:19 - 2014-01-31 01:19 - 00000512 _____ C:\Users\Michael\Desktop\MBR.dat
    2014-01-31 00:43 - 2014-01-31 00:43 - 00002010 _____ C:\Users\Michael\Desktop\attach.zip
    2014-01-31 00:35 - 2014-01-31 00:35 - 00025472 _____ C:\Users\Michael\Desktop\dds.txt
    2014-01-31 00:35 - 2014-01-31 00:35 - 00004303 _____ C:\Users\Michael\Desktop\attach.txt
    2014-01-31 00:22 - 2014-01-31 00:23 - 00000000 ____D C:\Users\Michael\Desktop\Spybot S&D
    2014-01-30 23:45 - 2014-01-30 23:45 - 04745728 _____ (AVAST Software) C:\Users\Michael\Desktop\aswMBR.exe
    2014-01-30 23:38 - 2014-01-30 23:38 - 00688992 ____R (Swearware) C:\Users\Michael\Desktop\dds.scr
    2014-01-29 08:27 - 2014-01-30 00:05 - 00000000 ____D C:\Windows\Minidump
    2014-01-28 19:26 - 2014-01-28 19:26 - 00000887 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Pro Edition 5.5.lnk
    2014-01-28 19:26 - 2013-11-29 20:42 - 01573488 _____ C:\Windows\ampa.exe
    2014-01-28 19:26 - 2013-11-29 10:31 - 00014448 _____ C:\Windows\system32\ampa.sys
    2014-01-28 17:13 - 2014-01-28 17:13 - 00000956 _____ C:\Users\UpdatusUser\Desktop\DownloadHashVerifier.lnk
    2014-01-28 17:13 - 2014-01-28 17:13 - 00000956 _____ C:\Users\Michael\Desktop\DownloadHashVerifier.lnk
    2014-01-22 23:55 - 2014-01-22 23:55 - 00000000 ____D C:\Users\Michael\AppData\Local\Skype
    2014-01-22 23:54 - 2014-01-22 23:54 - 00000000 ____D C:\Program Files\Common Files\Skype
    2014-01-22 18:16 - 2014-01-24 08:07 - 00000743 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
    2014-01-22 18:16 - 2014-01-24 08:07 - 00000324 _____ C:\Windows\Tasks\GlaryInitialize 4.job
    2014-01-22 18:16 - 2014-01-22 18:16 - 00000000 ____D C:\Users\Michael\AppData\Roaming\GlarySoft
    2014-01-22 18:16 - 2014-01-22 08:16 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
    2014-01-22 18:16 - 2014-01-22 08:09 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
    2014-01-22 10:17 - 2014-01-22 10:33 - 00000000 ____D C:\Users\Michael\Desktop\GMER
    2014-01-18 17:12 - 2014-01-18 17:12 - 00243904 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper32.dll
    2014-01-18 14:54 - 2014-01-18 14:54 - 00174142 _____ C:\Users\Michael\Desktop\gmer.log
    2014-01-17 06:37 - 2013-11-28 07:24 - 00108000 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
    2014-01-15 18:43 - 2013-11-27 08:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2014-01-15 18:43 - 2013-11-27 08:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2014-01-15 18:43 - 2013-11-27 08:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2014-01-15 18:43 - 2013-11-27 08:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2014-01-15 18:43 - 2013-11-27 08:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2014-01-15 18:43 - 2013-11-27 08:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2014-01-15 18:43 - 2013-11-27 08:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2014-01-15 18:43 - 2013-11-26 18:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2014-01-15 18:43 - 2013-11-26 17:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-01-15 18:39 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2014-01-15 18:39 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-01-15 18:39 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-01-15 18:39 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-01-11 23:16 - 2014-01-11 23:16 - 00000000 ____D C:\Program Files\Common Files\Innovative Solutions
    2014-01-11 22:51 - 2014-01-11 22:51 - 00000000 ____D C:\Users\Michael\AppData\Local\Innovative Solutions
    2014-01-11 22:32 - 2009-11-05 12:24 - 00042496 _____ C:\Windows\system32\AdvUninstCPL.cpl
    2014-01-08 09:20 - 2014-01-09 14:49 - 00000260 _____ C:\Users\Michael\Desktop\NVidia drivers.txt
    2014-01-07 22:54 - 2014-01-07 22:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DropboxMaster
    2014-01-07 22:47 - 2014-01-07 22:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-01-07 10:37 - 2014-01-31 21:13 - 00000402 _____ C:\Windows\Tasks\Wise Care 365.job
    2014-01-07 10:34 - 2014-01-31 21:14 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Wise Care 365
    2014-01-07 10:34 - 2014-01-07 10:34 - 00000811 _____ C:\Users\Public\Desktop\Wise Care 365.lnk
    2014-01-07 08:19 - 2014-01-07 08:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ChemTable Software
    2014-01-07 08:09 - 2014-01-07 08:09 - 00000000 ____D C:\Users\Michael\AppData\Local\ChemTable Software
    2014-01-07 02:23 - 2014-01-07 02:23 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
    2014-01-07 01:50 - 2014-01-07 01:50 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
    2014-01-04 23:26 - 2012-06-01 11:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
    2014-01-04 23:26 - 2012-06-01 11:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
    2014-01-04 23:26 - 2012-06-01 11:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
    2014-01-04 23:26 - 2012-06-01 11:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
    2014-01-04 23:26 - 2012-06-01 11:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
    2014-01-04 23:26 - 2012-06-01 11:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
    2014-01-04 13:41 - 2014-01-04 13:41 - 00000000 ____D C:\Windows\system32\BestPractices
    2014-01-04 13:41 - 2014-01-04 13:41 - 00000000 ____D C:\inetpub
    2014-01-01 02:17 - 2014-01-01 02:17 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center

    ==================== One Month Modified Files and Folders =======

    2014-01-31 23:02 - 2014-01-31 23:00 - 00031439 _____ C:\Users\Michael\Desktop\FRST.txt
    2014-01-31 23:02 - 2013-04-01 21:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\uTorrent
    2014-01-31 23:00 - 2014-01-31 22:57 - 00000000 ____D C:\FRST
    2014-01-31 23:00 - 2013-04-01 18:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
    2014-01-31 22:58 - 2013-04-02 00:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DMCache
    2014-01-31 22:55 - 2014-01-31 22:58 - 01137152 _____ (Farbar) C:\Users\Michael\Desktop\FRST.exe
    2014-01-31 22:55 - 2014-01-31 07:56 - 00048281 _____ C:\Windows\WindowsUpdate.log
    2014-01-31 22:54 - 2013-04-05 20:55 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Ditto
    2014-01-31 22:50 - 2013-11-24 00:45 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cee873bbaba2f8.job
    2014-01-31 22:49 - 2014-01-31 22:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MICHAEL-PC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
    2014-01-31 22:48 - 2014-01-31 22:48 - 00000000 ____D C:\RegBackup
    2014-01-31 22:41 - 2014-01-31 22:41 - 00001062 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-01-31 22:40 - 2013-09-26 02:39 - 00000000 ____D C:\Users\Michael\AppData\Roaming\vlc
    2014-01-31 22:37 - 2013-04-15 12:58 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-31 22:19 - 2013-04-09 23:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-31 21:44 - 2013-10-07 23:32 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ClassicShell
    2014-01-31 21:16 - 2013-04-02 02:06 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
    2014-01-31 21:14 - 2014-01-07 10:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Wise Care 365
    2014-01-31 21:14 - 2013-06-19 19:32 - 00000000 ___RD C:\Users\Michael\Google Drive
    2014-01-31 21:14 - 2013-05-11 16:36 - 00000000 ____D C:\Users\Michael\.rainlendar2
    2014-01-31 21:13 - 2014-01-31 21:13 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2014-01-31 21:13 - 2014-01-31 15:00 - 00000672 _____ C:\Windows\setupact.log
    2014-01-31 21:13 - 2014-01-07 10:37 - 00000402 _____ C:\Windows\Tasks\Wise Care 365.job
    2014-01-31 21:13 - 2013-11-24 00:44 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cee873b8b0f56d.job
    2014-01-31 21:13 - 2013-04-15 12:58 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-31 21:13 - 2013-04-01 18:20 - 00000000 ____D C:\ProgramData\NVIDIA
    2014-01-31 21:13 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-31 21:12 - 2014-01-31 21:12 - 00000352 _____ C:\Windows\PFRO.log
    2014-01-31 21:10 - 2013-04-02 01:03 - 00000000 ____D C:\Users\Michael\Documents\PhraseExpress
    2014-01-31 21:00 - 2013-05-31 21:46 - 00000382 _____ C:\Windows\Tasks\Wise Turbo Checker.job
    2014-01-31 20:43 - 2013-04-08 09:52 - 00011732 _____ C:\Users\Michael\Account.CFN
    2014-01-31 20:43 - 2013-04-02 16:32 - 00000000 ____D C:\Users\Michael\AppData\Roaming\The Bat!
    2014-01-31 20:41 - 2014-01-31 20:41 - 00000674 _____ C:\Users\Michael\Desktop\The Bat!.lnk
    2014-01-31 20:29 - 2014-01-31 20:29 - 00000000 ____D C:\ProgramData\SetApp
    2014-01-31 20:29 - 2013-09-05 15:02 - 00000000 ____D C:\ProgramData\InstallMate
    2014-01-31 20:12 - 2013-04-08 09:53 - 00000000 ____D C:\Users\Michael\Trash
    2014-01-31 20:12 - 2013-03-30 21:05 - 00000000 ____D C:\Users\Michael
    2014-01-31 19:40 - 2013-10-18 21:21 - 00000930 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
    2014-01-31 19:39 - 2013-04-05 19:29 - 00000000 ____D C:\Program Files\Calibre2
    2014-01-31 19:12 - 2013-04-02 15:42 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
    2014-01-31 15:01 - 2014-01-31 15:01 - 00109208 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-01-31 15:00 - 2014-01-31 15:00 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-31 15:00 - 2014-01-31 14:59 - 00409816 _____ C:\Windows\system32\FNTCACHE.DAT
    2014-01-31 10:34 - 2013-10-18 10:09 - 00000000 ____D C:\Users\Michael\AppData\Local\PrivaZer
    2014-01-31 10:33 - 2013-04-03 17:24 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WordWeb
    2014-01-31 10:02 - 2013-04-06 00:16 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IDM
    2014-01-31 02:00 - 2009-07-14 11:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-31 02:00 - 2009-07-14 11:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-31 01:19 - 2014-01-31 01:19 - 00002419 _____ C:\Users\Michael\Desktop\aswMBR.txt
    2014-01-31 01:19 - 2014-01-31 01:19 - 00000512 _____ C:\Users\Michael\Desktop\MBR.dat
    2014-01-31 00:43 - 2014-01-31 00:43 - 00002010 _____ C:\Users\Michael\Desktop\attach.zip
    2014-01-31 00:35 - 2014-01-31 00:35 - 00025472 _____ C:\Users\Michael\Desktop\dds.txt
    2014-01-31 00:35 - 2014-01-31 00:35 - 00004303 _____ C:\Users\Michael\Desktop\attach.txt
    2014-01-31 00:23 - 2014-01-31 00:22 - 00000000 ____D C:\Users\Michael\Desktop\Spybot S&D
    2014-01-30 23:45 - 2014-01-30 23:45 - 04745728 _____ (AVAST Software) C:\Users\Michael\Desktop\aswMBR.exe
    2014-01-30 23:38 - 2014-01-30 23:38 - 00688992 ____R (Swearware) C:\Users\Michael\Desktop\dds.scr
    2014-01-30 18:20 - 2013-04-02 02:07 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-01-30 09:42 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2014-01-30 08:31 - 2013-04-24 23:17 - 00000867 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
    2014-01-30 08:27 - 2013-09-03 09:03 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
    2014-01-30 00:05 - 2014-01-29 08:27 - 00000000 ____D C:\Windows\Minidump
    2014-01-30 00:05 - 2013-05-24 14:42 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
    2014-01-29 22:22 - 2009-07-14 09:37 - 00000000 ___RD C:\Users\Public
    2014-01-29 11:00 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\LogFiles
    2014-01-28 19:27 - 2013-12-08 10:56 - 00001024 ____H C:\AMTAG.BIN
    2014-01-28 19:26 - 2014-01-28 19:26 - 00000887 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Pro Edition 5.5.lnk
    2014-01-28 17:13 - 2014-01-28 17:13 - 00000956 _____ C:\Users\UpdatusUser\Desktop\DownloadHashVerifier.lnk
    2014-01-28 17:13 - 2014-01-28 17:13 - 00000956 _____ C:\Users\Michael\Desktop\DownloadHashVerifier.lnk
    2014-01-24 08:07 - 2014-01-22 18:16 - 00000743 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
    2014-01-24 08:07 - 2014-01-22 18:16 - 00000324 _____ C:\Windows\Tasks\GlaryInitialize 4.job
    2014-01-23 20:35 - 2013-04-01 18:39 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ProcessLasso
    2014-01-23 15:04 - 2013-03-31 11:48 - 00000000 ____D C:\Windows\Panther
    2014-01-22 23:55 - 2014-01-22 23:55 - 00000000 ____D C:\Users\Michael\AppData\Local\Skype
    2014-01-22 23:54 - 2014-01-22 23:54 - 00000000 ____D C:\Program Files\Common Files\Skype
    2014-01-22 23:54 - 2013-05-14 20:24 - 00000000 ___RD C:\Program Files\Skype
    2014-01-22 23:54 - 2013-05-14 20:23 - 00000000 ____D C:\ProgramData\Skype
    2014-01-22 18:16 - 2014-01-22 18:16 - 00000000 ____D C:\Users\Michael\AppData\Roaming\GlarySoft
    2014-01-22 10:33 - 2014-01-22 10:17 - 00000000 ____D C:\Users\Michael\Desktop\GMER
    2014-01-22 08:16 - 2014-01-22 18:16 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
    2014-01-22 08:09 - 2014-01-22 18:16 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
    2014-01-21 19:23 - 2009-07-14 11:53 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2014-01-19 20:52 - 2013-12-03 23:47 - 00000000 ____D C:\ProgramData\ClassicShell
    2014-01-18 17:12 - 2014-01-18 17:12 - 00243904 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper32.dll
    2014-01-18 14:54 - 2014-01-18 14:54 - 00174142 _____ C:\Users\Michael\Desktop\gmer.log
    2014-01-15 23:47 - 2013-04-02 03:36 - 00000817 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordWeb Pro.lnk
    2014-01-15 18:49 - 2013-07-10 21:59 - 00000000 ____D C:\Windows\system32\MRT
    2014-01-15 18:44 - 2013-04-01 18:34 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-01-15 18:40 - 2013-10-19 08:01 - 00000000 ____D C:\ProgramData\Oracle
    2014-01-14 18:56 - 2013-04-09 23:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-01-14 18:56 - 2013-04-09 23:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-01-12 19:20 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache
    2014-01-11 23:16 - 2014-01-11 23:16 - 00000000 ____D C:\Program Files\Common Files\Innovative Solutions
    2014-01-11 23:16 - 2013-07-31 20:03 - 00000000 ____D C:\ProgramData\Innovative Solutions
    2014-01-11 22:51 - 2014-01-11 22:51 - 00000000 ____D C:\Users\Michael\AppData\Local\Innovative Solutions
    2014-01-11 17:04 - 2013-04-02 03:36 - 03329288 _____ (WordWeb Software) C:\Windows\system32\wweb32.dll
    2014-01-09 14:49 - 2014-01-08 09:20 - 00000260 _____ C:\Users\Michael\Desktop\NVidia drivers.txt
    2014-01-08 14:47 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\schemas
    2014-01-07 22:54 - 2014-01-07 22:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DropboxMaster
    2014-01-07 22:47 - 2014-01-07 22:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-01-07 22:46 - 2013-04-05 11:37 - 00000771 _____ C:\Users\Public\Desktop\Picasa 3.lnk
    2014-01-07 22:23 - 2013-04-04 05:20 - 00000000 ___RD C:\Users\Michael\Desktop\Text Files
    2014-01-07 10:34 - 2014-01-07 10:34 - 00000811 _____ C:\Users\Public\Desktop\Wise Care 365.lnk
    2014-01-07 08:19 - 2014-01-07 08:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ChemTable Software
    2014-01-07 08:09 - 2014-01-07 08:09 - 00000000 ____D C:\Users\Michael\AppData\Local\ChemTable Software
    2014-01-07 02:23 - 2014-01-07 02:23 - 04558848 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
    2014-01-07 01:50 - 2014-01-07 01:50 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
    2014-01-06 19:22 - 2013-07-12 03:48 - 00000722 _____ C:\Users\Public\Desktop\System Ninja.lnk
    2014-01-05 12:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\inetsrv
    2014-01-04 13:42 - 2010-11-21 04:01 - 00838012 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-04 13:41 - 2014-01-04 13:41 - 00000000 ____D C:\Windows\system32\BestPractices
    2014-01-04 13:41 - 2014-01-04 13:41 - 00000000 ____D C:\inetpub
    2014-01-04 13:02 - 2013-10-31 14:26 - 00000000 ____D C:\ProgramData\ProductData
    2014-01-01 02:17 - 2014-01-01 02:17 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center

    Files to move or delete:
    ====================
    C:\Users\Michael\Network_Meter_Data.js


    Some content of TEMP:
    ====================
    C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll
    C:\Users\Michael\AppData\Local\Temp\htmlayout.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-29 19:34

    ==================== End Of Log ============================



    The Additional.txt I will copy in the next post. I get an error: "The text that you have entered is too long (84380 characters). Please shorten it to 64000 characters long."

  4. #4
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Continuation to the previous post...

    Additional.txt

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2014 01
    Ran by Michael at 2014-01-31 23:02:28
    Running from C:\Users\Michael\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

    ==================== Installed Programs ======================

    µTorrent (Version: 3.2.2.28500 - BitTorrent Inc.)
    Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
    Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
    Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
    Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
    Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
    Advanced Uninstaller PRO - Version 11 (Version: 11 - Innovative Solutions)
    Amolto Call Recorder for Skype (Version: 2.3.0 - Amolto)
    Android Data Recovery (Version: - Tenorshare, Inc.)
    AnvSoft Photo Slideshow Maker Professional 5.56 (Version: 5.56 - AnvSoft, Inc.)
    AOMEI Backupper (Version: - AOMEI Technology Co., Ltd.)
    AOMEI Partition Assistant Pro Edition 5.5 (Version: - AOMEI Technology Co., Ltd.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.16.4.0 - Asmedia Technology)
    Auslogics BoostSpeed (Version: 6.4.2.0 - Auslogics Labs Pty Ltd)
    Auslogics DiskDefrag (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
    Bitdefender Antivirus Free Edition (Version: 1.0.20.1083 - Bitdefender)
    Bluetooth Win7 Suite (Version: 7.2.0.65 - Atheros Communications)
    BusinessCards MX (Version: 4.90 - MOJOSOFT)
    calibre (Version: 1.22.0 - Kovid Goyal)
    CCleaner (Version: 4.10 - Piriform)
    Classic Shell (Version: 4.0.4 - IvoSoft)
    CloudReading (Version: 1.1.55.103 - Foxit Corporation)
    Corel PaintShop Pro X5 (Version: 15.0.0.183 - Corel Corporation)
    Corel PaintShop Pro X5 (Version: 15.1.0.10 - Corel Corporation) Hidden
    CPUID CPU-Z 1.68 (Version: - )
    Daum PotPlayer 1.5.44465 (Version: - )
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
    Ditto (Version: - Scott Brogden)
    Dropbox (HKCU Version: 2.6.6 - Dropbox, Inc.)
    DU Meter (Version: 6.20 - Hagel Technologies Ltd.)
    eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Eusing Free Registry Cleaner (Version: - Eusing Software)
    Everything 1.2.1.371 (Version: - )
    FastStone Capture 7.5 (Version: 7.5 - FastStone Soft)
    FastStone Image Viewer 4.9 (Version: 4.9 - FastStone Soft)
    FileZilla Client 3.7.3 (Version: 3.7.3 - Tim Kosse)
    Folder Colorizer version 1.2.1 (Version: 1.2.1 - Softorino)
    FolderIco 1.0 (Version: - teorex)
    Foxit Reader (Version: 6.1.2.1224 - Foxit Corporation)
    GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
    Glary Utilities PRO 4.5 (Version: 4.5.0.89 - Glarysoft Ltd)
    GMail Drive Shell Extension (Version: 1.0.20 - viksoe.dk)
    Google Chrome (Version: 32.0.1700.102 - Google Inc.)
    Google Drive (Version: 1.13.5782.599 - Google, Inc.)
    Google Earth (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (Version: 4.4.2.14502 - Google)
    Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
    Google+ Auto Backup (Version: 1.0.21.81 - Google)
    ICA (Version: 15.0.0.183 - Corel Corporation) Hidden
    Inpaint 5.6 (Version: - Teorex)
    Intel(R) Management Engine Components (Version: 9.5.0.1428 - Intel Corporation)
    Intel(R) Network Connections 18.3.72.0 (Version: 18.3.72.0 - Intel)
    Intel(R) Network Connections 18.3.72.0 (Version: 18.3.72.0 - Intel) Hidden
    Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
    Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
    Internet Download Manager (Version: - Tonec Inc.)
    IPM_PSP_COM (Version: 15.0.0.183 - Corel Corporation) Hidden
    iResizer 2.4 (Version: - teorex)
    Java 7 Update 51 (Version: 7.0.510 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    JavaScript Slideshow Maker 3.1 Free Version (Version: - Magic Hills Pty Ltd)
    LastPass (uninstall only) (Version: - LastPass)
    Logitech Webcam Software (Version: 12.10.1113 - Logitech Inc.)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Mouse and Keyboard Center (Version: 2.3.145.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.3.145.0 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
    Microsoft Report Viewer Redistributable 2005 (Version: - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405 - Microsoft Corporation) Hidden
    Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
    Mozilla Maintenance Service (Version: 26.0 - Mozilla)
    MyFreeCodec (HKCU Version: - )
    NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 327.23 (Version: 327.23 - NVIDIA Corporation)
    NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
    NVIDIA Update 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden
    NVIDIA Update Components (Version: 8.3.14 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5 - NVIDIA Corporation)
    Perspective Pilot Free 3.4.0 (Version: 3.4.0 - Two Pilots)
    PhraseExpress v10.0.135 (Version: 10.0.135 - Bartels Media GmbH)
    Picasa 3 (Version: 3.9 - Google, Inc.)
    PrivaZer (Version: 2.15.0.0 - Goversoft LLC)
    Process Lasso (Version: 6.7.0.34 - Bitsum)
    PSPPContent (Version: 15.1.0.9 - Corel Corporation) Hidden
    PSPPHelp (Version: 15.0.0.183 - Corel Corporation) Hidden
    Rainlendar2 (remove only) (Version: - )
    Realtek High Definition Audio Driver (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
    Registrar Registry Manager 7.52 (Version: - Resplendence Software Projects Sp.)
    Restore Point Creator version 1.7 (Version: 1.7 - )
    Revo Uninstaller Pro 3.0.8 (Version: 3.0.8 - VS Revo Group, Ltd.)
    Riot - Radical Image Optimization Tool (Version: - )
    Samsung Kies (Version: 2.5.3.13043_13 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.5.3.13043_13 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
    Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
    Setup (Version: 15.0.0.183 - Corel Corporation) Hidden
    SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden
    Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.13 (Version: 6.13.104 - Skype Technologies S.A.)
    Soft Organizer version 3.04 (Version: 3.04 - ChemTable Software)
    Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.)
    Startup Delayer v3.0 (build 357) (Version: 3.0 (build 357) - r2 Studios)
    System Explorer 4.5.0 (Version: - Mister Group)
    System Ninja version 2.4.5 (Version: 2.4.5 - SingularLabs)
    System Requirements Lab for Intel (Version: 4.5.15.0 - Husdawg, LLC)
    TeamViewer 9 (Version: 9.0.25790 - TeamViewer)
    Teorex Inpaint 5.4 (Version: - )
    The Bat! Professional (Version: - Ritlabs S.R.L.)
    The Bat! Professional v6.2.8 (Version: 6.2.8 - Ritlabs)
    tinySpell 1.9.44 (Version: - KEDMI Scientific Computing)
    Tweaking.com - Registry Backup (Version: 1.6.9 - Tweaking.com)
    UltraEdit (Version: 20.00.1056 - IDM Computer Solutions, Inc.)
    UltraEdit (Version: 20.00.1056 - IDM Computer Solutions, Inc.) Hidden
    Unlocker 1.9.2 (Version: 1.9.2 - Cedrick Collomb)
    Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)
    VC_CRT_x86 (Version: 1.02.0000 - Intel Corporation) Hidden
    VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
    WinDirStat 1.1.2 (HKCU Version: - )
    WinRAR 5.01 (32-bit) (Version: 5.01.0 - win.rar GmbH)
    Wise Care 365 version 2.92 (Version: 2.9.4 - WiseCleaner.com, Inc.)
    WordWeb Pro (Version: 7 - WordWeb Software)

    ==================== Restore Points =========================

    29-01-2014 02:49:09 C
    29-01-2014 02:50:25 C
    29-01-2014 03:08:55 Windows Update
    29-01-2014 03:56:50 C
    29-01-2014 15:39:13 C
    31-01-2014 12:34:27 Installed calibre
    31-01-2014 12:38:24 Installed calibre
    31-01-2014 13:09:24 Installed The Bat! Professional v6.2.8

    ==================== Hosts content: ==========================

    2009-07-14 09:04 - 2013-10-17 20:40 - 00450769 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 licensing.ultraedit.com
    127.0.0.1 licensing2.ultraedit.com
    127.0.0.1 www.iobit.com
    127.0.0.1 www.asc55.iobit.com
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {01F90729-EC43-41FD-8368-6990EBEDEE07} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {224FD65C-5E6F-40F4-8C1E-D813DB456FB4} - System32\Tasks\Wise Turbo Checker => F:\Program Files\Wise\Wise Care 365\WiseTurbo.exe [2013-12-09] (WiseCleaner.COM)
    Task: {22E2AAE4-694E-4992-A3B8-CF860392A1CE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
    Task: {3042FCF4-25CD-4821-AC28-379D3A8693D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
    Task: {326E7BE8-A632-479B-AE51-7AEC7003DB37} - System32\Tasks\GlaryInitialize 4 => F:\Program Files\Glary Utilities 4\Initialize.exe [2014-01-22] (Glarysoft Ltd)
    Task: {4BA925EB-2BD1-4B8C-BC45-45D7AD009151} - System32\Tasks\Process Lasso Core Engine Only => F:\Program Files\Process Lasso\processgovernor.exe [2014-01-22] (Bitsum LLC)
    Task: {5FB6C82A-23B3-4EE9-ABF0-BB06FD2F7C46} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-09-04] (Microsoft)
    Task: {64247781-28D6-48FC-BF71-A0D3EE897759} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
    Task: {6C2DFBAD-B12C-48EA-B671-28FF48E2B395} - System32\Tasks\Express FilesUpdate => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION
    Task: {74762E07-6AD1-4AD4-A2C8-172C853F7A79} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
    Task: {74D786D2-A63F-4095-BE9A-43268B347F98} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation)
    Task: {89CA3C21-5A73-4148-9AFF-1D684B2F6B9E} - System32\Tasks\GoogleUpdateTaskMachineCore1cee873b8b0f56d => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
    Task: {8BFC5F33-0A7E-4A9D-B3F9-67CB22BBF091} - System32\Tasks\GoogleUpdateTaskMachineUA1cee873bbaba2f8 => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
    Task: {9097A25C-CDB6-42D8-B2EE-450B6063B5E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
    Task: {91019417-9733-4E1E-AC2A-AEAE2EA20BE7} - System32\Tasks\Wise Care 365 => F:\Program Files\Wise\Wise Care 365\WiseTray.exe [2013-12-09] (WiseCleaner.com)
    Task: {AECB464B-FC8F-4AC6-ABA0-1A226B9FC347} - System32\Tasks\GU4SkipUAC => F:\Program Files\Glary Utilities 4\Integrator.exe [2014-01-22] (Glarysoft Ltd)
    Task: {B3D79AF4-738F-46BB-9D8B-1DCB18833B8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {BF3BD3CA-18FF-49BC-AE76-00F0C918C43A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation)
    Task: {C31AA4ED-3343-4FA0-87B0-E15FF497A24F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {DCAC5DB1-C0E5-416B-83C9-D2D1A4D27E78} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
    Task: {E4CA2239-3A3B-42D6-A1EF-B6460E73549C} - System32\Tasks\Process Lasso Management Console (GUI) => F:\Program Files\Process Lasso\processlasso.exe [2014-01-22] (Bitsum LLC)
    Task: {EB38B438-8ECC-44A8-8609-C40C10899CE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-14] (Adobe Systems Incorporated)
    Task: {FE9BC3FE-6803-4F4B-A282-BA36D1C1911C} - System32\Tasks\CCleanerSkipUAC => F:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GlaryInitialize 4.job => F:\Program Files\Glary Utilities 4\Initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cee873b8b0f56d.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cee873bbaba2f8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Wise Care 365.job => F:\Program Files\Wise\Wise Care 365\WiseTray.exe
    Task: C:\Windows\Tasks\Wise Turbo Checker.job => F:\Program Files\Wise\Wise Care 365\WiseTurbo.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-01-29 10:48 - 2013-10-08 04:44 - 00508136 ____N () F:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
    2010-07-05 04:32 - 2010-07-05 04:32 - 00004608 _____ () F:\Program Files\Unlocker\UnlockerHook.dll
    2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () F:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-08-08 02:25 - 2013-08-08 02:25 - 00093696 _____ () F:\Program Files\FileZilla FTP Client\fzshellext.dll
    2010-07-05 04:32 - 2010-07-05 04:32 - 00010752 _____ () F:\Program Files\Unlocker\UnlockerCOM.dll
    2013-03-15 19:00 - 2013-03-15 19:00 - 00100864 _____ () F:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
    2013-10-17 19:58 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2013-10-17 19:58 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2014-01-22 08:16 - 2014-01-22 08:16 - 00080160 _____ () F:\Program Files\Glary Utilities 4\zlib1.dll
    2012-05-17 02:01 - 2012-05-17 02:01 - 00140800 _____ () F:\Program Files\Rainlendar2\lua52.dll
    2014-01-05 00:20 - 2014-01-05 00:20 - 00249344 _____ () F:\Program Files\Rainlendar2\libical.dll
    2014-01-20 14:48 - 2014-01-20 14:48 - 00060512 _____ () F:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
    2014-01-05 00:00 - 2014-01-05 00:00 - 00065024 _____ () F:\Program Files\Rainlendar2\libicalss.dll
    2012-06-17 20:22 - 2012-06-17 20:22 - 00012800 _____ () F:\Program Files\Rainlendar2\lfs.dll
    2013-04-04 19:21 - 2014-01-16 15:12 - 00453952 _____ () F:\Program Files\PhraseExpress\pexlang.dll
    2014-01-31 21:15 - 2014-01-31 21:15 - 00041984 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll
    2013-08-24 02:01 - 2013-08-24 02:01 - 25100288 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll
    2014-01-31 21:14 - 2014-01-31 21:14 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32api.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\pywintypes27.dll
    2014-01-31 21:14 - 2014-01-31 21:14 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\pythoncom27.dll
    2014-01-31 21:14 - 2014-01-31 21:14 - 00044032 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_socket.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 01153024 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_ssl.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32com.shell.shell.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00711680 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_hashlib.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._core_.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._gdi_.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._windows_.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._controls_.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._misc_.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_elementtree.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\pyexpat.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00557056 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\pysqlite2._sqlite.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00087040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_ctypes.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32file.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32security.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32event.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32inet.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._wizard.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00026624 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\_multiprocessing.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\wx._html2.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\select.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\unicodedata.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32pdh.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00521680 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\windows._lib_cacheinvalidation.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32crypt.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32pipe.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32process.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32profile.pyd
    2014-01-31 21:14 - 2014-01-31 21:14 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52682\win32ts.pyd
    2013-04-14 15:59 - 2013-03-01 11:38 - 00166808 _____ () F:\Program Files\DU Meter\ssleay32.dll
    2013-04-14 15:59 - 2013-03-01 11:38 - 00846744 _____ () F:\Program Files\DU Meter\libeay32.dll
    2013-12-05 23:12 - 2013-12-05 23:12 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\300c5a74c0323c565bce42ebdeb70b86\Kies.Common.DeviceServiceLib.Interface.ni.dll
    2013-12-05 23:13 - 2013-12-05 23:13 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\00a6d87fa7094061539e76cba0bf6f9c\Kies.Theme.ni.dll
    2013-12-05 23:12 - 2013-12-05 23:12 - 01844224 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8abe25a7b262f8b65a0900e445b961f5\Kies.UI.ni.dll
    2013-12-05 23:12 - 2013-12-05 23:12 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\1787c20ef39452a76b877af1ebae771d\Kies.MVVM.ni.dll
    2013-10-21 21:43 - 2013-10-21 21:43 - 00236544 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\9de98f06882d62c4ed949cd8756798b5\ASF_cSharpAPI.ni.dll
    2014-01-06 10:52 - 2014-01-06 10:52 - 03244032 _____ () C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
    2014-01-28 15:44 - 2014-01-23 12:56 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
    2014-01-28 15:44 - 2014-01-23 12:56 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libegl.dll
    2014-01-28 15:44 - 2014-01-23 12:56 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
    2014-01-28 15:44 - 2014-01-23 12:57 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
    2014-01-28 15:44 - 2014-01-23 12:55 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
    2014-01-28 15:44 - 2014-01-23 12:56 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:0A8E2C33
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/31/2014 09:15:31 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/31/2014 09:13:27 PM) (Source: Winlogon) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
    Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

    DETAIL - The system cannot find the file specified.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
    Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
    Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

    DETAIL - The system cannot find the file specified.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
    Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
    Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

    DETAIL - The system cannot find the file specified.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
    Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
    Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.

    DETAIL - The system cannot find the file specified.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service) (User: IIS APPPOOL)
    Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.


    System errors:
    =============
    Error: (01/31/2014 11:03:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 11:02:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 11:01:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 11:00:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 10:59:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 10:58:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 10:57:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 10:56:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 10:55:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3

    Error: (01/31/2014 10:54:00 PM) (Source: Service Control Manager) (User: )
    Description: The BrowserDefendert service failed to start due to the following error:
    %%3


    Microsoft Office Sessions:
    =========================
    Error: (01/31/2014 09:15:31 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/31/2014 09:13:27 PM) (Source: Winlogon)(User: )
    Description: 0x800700050x00000000

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
    Description: The system cannot find the file specified.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
    Description:

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
    Description: The system cannot find the file specified.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
    Description:

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
    Description: The system cannot find the file specified.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
    Description:

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
    Description: The system cannot find the file specified.

    Error: (01/31/2014 08:17:51 PM) (Source: Microsoft-Windows-User Profiles Service)(User: IIS APPPOOL)
    Description:


    ==================== Memory info ===========================

    Percentage of memory in use: 89%
    Total physical RAM: 3055.13 MB
    Available physical RAM: 307.79 MB
    Total Pagefile: 6108.55 MB
    Available Pagefile: 921.34 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1908.48 MB

    ==================== Drives ================================

    Drive b: () (RAMDisk) (Total:48.12 GB) (Free:20.8 GB) NTFS
    Drive c: () (Fixed) (Total:48.12 GB) (Free:20.73 GB) NTFS
    Drive d: () (Fixed) (Total:97.65 GB) (Free:11.17 GB) NTFS
    Drive e: () (Fixed) (Total:20.25 GB) (Free:18.46 GB) NTFS
    Drive f: () (Fixed) (Total:74.37 GB) (Free:67 GB) NTFS
    Drive g: (Win7_sp1_32-64_EN) (CDROM) (Total:4.22 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279 GB) (Disk ID: F394F394)
    Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=240 GB) - (Type=05)

    ==================== End Of Log ============================
    Last edited by tashi; 2014-01-31 at 20:50. Reason: Sorry I deleted my post, didn't see Juliet had responded. :-)

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    P2P software/programs are a major contributor to infections. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    Can you tell me what this is
    U2 楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數＀�" [x]

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Do you connect to the internet through a Proxy setting?

    ~~~~~~~~~~~~~~~~~~~~~~~~

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    AppInit_DLLs: ~ => File Not Found
    FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\user.js
    FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\staged [2014-01-23]
    S2 BrowserDefendert; No ImagePath
    C:\Users\Michael\Network_Meter_Data.js
    C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll
    C:\Users\Michael\AppData\Local\Temp\htmlayout.dll
    end
    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.


    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -Junkware-Removal-Tool-

    Please download Junkware Removal Tool to your desktop.

    Vista / 7 / 8 users:
    You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.


    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~~~~~~~~~~~~~~~~`

    In your next reply please post:
    Fix.txt
    C:\AdwCleaner[S1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Dear Juliet,

    I have no idea what is
    U2 楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數＀�" [x]
    Where did you saw this? It looks like Chinese or something...

    Previously, I run GMER Antirootkit, and it detected something similar, but instead of Chinese characters there were question marks ..???..
    When I tried to delete this rootkit via GMER, I ended up with the "BLUE Screen of Death"
    --

    I use proxies very rarely. Normally, I connect to the internet directly.
    --

    Here is the Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
    Ran by Michael at 2014-02-01 03:04:29 Run:1
    Running from C:\Users\Michael\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    AppInit_DLLs: ~ => File Not Found
    FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\user.js
    FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\staged [2014-01-23]
    S2 BrowserDefendert; No ImagePath
    C:\Users\Michael\Network_Meter_Data.js
    C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll
    C:\Users\Michael\AppData\Local\Temp\htmlayout.dll
    end
    *****************

    "~" => Value Data removed successfully.
    C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\user.js => Moved successfully.
    C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\Extensions\staged => Moved successfully.
    BrowserDefendert => Service deleted successfully.
    C:\Users\Michael\Network_Meter_Data.js => Moved successfully.
    C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ufxl1.dll => Moved successfully.
    C:\Users\Michael\AppData\Local\Temp\htmlayout.dll => Moved successfully.

    ==== End of Fixlog ====
    --

    Here is the AdwCleaner[S0].txt

    # AdwCleaner v3.018 - Report created 01/02/2014 at 03:44:12
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Michael - MICHAEL-PC
    # Running from : C:\Users\Michael\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : BrowserDefendert

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
    Folder Deleted : C:\Users\Michael\Inbox
    Folder Deleted : C:\Users\Michael\AppData\Local\SwvUpdater
    File Deleted : C:\Windows\System32\Tasks\BrowserDefendert
    File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74762E07-6AD1-4AD4-A2C8-172C853F7A79}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74762E07-6AD1-4AD4-A2C8-172C853F7A79}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C2DFBAD-B12C-48EA-B671-28FF48E2B395}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C2DFBAD-B12C-48EA-B671-28FF48E2B395}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKCU\Software\86dcdae13dbe15
    Key Deleted : HKLM\SOFTWARE\86dcdae13dbe15
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Myfree Codec
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\15vdszyg.default\prefs.js ]


    -\\ Google Chrome v32.0.1700.102

    [ File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3986 octets] - [01/02/2014 03:37:14]
    AdwCleaner[S0].txt - [4027 octets] - [01/02/2014 03:44:12]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4087 octets] ##########
    --

    Here is the contents of JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows 7 Home Premium x86
    Ran by Michael on 01-Feb-14 at 4:03:25.86
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3422875488-3658502439-2224259970-1000\Software\sweetim



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 01-Feb-14 at 4:05:12.13
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    --

    I want to let you know the following:

    I am still unable to install the following file offered by Windows Update.

    nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce GT 630

    Download size: 183.6 MB
    Error Code: 80243004 - an unknown error.

    And also, updates to NVIDIA GeForce GT 630 - graphics card:

    Not Installed:
    PhysX System Software 9.13.0725
    3D Vision Controller Driver 332.21
    HD Audio Driver 1.3 30.1
    Microsoft .NET Framework 4
    Graphics Driver 332.21
    NVIDIA GeForce Experience 1.8.1
    3D Vision Driver 332.21

    ====

    Thank you for your help.

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Other then the windows update not working how's your computer?

    I am still unable to install the following file offered by Windows Update.
    nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce GT 630
    http://answers.microsoft.com/en-us/w...4-df3537478ab4

    Appears to be an issue several have had, read over that link, some are ignoring it and some went to the NVIDIA site and are still confused.

    *****************

    Concerning this:
    楗敳潂瑯獁楳瑳湡tI"; 㩆停潲牧浡䘠汩獥坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數＀￿
    from what I can find is the scanner finds it as Undetermined and set as auto......U=Undetermined. 2=Auto,

    Let's try a different scanner and see if it can pick up on it.


    Please download Malwarebytes Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
    Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Dear Juliet,
    First of all, the good news.
    I scanned my system w/Spybot S&D and it fixed all the problems - no Delta.Tollbar was found. So, I think that the problem with Delta.Tollbar is resolved.

    I also run the Malwarebytes Anti-Rootkit, and the scan found nothing - No malware found!

    My system on the other hand is still sluggish. It takes quite a while for the programs to start, and the mouse is oftentimes is stuck/unaccessible.

    Also there is a problem with NVIDIA GeForce Experience 1.8.1 - can't install updates:
    NVIDIA Installer failed - it reports that the following components Not Installed:
    Microsoft .Net Framework version 4
    NVIDIA GeForce Experience version 1.8.1

    Rather than that, the system is working.

    I also tried to email to GMER, but unfortunately, didn't get any reply.

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad to here it found nothing and the Delta tool bar is gone.

    Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

    ~~~~~~~~~~~~~~~~~~

    Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Download HijackThis
    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I'd like for you to run one more scan, let's ensure nothing is lurking around in the background. Do not be alarmed if you see it finding things because I do expect items in quarantine folders to be there.
    This scan is very thorough and can take quite a time to complete, please be patient.

    ~~~~~~~~~~~~~~~~~
    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish


    *************************************
    Please post the following logs:
    MBAM log
    HJT log
    Eset log


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Now, the graphic card issue is kind of out of my field of knowledge, I can offer links to read over and see if it can list help what to do.
    Before you try to tackle the error with the issues from windows update please follow the instructions above.

    http://www.microsoft.com/en-us/downl...aspx?id=17851#
    Microsoft .NET Framework 4 (Web Installer)

    http://pcsupport.about.com/b/2014/01...8-vista-xp.htm
    also read Comments by other users here with the same or similar issues.

    https://forums.geforce.com/default/t...a-center-pack/
    http://www.sevenforums.com/graphic-c...drivers-2.html
    http://www.bleepingcomputer.com/foru...-wont-install/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Jan 2014
    Location
    Bangkok Thailand
    Posts
    25

    Default

    Dear Juliet,

    I already have the Malwarebytes' Anti-Malware installed on my system, and as a matter of fact, I run it daily. Anyhow, here is the log of the last scan I made with my Malwarebytes' Anti-Malware:

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.01.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.16476
    Michael :: MICHAEL-PC [administrator]

    Protection: Enabled

    02-Feb-14 02:52:54
    mbam-log-2014-02-02 (02-52-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215037
    Time elapsed: 9 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    __________________

    Here is HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 03:13:17, on 02-Feb-14
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16428)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    F:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    F:\Program Files\Process Lasso\processgovernor.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    F:\Program Files\Process Lasso\processlasso.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    F:\Program Files\System Explorer\SystemExplorer.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    F:\Program Files\Unlocker\UnlockerAssistant.exe
    F:\Program Files\Bluetooth Suite\BtvStack.exe
    F:\Program Files\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    F:\Program Files\WordWeb\wweb32.exe
    F:\Program Files\Classic Shell\ClassicStartMenu.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    F:\Program Files\uTorrent\uTorrent.exe
    F:\Program Files\tinySpell\tinyspell.exe
    F:\Program Files\Ditto\Ditto.exe
    F:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    F:\Program Files\Internet Download Manager\IDMan.exe
    F:\Downloads\Programs\VectorClock-Sunset.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    F:\Program Files\PhraseExpress\phraseexpress.exe
    F:\Program Files\Glary Utilities 4\Integrator.exe
    C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    F:\PROGRA~1\DU Meter\DUMeter.exe
    F:\Program Files\Internet Download Manager\IEMonitor.exe
    F:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    F:\Program Files\Samsung\Kies\KiesAirMessage.exe
    F:\Program Files\Samsung\Kies\Kies.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conhost.exe
    F:\Program Files\LastPass\nplastpass.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
    F:\Program Files\Win32Pad\win32pad.exe
    C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Michael\Desktop\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - F:\Program Files\Classic Shell\ClassicExplorer32.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - F:\Program Files\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - F:\Program Files\LastPass\LPToolbar.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - F:\Program Files\Classic Shell\ClassicIEDLL_32.dll
    O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - F:\Program Files\LastPass\LPToolbar.dll
    O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - F:\Program Files\Classic Shell\ClassicExplorer32.dll
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SystemExplorerAutoStart] "F:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
    O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [AtherosBtStack] "F:\Program Files\Bluetooth Suite\BtvStack.exe"
    O4 - HKLM\..\Run: [AthBtTray] "F:\Program Files\Bluetooth Suite\AthBtTray.exe"
    O4 - HKLM\..\Run: [BCSSync] "F:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [IAStorIcon] "F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    O4 - HKLM\..\Run: [Everything] "F:\Program Files\Everything\Everything.exe" -startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
    O4 - HKLM\..\Run: [WordWeb] "F:\Program Files\WordWeb\wweb32.exe" -startup
    O4 - HKLM\..\Run: [Classic Start Menu] "F:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [tinySpell] F:\Program Files\tinySpell\tinyspell.exe
    O4 - HKCU\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe
    O4 - HKCU\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart
    O4 - HKCU\..\Run: [Rainlendar2] F:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
    O4 - HKCU\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKCU\..\Run: [Programs\Vector-Clock_VectorClock-Sunset] "F:\Downloads\Programs\VectorClock-Sunset.exe"
    O4 - HKCU\..\Run: [GUDelayStartup] F:\Program Files\Glary Utilities 4\StartupManager.exe -delayrun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesAirMessage] F:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Rainlendar2] F:\Program Files\Rainlendar2\Rainlendar2.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Programs\Vector-Clock_VectorClock-Sunset] "F:\Downloads\Programs\VectorClock-Sunset.exe" (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Dropbox.lnk = Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
    O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe
    O4 - Global Startup: PhraseExpress.lnk = F:\Program Files\PhraseExpress\phraseexpress.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: LastPass - file://C:\Users\Michael\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Michael\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    O8 - Extra context menu item: Se&nd to OneNote - res://F:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - F:\Program Files\LastPass\LPToolbar.dll
    O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - F:\Program Files\LastPass\LPToolbar.dll
    O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - F:\Program Files\Classic Shell\ClassicIE_32.exe
    O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - F:\Program Files\Classic Shell\ClassicIE_32.exe
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - F:\Program Files\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - F:\Program Files\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048}: NameServer = 8.8.8.8,8.8.4.4,
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8D455361-BC46-4759-9F56-A31844B9B5F5}: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048}: NameServer = 8.8.8.8,8.8.4.4,
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5B0CAEBB-C1A5-485A-A9DD-69DFA29FF048}: NameServer = 8.8.8.8,8.8.4.4,
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AtherosSvc - Atheros Commnucations - F:\Program Files\Bluetooth Suite\adminservice.exe
    O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - F:\Program Files\AOMEI Backupper\ABService.exe
    O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - F:\Program Files\DU Meter\DUMeterSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - F:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - F:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: LiveUpdate (LiveUpdateSvc) - Logitech, Inc. - (no file)
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - F:\Program Files\System Explorer\service\SystemExplorerService.exe
    O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
    O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - F:\Program Files\Wise\Wise Care 365\BootTime.exe

    --
    End of file - 20563 bytes

    ___________________

    Here is the ESETSCAN log:

    C:\ProgramData\InstallMate\{2A6BC1EC-5E54-45D1-A73A-1676F188E31A}\Custom.dll Win32/InstalleRex.M application
    C:\ProgramData\InstallMate\{5FEA8DDE-808E-4CE1-AE0A-C8AC8409AF28}\Custom.dll Win32/InstalleRex.L application
    C:\ProgramData\InstallMate\{81D582C8-C4D0-4F3F-ADD4-8CF25A36A03E}\Custom.dll Win32/InstalleRex.L application
    C:\ProgramData\InstallMate\{93BCC2D7-1367-4C41-AEAA-5B45485FE021}\Custom.dll Win32/InstalleRex.L application
    C:\ProgramData\InstallMate\{F863596D-E44D-4B59-A9B2-AC6F23807B9B}\Custom.dll Win32/InstalleRex.L application
    C:\Users\All Users\InstallMate\{2A6BC1EC-5E54-45D1-A73A-1676F188E31A}\Custom.dll Win32/InstalleRex.M application
    C:\Users\All Users\InstallMate\{5FEA8DDE-808E-4CE1-AE0A-C8AC8409AF28}\Custom.dll Win32/InstalleRex.L application
    C:\Users\All Users\InstallMate\{81D582C8-C4D0-4F3F-ADD4-8CF25A36A03E}\Custom.dll Win32/InstalleRex.L application
    C:\Users\All Users\InstallMate\{93BCC2D7-1367-4C41-AEAA-5B45485FE021}\Custom.dll Win32/InstalleRex.L application
    C:\Users\All Users\InstallMate\{F863596D-E44D-4B59-A9B2-AC6F23807B9B}\Custom.dll Win32/InstalleRex.L application
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 Win32/Somoto.A application
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001 Win32/AdWare.1ClickDownload.AQ application
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application
    C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000 Win32/Somoto.A application
    C:\Users\Michael\Desktop\u1301.exe Win32/UltraReach.AF application
    D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar a variant of Win32/HackTool.Patcher.AD application
    D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application
    D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip a variant of MSIL/HackKMS.A application
    D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip a variant of Win32/Amonetize.AA application
    D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk a variant of Android/Adware.AirPush.G application
    D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar a variant of Win32/BHO.OEG trojan
    D:\Downloads\Torrents\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA\Windows.7.SP1.ENG.x86-x64.MAFIAA.iso multiple threats
    D:\Downloads\Torrents\Windows Loader v2.2.1. DAZ crack 7\windows loader v2.2.1.exe.3098.gzquar multiple threats
    E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe Win32/OpenCandy application
    F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe Win32/Adware.1ClickDownload.W application
    F:\Downloads\ThaiTV.apk a variant of Android/Adware.AirPush.J application
    F:\Downloads\Compressed\Android.Application.KeysP2P.rar a variant of Android/Adware.Viser.A application
    F:\Downloads\Compressed\DownloadHashVerifier.zip a variant of Win32/SecurityXploded.A application
    F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar a variant of Win32/Keygen.AU application
    F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar a variant of Win32/Keygen.GY application
    F:\Downloads\Compressed\u.zip Win32/UltraReach.AF application
    F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar a variant of Android/Adware.Viser.A application
    F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk a variant of Android/Adware.Viser.A application
    F:\Downloads\Programs\ccsetup410.exe Win32/Bundled.Toolbar.Google.D application
    F:\Downloads\Programs\disk-defrag-setup_2.exe Win32/InstallMonetizer.AQ application
    F:\Downloads\Programs\ninja-setup-2.4.5.exe Win32/OpenCandy application
    F:\Downloads\Programs\Riot-setup.exe Win32/OpenCandy application
    F:\Downloads\Programs\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E application
    F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe a variant of Win32/SecurityXploded.A application

    --

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •