1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

bought used laptop, needs cleanup.

Discussion in 'Virus & Other Malware Removal' started by imshooter, Jan 27, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    I had been trying to use a borrowed one (from my brother), but gave it back, per your instructions.
    This one seems fine, but I think there's some stuff that shouldn't be there. I appreciate your help.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz, Intel64 Family 6 Model 15 Stepping 6
    Processor Count: 1
    RAM: 2038 Mb
    Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 256 Mb
    Hard Drives: C: Total - 152524 MB, Free - 123280 MB; E: Total - 1907695 MB, Free - 1080332 MB;
    Motherboard: Hewlett-Packard, 30C6
    Antivirus: Ad-Aware Antivirus, Disabled
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi imshooter,
    Did you buy it from a shop or an individual?
    Let's have a look.
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator" to run it.
    • Check the box at the top, labeled Include 64 bit scans
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    askey127
     
  3. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    ... did you get them? not sure they went through.
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Double click on OTL.txt
    Highlight the entire contents of OTL.txt by pressing Ctrl and A simultaneously to select All, then Copy to clipboard by pressing Ctrl and C. Click on the Reply button here, click once in the box and press Ctrl and V to paste it.

    Now double click on Extras.txt and do the same sequence.

    Tell me about where you got it.
     
  5. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    OTL logfile created on: 1/27/2014 12:02:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Venom\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 16.87% Memory free
    3.98 Gb Paging File | 1.88 Gb Available in Paging File | 47.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148.95 Gb Total Space | 118.55 Gb Free Space | 79.59% Space Free | Partition Type: NTFS
    Drive E: | 1862.98 Gb Total Space | 1055.01 Gb Free Space | 56.63% Space Free | Partition Type: NTFS

    Computer Name: VENOM-PC | User Name: Venom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/27 11:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    PRC - [2014/01/27 09:08:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Venom\Downloads\HijackThis.exe
    PRC - [2014/01/26 15:57:33 | 000,840,072 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe
    PRC - [2013/09/27 10:46:26 | 000,559,696 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/01 20:37:48 | 006,522,480 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/01/23 16:09:18 | 000,702,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
    SRV:64bit: - [2013/10/10 14:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/01/26 15:57:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/11/21 05:44:34 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
    DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/11/20 19:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/08/20 10:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/06/28 13:37:56 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2010/06/28 13:37:36 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2010/06/28 13:33:17 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/06/28 13:32:36 | 000,020,048 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 12:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
    DRV:64bit: - [2009/06/10 12:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/20 08:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 A5 FF 56 CB 1A CF 01 [binary data]
    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\..\SearchScopes,DefaultScope = {6E30E3F4-C6F9-4078-9406-AEFA85547E7B}
    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\..\SearchScopes\{6E30E3F4-C6F9-4078-9406-AEFA85547E7B}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
    IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


    [2012/10/01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
    CHR - homepage: http://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
    CHR - Extension: Google Docs = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Gmail = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
    O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
    O3:64bit: - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1853933300-926182664-1373909645-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41609948-F9A5-4BA7-9031-7DE89D5D0C29}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73A4AB53-1E82-4FDE-893A-79CEE4128BE0}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2013/09/11 04:50:02 | 000,078,992 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\configure\command - "" = E:\Setup.exe -- [2013/09/11 04:50:02 | 000,078,992 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\install\command - "" = E:\Setup.exe -- [2013/09/11 04:50:02 | 000,078,992 | ---- | M] (Microsoft Corporation)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/27 11:59:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    [2014/01/27 09:07:03 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Lavasoft
    [2014/01/27 09:02:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2014/01/27 09:01:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2014/01/26 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\LavasoftStatistics
    [2014/01/26 19:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
    [2014/01/26 19:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2014/01/26 19:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2014/01/26 19:46:16 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\adawarebp
    [2014/01/26 19:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2014/01/26 19:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2014/01/26 19:45:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
    [2014/01/26 19:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
    [2014/01/26 19:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2014/01/26 19:25:27 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Malwarebytes
    [2014/01/26 19:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014/01/26 19:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/01/26 19:25:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/01/26 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2014/01/26 19:24:46 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Programs
    [2014/01/26 18:51:29 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\SUPERAntiSpyware.com
    [2014/01/26 18:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/01/26 18:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/01/26 18:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/01/26 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Diagnostics
    [2014/01/26 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Macromedia
    [2014/01/26 15:57:47 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Adobe
    [2014/01/26 15:57:34 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/01/26 15:57:33 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/01/26 15:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2014/01/26 15:57:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2014/01/26 15:56:25 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Adobe
    [2014/01/26 14:27:04 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Ahead
    [2014/01/26 14:20:57 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Ahead
    [2014/01/26 14:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
    [2014/01/26 14:15:54 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
    [2014/01/26 13:48:13 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
    [2014/01/26 13:48:10 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
    [2014/01/26 13:44:14 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft Toolkit
    [2014/01/26 13:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskTBar
    [2014/01/26 12:41:56 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wdfcoinstaller01005.dll
    [2014/01/26 12:41:56 | 000,018,432 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys
    [2014/01/26 12:41:56 | 000,011,264 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\drivers\CPQBttn64.sys
    [2014/01/26 12:41:51 | 001,885,488 | R--- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmn.dll
    [2014/01/26 12:41:51 | 001,885,488 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmns.dll
    [2014/01/26 12:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
    [2014/01/26 12:38:23 | 000,000,000 | ---D | C] -- C:\Windows\QLB
    [2014/01/26 12:26:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2014/01/26 12:25:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
    [2014/01/26 12:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
    [2014/01/26 12:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [2014/01/26 11:45:27 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2014/01/26 11:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2014/01/26 11:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2014/01/26 11:44:04 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Search Protection
    [2014/01/26 11:43:26 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\uTorrent
    [2014/01/26 11:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2014/01/26 11:35:25 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2014/01/26 11:35:24 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/01/26 11:35:22 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2014/01/26 11:35:20 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2014/01/26 11:35:10 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/01/26 11:34:40 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2014/01/26 11:34:40 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
    [2014/01/26 11:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2014/01/26 11:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2014/01/26 11:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    [2014/01/26 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2014/01/26 11:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2014/01/26 11:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
    [2014/01/26 11:31:08 | 000,000,000 | ---D | C] -- C:\Users\Venom\Desktop\Photoshop
    [2014/01/26 11:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
    [2014/01/26 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
    [2014/01/26 11:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2014/01/26 11:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
    [2014/01/26 11:29:41 | 000,000,000 | ---D | C] -- C:\Users\Venom\Documents\VirtualDJ
    [2014/01/26 11:24:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
    [2014/01/26 11:24:06 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igxpun.exe
    [2014/01/26 11:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2014/01/26 11:21:21 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2014/01/26 11:21:21 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
    [2014/01/26 11:21:21 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
    [2014/01/26 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2014/01/26 11:20:54 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Google
    [2014/01/26 11:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2014/01/26 11:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2014/01/26 11:19:54 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Apps
    [2014/01/26 11:19:51 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Deployment
    [2014/01/26 11:19:37 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft Help
    [2014/01/26 11:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2014/01/26 11:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2014/01/26 11:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2014/01/26 11:17:31 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2014/01/26 11:17:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2014/01/26 11:15:17 | 171,502,133 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Venom\Desktop\Photoshop.exe
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\Searches
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2014/01/26 11:09:18 | 000,000,000 | -H-D | C] -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2014/01/26 11:09:07 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Identities
    [2014/01/26 11:09:04 | 000,000,000 | R--D | C] -- C:\Users\Venom\Contacts
    [2014/01/26 11:09:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\VirtualStore
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\Temporary Internet Files
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Templates
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Start Menu
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\SendTo
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Recent
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\PrintHood
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\NetHood
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Videos
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Pictures
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Music
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\My Documents
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Local Settings
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\History
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Cookies
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Application Data
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\Application Data
    [2014/01/26 11:07:01 | 000,000,000 | --SD | C] -- C:\Users\Venom\AppData\Roaming\Microsoft
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Videos
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Saved Games
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Pictures
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Music
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Links
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Favorites
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Downloads
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Documents
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Desktop
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2014/01/26 11:07:01 | 000,000,000 | -H-D | C] -- C:\Users\Venom\AppData
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Temp
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Media Center Programs
    [2014/01/26 11:06:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2014/01/26 11:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2014/01/26 11:04:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
    [2014/01/26 11:04:21 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
    [2014/01/26 11:04:21 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
    [2014/01/26 11:04:08 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
    [2014/01/26 11:04:08 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
    [2014/01/26 11:04:08 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
    [2014/01/26 11:03:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
    [2014/01/26 11:03:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
    [2014/01/26 11:03:21 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2014/01/26 10:57:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2014/01/26 10:54:41 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2014/01/26 10:53:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2014/01/26 10:53:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther

    ========== Files - Modified Within 30 Days ==========

    [2014/01/27 11:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    [2014/01/27 11:43:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/27 11:43:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/27 11:26:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/27 11:05:31 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/27 11:05:29 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/27 09:12:49 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/27 09:12:49 | 000,661,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/27 09:12:49 | 000,121,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/27 09:05:33 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2014/01/27 09:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/27 09:04:17 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/27 08:53:18 | 002,076,267 | ---- | M] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM copy.jpg
    [2014/01/26 19:25:16 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/26 18:50:52 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/01/26 18:09:44 | 000,689,362 | ---- | M] () -- C:\Users\Venom\Desktop\michelle copy.jpg
    [2014/01/26 17:53:14 | 000,093,689 | ---- | M] () -- C:\Users\Venom\Desktop\michelle.jpg
    [2014/01/26 15:57:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/01/26 15:57:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/01/26 15:39:45 | 000,000,117 | ---- | M] () -- C:\Users\Venom\Desktop\DRUDGE REPORT 2014®.url
    [2014/01/26 13:40:36 | 000,758,128 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/01/26 13:06:20 | 000,002,279 | ---- | M] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/01/26 13:05:36 | 000,443,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/01/26 12:20:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2014/01/26 12:10:05 | 1135,241,488 | ---- | M] () -- C:\Users\Venom\Desktop\UFC.Fight.Night.Henderson.vs.Thomson.25th.Jan.2014.HDTV.x264-Sir.Paul[rarbg].mp4
    [2014/01/26 11:43:54 | 000,000,813 | ---- | M] () -- C:\Users\Venom\Desktop\µTorrent.lnk
    [2014/01/26 11:43:54 | 000,000,793 | ---- | M] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2014/01/26 11:35:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2014/01/26 11:23:13 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/26 11:17:48 | 000,001,437 | ---- | M] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/01/26 11:11:39 | 000,000,355 | ---- | M] () -- C:\Users\Venom\Desktop\Computer - Shortcut.lnk
    [2014/01/26 11:06:46 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
    [2014/01/26 11:06:45 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
    [2014/01/26 11:06:45 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
    [2014/01/26 11:06:44 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
    [2014/01/26 10:58:13 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2014/01/26 10:58:13 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2014/01/13 17:52:12 | 000,825,982 | ---- | M] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM.jpg

    ========== Files Created - No Company Name ==========

    [2014/01/27 08:53:14 | 002,076,267 | ---- | C] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM copy.jpg
    [2014/01/27 08:36:53 | 000,825,982 | ---- | C] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM.jpg
    [2014/01/27 05:43:47 | 000,001,304 | ---- | C] () -- C:\Users\Venom\Desktop\Notepad - Copy.lnk
    [2014/01/26 19:47:43 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2014/01/26 19:25:16 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/26 18:50:52 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/01/26 18:09:39 | 000,689,362 | ---- | C] () -- C:\Users\Venom\Desktop\michelle copy.jpg
    [2014/01/26 17:54:35 | 000,093,689 | ---- | C] () -- C:\Users\Venom\Desktop\michelle.jpg
    [2014/01/26 15:57:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/26 15:39:45 | 000,000,117 | ---- | C] () -- C:\Users\Venom\Desktop\DRUDGE REPORT 2014®.url
    [2014/01/26 13:40:36 | 000,758,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/01/26 12:20:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2014/01/26 11:47:23 | 1135,241,488 | ---- | C] () -- C:\Users\Venom\Desktop\UFC.Fight.Night.Henderson.vs.Thomson.25th.Jan.2014.HDTV.x264-Sir.Paul[rarbg].mp4
    [2014/01/26 11:43:54 | 000,000,813 | ---- | C] () -- C:\Users\Venom\Desktop\µTorrent.lnk
    [2014/01/26 11:43:54 | 000,000,793 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2014/01/26 11:35:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2014/01/26 11:23:13 | 000,002,279 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/01/26 11:23:12 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/26 11:21:19 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/26 11:21:11 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/26 11:17:48 | 000,001,437 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/01/26 11:11:39 | 000,000,355 | ---- | C] () -- C:\Users\Venom\Desktop\Computer - Shortcut.lnk
    [2014/01/26 11:09:30 | 000,001,409 | ---- | C] () -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2014/01/26 11:09:23 | 000,001,443 | ---- | C] () -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2014/01/26 11:07:01 | 000,001,304 | ---- | C] () -- C:\Users\Venom\Desktop\Notepad.lnk
    [2014/01/26 11:07:01 | 000,000,290 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2014/01/26 11:07:01 | 000,000,272 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2014/01/26 10:57:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2014/01/26 10:57:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2014/01/26 10:53:50 | 1602,838,528 | -HS- | C] () -- C:\hiberfil.sys

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 19:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 19:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2014/01/26 19:33:24 | 000,000,000 | ---D | M] -- C:\Users\Venom\AppData\Roaming\Search Protection
    [2014/01/26 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Venom\AppData\Roaming\uTorrent

    ========== Purity Check ==========


    < End of report >
     
  6. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    OTL Extras logfile created on: 1/27/2014 12:02:31 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Venom\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 16.87% Memory free
    3.98 Gb Paging File | 1.88 Gb Available in Paging File | 47.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148.95 Gb Total Space | 118.55 Gb Free Space | 79.59% Space Free | Partition Type: NTFS
    Drive E: | 1862.98 Gb Total Space | 1055.01 Gb Free Space | 56.63% Space Free | Partition Type: NTFS

    Computer Name: VENOM-PC | User Name: Venom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1853933300-926182664-1373909645-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{4510BAF8-6DEC-42F7-85E2-CBEB6A827149}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04342337-9D21-4934-B53F-5684BE9FE3AE}" = protocol=17 | dir=in | app=c:\users\venom\appdata\roaming\utorrent\utorrent.exe |
    "{2830289D-BB1F-4817-92CC-DD8FAA9B1852}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{3A073BDD-A26A-41A5-8B70-53CCC6D090CA}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\adaware securesearch toolbar\dtuser.exe |
    "{430D1BDE-C812-489E-9DD7-00F6A21E94F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{6D086E60-46B3-48AA-BEA7-1FBC812F0DBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{BE5C03FA-48DC-42EF-AD99-A8B604D79044}" = protocol=6 | dir=in | app=c:\users\venom\appdata\roaming\utorrent\utorrent.exe |
    "{DD6471F4-EF74-4AFB-A07B-73BDF46AB1E9}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\adaware securesearch toolbar\dtuser.exe |
    "{F07C9408-176D-4BC8-B7A5-41D8F28B6BCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "TCP Query User{B6F752AE-7F52-4C3D-B441-ACD442071286}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
    "UDP Query User{51DF51BF-B330-4A08-B22C-D4535D2B088B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
    "{600DEB42-433A-40AF-BC14-082E40577BF2}" = AntimalwareEngine
    "{6A16ADA5-0B30-4893-84AB-961B1340D14A}" = AdAwareUpdater
    "{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater" = Ad-Aware Antivirus
    "{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
    "{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
    "{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
    "{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
    "{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
    "{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
    "{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
    "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
    "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
    "{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
    "{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
    "{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
    "{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
    "{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
    "{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
    "{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
    "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
    "{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
    "{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
    "{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
    "{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
    "{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
    "{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
    "{AC7D612A-9805-4BB8-A8CA-4CCFE361B4B7}" = AdAwareInstaller
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Office15.PROPLUS" = Microsoft Office Professional Plus 2013
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "adawaretb" = Ad-Aware Security Add-on
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1853933300-926182664-1373909645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Search Protection" = Search Protection
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/27/2014 8:57:02 AM | Computer Name = Venom-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/27/2014 8:58:13 AM | Computer Name = Venom-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/27/2014 9:43:20 AM | Computer Name = Venom-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/27/2014 12:33:52 PM | Computer Name = Venom-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/27/2014 12:35:36 PM | Computer Name = Venom-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/27/2014 1:04:58 PM | Computer Name = Venom-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Alwil Software\Avast5\AvastUI.exe".
    Dependent
    Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 1/27/2014 1:06:08 PM | Computer Name = Venom-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/27/2014 1:52:33 PM | Computer Name = Venom-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d30 Start
    Time: 01cf1b823c903b51 Termination Time: 8549 Application Path: C:\Program Files
    (x86)\Internet Explorer\iexplore.exe Report Id: ac709937-877b-11e3-9cda-0016d4f31b14

    Error - 1/27/2014 3:00:15 PM | Computer Name = Venom-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
    time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17514,
    time stamp: 0x4ce7b8f3 Exception code: 0xc0000005 Fault offset: 0x00214730 Faulting
    process id: 0x1414 Faulting application start time: 0x01cf1b8f3b6d183e Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\mshtml.dll Report Id: 4130582f-8785-11e3-9cda-0016d4f31b14

    Error - 1/27/2014 3:04:54 PM | Computer Name = Venom-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d60 Start
    Time: 01cf1b88939ed64f Termination Time: 2581 Application Path: C:\Program Files
    (x86)\Internet Explorer\iexplore.exe Report Id:

    [ System Events ]
    Error - 1/26/2014 4:26:48 PM | Computer Name = Venom-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 1/26/2014 4:26:48 PM | Computer Name = Venom-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 1/26/2014 4:26:49 PM | Computer Name = Venom-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 1/26/2014 7:54:13 PM | Computer Name = Venom-PC | Source = volsnap | ID = 393245
    Description = The shadow copies of volume E: were aborted during detection.

    Error - 1/26/2014 9:35:05 PM | Computer Name = Venom-PC | Source = DCOM | ID = 10010
    Description =

    Error - 1/26/2014 10:27:27 PM | Computer Name = Venom-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the avast! Antivirus service.

    Error - 1/26/2014 10:27:57 PM | Computer Name = Venom-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the LanmanServer service.

    Error - 1/27/2014 12:33:46 PM | Computer Name = Venom-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:12:35 AM on ?1/?27/?2014 was unexpected.

    Error - 1/27/2014 1:02:56 PM | Computer Name = Venom-PC | Source = DCOM | ID = 10010
    Description =

    Error - 1/27/2014 1:05:47 PM | Computer Name = Venom-PC | Source = WMPNetworkSvc | ID = 866300
    Description =


    < End of report >






    I saw an ad in Craig's list, Huntington Beach, ca. I met the seller at a gas station at 9472 Katella in Garden Grove.
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    imshooter,
    Thanks. I didn't need that much detail :D
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Ad-Aware Security Add-on
    Ad-Aware Antivirus

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      SRV:64bit: - [2014/01/23 16:09:18 | 000,702,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
      IE - HKU\S-1-5-21-1853933300-926182664-1373909645-1000\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
      CHR - homepage: http://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
      O2:64bit: - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
      O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
      O3:64bit: - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
      O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
      O4:64bit: - HKLM..\Run: [] File not found
      O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
      O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
      O18 - Protocol\Handler\ms-help - No CLSID value found
      [2014/01/26 19:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
      [2014/01/26 19:46:16 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\adawarebp
      [2014/01/26 19:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
      [2014/01/26 13:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskTBar
      [2014/01/26 11:44:04 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Search Protection
      [2014/01/26 11:43:26 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\uTorrent
      [2014/01/27 09:05:33 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
      [2014/01/26 11:43:54 | 000,000,793 | ---- | M] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
      [2014/01/26 11:35:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
      [2014/01/26 19:33:24 | 000,000,000 | ---D | M] -- C:\Users\Venom\AppData\Roaming\Search Protection
      [2014/01/26 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Venom\AppData\Roaming\uTorrent
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
      "{04342337-9D21-4934-B53F-5684BE9FE3AE}" =-
      "{3A073BDD-A26A-41A5-8B70-53CCC6D090CA}" =-
      "{BE5C03FA-48DC-42EF-AD99-A8B604D79044}" =-
      "{DD6471F4-EF74-4AFB-A07B-73BDF46AB1E9}" =-
      
      :Files
      C:\Program Files\Lavasoft\Ad-Aware Antivirus
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.
    --------------------------------------------------------
    WVCheck
    Please go to WVCheck.exe. Save it to your Desktop.
    • Double click WVCheck.exe, to run the process.
    • Read the comments on the screen... then press Enter.
      The scan can take a while, depending on the size of your hard drive.
    • Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
    • Please copy and paste the contents of the Notepad scan report in your next reply.

    So we will be looking for the FIX log and the new Quick Scan log from OTL, and the report from Wvcheck.
    Feel free to use separate replies if convenient.
    askey127
     
  8. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Error: No service named LavasoftAdAwareService11 was found to stop!
    Service\Driver key LavasoftAdAwareService11 not found.
    File C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe not found.
    Registry value HKEY_USERS\S-1-5-21-1853933300-926182664-1373909645-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
    File C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll not found.
    Use Chrome's Settings page to change the HomePage.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ deleted successfully.
    File C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
    File C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
    File C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.
    File C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray not found.
    File C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection not found.
    File C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\ not found.
    Folder C:\Users\Venom\AppData\Local\adawarebp\ not found.
    Folder C:\ProgramData\Ad-Aware Browsing Protection\ not found.
    C:\Program Files (x86)\AskTBar\bar folder moved successfully.
    C:\Program Files (x86)\AskTBar folder moved successfully.
    C:\Users\Venom\AppData\Roaming\Search Protection folder moved successfully.
    C:\Users\Venom\AppData\Roaming\uTorrent\updates folder moved successfully.
    C:\Users\Venom\AppData\Roaming\uTorrent\share folder moved successfully.
    C:\Users\Venom\AppData\Roaming\uTorrent\ie folder moved successfully.
    C:\Users\Venom\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
    C:\Users\Venom\AppData\Roaming\uTorrent\apps folder moved successfully.
    C:\Users\Venom\AppData\Roaming\uTorrent folder moved successfully.
    File C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk not found.
    C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk moved successfully.
    C:\Windows\SysWOW64\config.nt moved successfully.
    Folder C:\Users\Venom\AppData\Roaming\Search Protection\ not found.
    Folder C:\Users\Venom\AppData\Roaming\uTorrent\ not found.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules not found.
    ========== FILES ==========
    File\Folder C:\Program Files\Lavasoft\Ad-Aware Antivirus not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Venom\Desktop\cmd.bat deleted successfully.
    C:\Users\Venom\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Venom

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Venom
    ->Flash cache emptied: 12660 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Venom
    ->Temp folder emptied: 662813598 bytes
    ->Temporary Internet Files folder emptied: 223308849 bytes
    ->Google Chrome cache emptied: 81750104 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 61385453 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43279496 bytes
    RecycleBin emptied: 218311242 bytes

    Total Files Cleaned = 1,231.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01282014_082542
    Files\Folders moved on Reboot...
    C:\Users\Venom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Venom\AppData\Local\Temp\~DF09E6F09B1D68CB7A.TMP not found!
    File\Folder C:\Users\Venom\AppData\Local\Temp\~DF0A4A73E30889E46B.TMP not found!
    File\Folder C:\Users\Venom\AppData\Local\Temp\~DFA78DDBCC413A2067.TMP not found!
    File\Folder C:\Users\Venom\AppData\Local\Temp\~DFAB52A23F7BBB57EE.TMP not found!
    File\Folder C:\Users\Venom\AppData\Local\Temp\~DFC322EC5CA8A20A55.TMP not found!
    File\Folder C:\Users\Venom\AppData\Local\Temp\~DFEAC2D6242FFE2292.TMP not found!
    C:\Users\Venom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M0AQQ5BR\1118544-bought-used-laptop-needs-cleanup[1].htm moved successfully.
    C:\Users\Venom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Venom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  9. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    OTL logfile created on: 1/28/2014 8:38:17 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Venom\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.75% Memory free
    3.98 Gb Paging File | 2.71 Gb Available in Paging File | 68.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148.95 Gb Total Space | 114.48 Gb Free Space | 76.86% Space Free | Partition Type: NTFS
    Drive E: | 1862.98 Gb Total Space | 1055.01 Gb Free Space | 56.63% Space Free | Partition Type: NTFS

    Computer Name: VENOM-PC | User Name: Venom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/27 11:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/01/27 20:21:41 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/10/10 14:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/01/26 15:57:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/11/21 05:44:34 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 19:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/08/20 10:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/06/28 13:37:56 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2010/06/28 13:37:36 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2010/06/28 13:33:17 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/06/28 13:32:36 | 000,020,048 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 12:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
    DRV:64bit: - [2009/06/10 12:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/20 08:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 A5 FF 56 CB 1A CF 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{6E30E3F4-C6F9-4078-9406-AEFA85547E7B}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


    [2013/11/15 03:32:00 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
    CHR - homepage: http://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
    CHR - Extension: Google Docs = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Gmail = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41609948-F9A5-4BA7-9031-7DE89D5D0C29}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73A4AB53-1E82-4FDE-893A-79CEE4128BE0}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2013/09/11 04:50:02 | 000,078,992 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\configure\command - "" = E:\Setup.exe -- [2013/09/11 04:50:02 | 000,078,992 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\install\command - "" = E:\Setup.exe -- [2013/09/11 04:50:02 | 000,078,992 | ---- | M] (Microsoft Corporation)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/28 08:25:42 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/01/27 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2014/01/27 20:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/01/27 13:32:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2014/01/27 11:59:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    [2014/01/27 09:02:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2014/01/26 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\LavasoftStatistics
    [2014/01/26 19:45:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
    [2014/01/26 19:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2014/01/26 19:25:27 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Malwarebytes
    [2014/01/26 19:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014/01/26 19:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/01/26 19:25:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/01/26 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2014/01/26 19:24:46 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Programs
    [2014/01/26 18:51:29 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\SUPERAntiSpyware.com
    [2014/01/26 18:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/01/26 18:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/01/26 18:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/01/26 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Diagnostics
    [2014/01/26 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Macromedia
    [2014/01/26 15:57:47 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Adobe
    [2014/01/26 15:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2014/01/26 15:57:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2014/01/26 15:56:25 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Adobe
    [2014/01/26 14:27:04 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Ahead
    [2014/01/26 14:20:57 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Ahead
    [2014/01/26 14:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
    [2014/01/26 14:15:54 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
    [2014/01/26 13:44:14 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft Toolkit
    [2014/01/26 12:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
    [2014/01/26 12:38:23 | 000,000,000 | ---D | C] -- C:\Windows\QLB
    [2014/01/26 12:26:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2014/01/26 12:25:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
    [2014/01/26 12:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
    [2014/01/26 12:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [2014/01/26 11:45:27 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2014/01/26 11:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2014/01/26 11:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2014/01/26 11:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2014/01/26 11:35:25 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2014/01/26 11:35:24 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/01/26 11:35:22 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2014/01/26 11:35:20 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2014/01/26 11:35:10 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/01/26 11:34:40 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2014/01/26 11:34:40 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
    [2014/01/26 11:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2014/01/26 11:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2014/01/26 11:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    [2014/01/26 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2014/01/26 11:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
    [2014/01/26 11:31:08 | 000,000,000 | ---D | C] -- C:\Users\Venom\Desktop\Photoshop
    [2014/01/26 11:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
    [2014/01/26 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2014/01/26 11:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
    [2014/01/26 11:29:41 | 000,000,000 | ---D | C] -- C:\Users\Venom\Documents\VirtualDJ
    [2014/01/26 11:24:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
    [2014/01/26 11:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2014/01/26 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2014/01/26 11:20:54 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Google
    [2014/01/26 11:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2014/01/26 11:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2014/01/26 11:19:54 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Apps
    [2014/01/26 11:19:51 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Deployment
    [2014/01/26 11:19:37 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft Help
    [2014/01/26 11:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2014/01/26 11:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2014/01/26 11:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2014/01/26 11:17:31 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2014/01/26 11:17:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\Searches
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2014/01/26 11:09:18 | 000,000,000 | -H-D | C] -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2014/01/26 11:09:07 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Identities
    [2014/01/26 11:09:04 | 000,000,000 | R--D | C] -- C:\Users\Venom\Contacts
    [2014/01/26 11:09:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\VirtualStore
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\Temporary Internet Files
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Templates
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Start Menu
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\SendTo
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Recent
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\PrintHood
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\NetHood
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Videos
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Pictures
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Music
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\My Documents
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Local Settings
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\History
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Cookies
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Application Data
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\Application Data
    [2014/01/26 11:07:01 | 000,000,000 | --SD | C] -- C:\Users\Venom\AppData\Roaming\Microsoft
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Videos
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Saved Games
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Pictures
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Music
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Links
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Favorites
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Downloads
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Documents
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Desktop
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2014/01/26 11:07:01 | 000,000,000 | -H-D | C] -- C:\Users\Venom\AppData
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Temp
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Media Center Programs
    [2014/01/26 11:06:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2014/01/26 11:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2014/01/26 11:03:21 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2014/01/26 10:57:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2014/01/26 10:54:41 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2014/01/26 10:53:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2014/01/26 10:53:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther

    ========== Files - Modified Within 30 Days ==========

    [2014/01/28 08:36:24 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/28 08:36:24 | 000,661,914 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/28 08:36:24 | 000,121,750 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/28 08:33:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2014/01/28 08:31:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/28 08:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/28 08:30:58 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/28 08:30:14 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/28 08:30:11 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/28 08:26:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/28 08:10:41 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/28 05:18:12 | 000,435,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/01/27 20:43:07 | 000,774,004 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/01/27 20:21:45 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2014/01/27 20:21:41 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2014/01/27 11:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    [2014/01/27 08:53:18 | 002,076,267 | ---- | M] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM copy.jpg
    [2014/01/26 19:25:16 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/26 18:50:52 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/01/26 18:09:44 | 000,689,362 | ---- | M] () -- C:\Users\Venom\Desktop\michelle copy.jpg
    [2014/01/26 17:53:14 | 000,093,689 | ---- | M] () -- C:\Users\Venom\Desktop\michelle.jpg
    [2014/01/26 15:39:45 | 000,000,117 | ---- | M] () -- C:\Users\Venom\Desktop\DRUDGE REPORT 2014®.url
    [2014/01/26 13:06:20 | 000,002,279 | ---- | M] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/01/26 12:20:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2014/01/26 12:10:05 | 1135,241,488 | ---- | M] () -- C:\Users\Venom\Desktop\UFC.Fight.Night.Henderson.vs.Thomson.25th.Jan.2014.HDTV.x264-Sir.Paul[rarbg].mp4
    [2014/01/26 11:43:54 | 000,000,813 | ---- | M] () -- C:\Users\Venom\Desktop\µTorrent.lnk
    [2014/01/26 11:23:13 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/26 11:17:48 | 000,001,437 | ---- | M] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/01/26 11:11:39 | 000,000,355 | ---- | M] () -- C:\Users\Venom\Desktop\Computer - Shortcut.lnk
    [2014/01/26 10:58:13 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2014/01/26 10:58:13 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2014/01/13 17:52:12 | 000,825,982 | ---- | M] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM.jpg

    ========== Files Created - No Company Name ==========

    [2014/01/28 08:33:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2014/01/27 20:21:45 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2014/01/27 20:21:41 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2014/01/27 13:16:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2014/01/27 10:13:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2014/01/27 08:53:14 | 002,076,267 | ---- | C] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM copy.jpg
    [2014/01/27 08:36:53 | 000,825,982 | ---- | C] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM.jpg
    [2014/01/27 05:43:47 | 000,001,304 | ---- | C] () -- C:\Users\Venom\Desktop\Notepad - Copy.lnk
    [2014/01/26 19:25:16 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/26 18:50:52 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/01/26 18:09:39 | 000,689,362 | ---- | C] () -- C:\Users\Venom\Desktop\michelle copy.jpg
    [2014/01/26 17:54:35 | 000,093,689 | ---- | C] () -- C:\Users\Venom\Desktop\michelle.jpg
    [2014/01/26 15:57:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/26 15:39:45 | 000,000,117 | ---- | C] () -- C:\Users\Venom\Desktop\DRUDGE REPORT 2014®.url
    [2014/01/26 13:40:36 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/01/26 12:20:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2014/01/26 11:47:23 | 1135,241,488 | ---- | C] () -- C:\Users\Venom\Desktop\UFC.Fight.Night.Henderson.vs.Thomson.25th.Jan.2014.HDTV.x264-Sir.Paul[rarbg].mp4
    [2014/01/26 11:43:54 | 000,000,813 | ---- | C] () -- C:\Users\Venom\Desktop\µTorrent.lnk
    [2014/01/26 11:23:13 | 000,002,279 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/01/26 11:23:12 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/26 11:21:19 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/26 11:21:11 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/26 11:17:48 | 000,001,437 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/01/26 11:11:39 | 000,000,355 | ---- | C] () -- C:\Users\Venom\Desktop\Computer - Shortcut.lnk
    [2014/01/26 11:09:23 | 000,001,413 | ---- | C] () -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2014/01/26 11:07:01 | 000,001,304 | ---- | C] () -- C:\Users\Venom\Desktop\Notepad.lnk
    [2014/01/26 11:07:01 | 000,000,290 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2014/01/26 11:07:01 | 000,000,272 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2014/01/26 10:57:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2014/01/26 10:57:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2014/01/26 10:53:50 | 1602,838,528 | -HS- | C] () -- C:\hiberfil.sys

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========


    ========== Purity Check ==========


    < End of report >
     
  10. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    OTL logfile created on: 1/28/2014 9:04:05 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Venom\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.36% Memory free
    3.98 Gb Paging File | 2.63 Gb Available in Paging File | 65.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148.95 Gb Total Space | 114.27 Gb Free Space | 76.71% Space Free | Partition Type: NTFS

    Computer Name: VENOM-PC | User Name: Venom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/27 11:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/01/27 20:21:41 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/10/10 14:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/01/26 15:57:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/11/21 05:44:34 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 19:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 19:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/08/20 10:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/06/28 13:37:56 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2010/06/28 13:37:36 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2010/06/28 13:33:17 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/06/28 13:32:36 | 000,020,048 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 12:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
    DRV:64bit: - [2009/06/10 12:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/20 08:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 A5 FF 56 CB 1A CF 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{6E30E3F4-C6F9-4078-9406-AEFA85547E7B}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


    [2013/11/15 03:32:00 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

    ========== Chrome ==========

    CHR - default_search_provider: Yahoo (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=599486&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
    CHR - homepage: http://search.yahoo.com/?type=599486&fr=spigot-yhp-ch
    CHR - Extension: Google Docs = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Gmail = C:\Users\Venom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41609948-F9A5-4BA7-9031-7DE89D5D0C29}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73A4AB53-1E82-4FDE-893A-79CEE4128BE0}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{2d2357a7-86bb-11e3-ad69-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/28 08:25:42 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/01/27 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2014/01/27 20:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/01/27 13:32:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2014/01/27 11:59:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    [2014/01/27 09:02:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2014/01/26 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\LavasoftStatistics
    [2014/01/26 19:45:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
    [2014/01/26 19:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2014/01/26 19:25:27 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Malwarebytes
    [2014/01/26 19:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014/01/26 19:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/01/26 19:25:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/01/26 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2014/01/26 19:24:46 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Programs
    [2014/01/26 18:51:29 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\SUPERAntiSpyware.com
    [2014/01/26 18:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/01/26 18:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/01/26 18:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/01/26 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Diagnostics
    [2014/01/26 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Macromedia
    [2014/01/26 15:57:47 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Adobe
    [2014/01/26 15:57:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2014/01/26 15:57:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2014/01/26 15:56:25 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Adobe
    [2014/01/26 14:27:04 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Ahead
    [2014/01/26 14:20:57 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Ahead
    [2014/01/26 14:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
    [2014/01/26 14:15:54 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
    [2014/01/26 13:44:14 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft Toolkit
    [2014/01/26 12:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
    [2014/01/26 12:38:23 | 000,000,000 | ---D | C] -- C:\Windows\QLB
    [2014/01/26 12:26:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2014/01/26 12:25:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
    [2014/01/26 12:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
    [2014/01/26 12:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [2014/01/26 11:45:27 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2014/01/26 11:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2014/01/26 11:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2014/01/26 11:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2014/01/26 11:35:25 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2014/01/26 11:35:24 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2014/01/26 11:35:22 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2014/01/26 11:35:20 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2014/01/26 11:35:10 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2014/01/26 11:34:40 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2014/01/26 11:34:40 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
    [2014/01/26 11:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2014/01/26 11:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2014/01/26 11:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    [2014/01/26 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2014/01/26 11:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
    [2014/01/26 11:31:08 | 000,000,000 | ---D | C] -- C:\Users\Venom\Desktop\Photoshop
    [2014/01/26 11:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
    [2014/01/26 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2014/01/26 11:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2014/01/26 11:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
    [2014/01/26 11:29:41 | 000,000,000 | ---D | C] -- C:\Users\Venom\Documents\VirtualDJ
    [2014/01/26 11:24:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
    [2014/01/26 11:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2014/01/26 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2014/01/26 11:20:54 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Google
    [2014/01/26 11:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2014/01/26 11:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2014/01/26 11:19:54 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Apps
    [2014/01/26 11:19:51 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Deployment
    [2014/01/26 11:19:37 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft Help
    [2014/01/26 11:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2014/01/26 11:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2014/01/26 11:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2014/01/26 11:17:31 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2014/01/26 11:17:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\Searches
    [2014/01/26 11:09:19 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2014/01/26 11:09:18 | 000,000,000 | -H-D | C] -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2014/01/26 11:09:07 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Identities
    [2014/01/26 11:09:04 | 000,000,000 | R--D | C] -- C:\Users\Venom\Contacts
    [2014/01/26 11:09:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\VirtualStore
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\Temporary Internet Files
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Templates
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Start Menu
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\SendTo
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Recent
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\PrintHood
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\NetHood
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Videos
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Pictures
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Documents\My Music
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\My Documents
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Local Settings
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\History
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Cookies
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\Application Data
    [2014/01/26 11:07:05 | 000,000,000 | -HSD | C] -- C:\Users\Venom\AppData\Local\Application Data
    [2014/01/26 11:07:01 | 000,000,000 | --SD | C] -- C:\Users\Venom\AppData\Roaming\Microsoft
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Videos
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Saved Games
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Pictures
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Music
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Links
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Favorites
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Downloads
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Documents
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\Desktop
    [2014/01/26 11:07:01 | 000,000,000 | R--D | C] -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2014/01/26 11:07:01 | 000,000,000 | -H-D | C] -- C:\Users\Venom\AppData
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Temp
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Local\Microsoft
    [2014/01/26 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Venom\AppData\Roaming\Media Center Programs
    [2014/01/26 11:06:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2014/01/26 11:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2014/01/26 11:03:21 | 000,000,000 | -HSD | C] -- C:\Recovery
    [2014/01/26 10:57:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2014/01/26 10:54:41 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2014/01/26 10:53:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2014/01/26 10:53:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther

    ========== Files - Modified Within 30 Days ==========

    [2014/01/28 08:43:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/28 08:36:24 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/28 08:36:24 | 000,661,914 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/28 08:36:24 | 000,121,750 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/28 08:33:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2014/01/28 08:31:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/28 08:31:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/28 08:30:58 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/28 08:30:14 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/28 08:30:11 | 000,020,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/28 08:26:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/28 05:18:12 | 000,435,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/01/27 20:43:07 | 000,774,004 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/01/27 20:21:45 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2014/01/27 20:21:41 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2014/01/27 11:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Venom\Desktop\OTL.exe
    [2014/01/27 08:53:18 | 002,076,267 | ---- | M] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM copy.jpg
    [2014/01/26 19:25:16 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/26 18:50:52 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/01/26 18:09:44 | 000,689,362 | ---- | M] () -- C:\Users\Venom\Desktop\michelle copy.jpg
    [2014/01/26 17:53:14 | 000,093,689 | ---- | M] () -- C:\Users\Venom\Desktop\michelle.jpg
    [2014/01/26 15:39:45 | 000,000,117 | ---- | M] () -- C:\Users\Venom\Desktop\DRUDGE REPORT 2014®.url
    [2014/01/26 13:06:20 | 000,002,279 | ---- | M] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/01/26 12:20:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2014/01/26 12:10:05 | 1135,241,488 | ---- | M] () -- C:\Users\Venom\Desktop\UFC.Fight.Night.Henderson.vs.Thomson.25th.Jan.2014.HDTV.x264-Sir.Paul[rarbg].mp4
    [2014/01/26 11:43:54 | 000,000,813 | ---- | M] () -- C:\Users\Venom\Desktop\µTorrent.lnk
    [2014/01/26 11:23:13 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/26 11:17:48 | 000,001,437 | ---- | M] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/01/26 11:11:39 | 000,000,355 | ---- | M] () -- C:\Users\Venom\Desktop\Computer - Shortcut.lnk
    [2014/01/26 10:58:13 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2014/01/26 10:58:13 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2014/01/13 17:52:12 | 000,825,982 | ---- | M] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM.jpg

    ========== Files Created - No Company Name ==========

    [2014/01/28 08:33:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2014/01/27 20:21:45 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2014/01/27 20:21:41 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2014/01/27 13:16:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2014/01/27 10:13:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2014/01/27 08:53:14 | 002,076,267 | ---- | C] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM copy.jpg
    [2014/01/27 08:36:53 | 000,825,982 | ---- | C] () -- C:\Users\Venom\Desktop\DSC_1210_COPY2_SM.jpg
    [2014/01/27 05:43:47 | 000,001,304 | ---- | C] () -- C:\Users\Venom\Desktop\Notepad - Copy.lnk
    [2014/01/26 19:25:16 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/26 18:50:52 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/01/26 18:09:39 | 000,689,362 | ---- | C] () -- C:\Users\Venom\Desktop\michelle copy.jpg
    [2014/01/26 17:54:35 | 000,093,689 | ---- | C] () -- C:\Users\Venom\Desktop\michelle.jpg
    [2014/01/26 15:57:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/26 15:39:45 | 000,000,117 | ---- | C] () -- C:\Users\Venom\Desktop\DRUDGE REPORT 2014®.url
    [2014/01/26 13:40:36 | 000,774,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/01/26 12:20:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2014/01/26 11:47:23 | 1135,241,488 | ---- | C] () -- C:\Users\Venom\Desktop\UFC.Fight.Night.Henderson.vs.Thomson.25th.Jan.2014.HDTV.x264-Sir.Paul[rarbg].mp4
    [2014/01/26 11:43:54 | 000,000,813 | ---- | C] () -- C:\Users\Venom\Desktop\µTorrent.lnk
    [2014/01/26 11:23:13 | 000,002,279 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/01/26 11:23:12 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/26 11:21:19 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/26 11:21:11 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/26 11:17:48 | 000,001,437 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/01/26 11:11:39 | 000,000,355 | ---- | C] () -- C:\Users\Venom\Desktop\Computer - Shortcut.lnk
    [2014/01/26 11:09:23 | 000,001,413 | ---- | C] () -- C:\Users\Venom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2014/01/26 11:07:01 | 000,001,304 | ---- | C] () -- C:\Users\Venom\Desktop\Notepad.lnk
    [2014/01/26 11:07:01 | 000,000,290 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2014/01/26 11:07:01 | 000,000,272 | ---- | C] () -- C:\Users\Venom\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2014/01/26 10:57:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2014/01/26 10:57:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2014/01/26 10:53:50 | 1602,838,528 | -HS- | C] () -- C:\hiberfil.sys

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========


    ========== Purity Check ==========


    < End of report >
     
  11. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    Can't find thread. What do I do now?
     
  12. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 0942_28-01-2014
    -----------------------
    Windows Information
    -----------------------
    Windows Version: Windows 7 Service Pack 1
    Windows Mode: Normal
    Systemroot Path: C:\Windows
    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2014-01-28 02:10:35
    Last Success Time for Update Download: 2014-01-28 13:25:14
    Last Success Time for Update Installation: 2014-01-28 04:46:16

    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------

    WVCheck's File Dump
    -----------------------
    C:\Windows\System32\slmgr.vbs.removewat
    Size: 113629 bytes
    Creation; 10/6/2009 14:38:48
    Modification; 10/6/2009 14:38:48
    MD5; 38482a5013d8ab40df0fb15eae022c57
    Matched: *removewat*
    -----------------------
    C:\Windows\System32\slwga.dll
    Size: 13824 bytes
    Creation; 20/11/2010 19:23:48
    Modification; 26/1/2014 11:6:45
    MD5; e61f59694f03806c39e39260b7f17acd
    Matched: slwga.dll
    -----------------------
    C:\Windows\System32\slwga.dll.bak
    Size: 14336 bytes
    Creation; 20/11/2010 19:23:48
    Modification; 20/11/2010 19:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\SysWOW64\slmgr.vbs.removewat
    Size: 113629 bytes
    Creation; 10/6/2009 14:38:48
    Modification; 10/6/2009 14:38:48
    MD5; 38482a5013d8ab40df0fb15eae022c57
    Matched: *removewat*
    -----------------------
    C:\Windows\SysWOW64\slwga.dll
    Size: 13824 bytes
    Creation; 20/11/2010 19:23:48
    Modification; 26/1/2014 11:6:45
    MD5; e61f59694f03806c39e39260b7f17acd
    Matched: slwga.dll
    -----------------------
    C:\Windows\SysWOW64\slwga.dll.bak
    Size: 14336 bytes
    Creation; 20/11/2010 19:23:48
    Modification; 20/11/2010 19:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
    Size: 15360 bytes
    Creation; 20/11/2010 19:24:21
    Modification; 20/11/2010 19:24:21
    MD5; b6d6886149573278cba6abd44c4317f5
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
    Size: 14336 bytes
    Creation; 20/11/2010 19:23:48
    Modification; 20/11/2010 19:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------

    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.

    WVCheck's Missing File Check
    -----------------------
    Missing: C:\Windows\system32\slmgr.vbs
    Matched: %systemroot%\system32\slmgr.vbs
    -----------------------

    WVCheck's MBAM Quarantine Check
    -----------------------
    There were no bad files quarantined by MBAM.

    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.

    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - 861c4346f9281dc0380de72c8d55d6be

    -------- End of File, program close at 0946_28-01-2014 --------
     
  13. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,252
    should be there now.....
     
  14. imshooter

    imshooter Thread Starter

    Joined:
    Jan 25, 2014
    Messages:
    14
  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    imshooter,
    Don't know what the word from Valis means ??
    Do you know each other?
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :processes
      killallprocesses
      
      :OTL
      [2014/01/26 11:43:54 | 000,000,813 | ---- | M] () -- C:\Users\Venom\Desktop\µTorrent.lnk
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [Reboot]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • You can ignore it this time.
    ---------------------------------------------
    Run CKScanner
    Download CKScanner from HERE
    Important - Save it to your desktop.
    Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
    After a couple minutes or less, when some text appears in the box, click Save List To File.
    A message box will verify the file saved. It is important that you run the program just once..
    Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
    -----------------------------------------------------------
    Download MGA Diagnostic Tool to your Desktop.
    • Double click MGADiag.exe to launch the program.
    • Click Continue and let the scan run.
    • When finished it will have created a log.
    • Click Copy.
    • Next open Notepad.
      • Click Start > Run type Notepad click OK.
      • This will open an empty Notepad file.
      • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
      • Save the file to your Desktop.
    • Close MGA Diagnostic Tool.
    • Copy/Paste the Notepad log you just made in your next reply please.

    So we are looking for the CkFiles.txt log and the log from MGA Diagnostics
    askey127
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1118544

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice