Solved Pre-emptive clean just to be sure...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Tibalt

Thread Starter
Joined
Mar 23, 2015
Messages
61
It's a pretty recent new laptop, used it for not long, it's pretty clean but I want to make sure it's without any malicious code lurking around that can't be found before I further upgrade my security. I don't think I did anything problematic with it except use torrents for a bit to get some videos (which is kinda bad security wise, I know) so it overall behaves ok but it has slowed down lately kind of. I realise the problem with torrents is that some code for BD and such might be left behind, so I want to root out all if possible.

Avast free anti scanning in general didn't turn up much. Last week I did an ESET Online scanner that found 4 problem threats and were cleanned, I then did some Panda Cloud Cleaner scans since, nothing new or threatening turned up just usual site malaware. I made disk image, system restore point and registry backup. I didn't want to just use ComboFix blindly, I wanted someone who can maybe interpret data to see if there is anything there so here I am.

I don't think there is much, but some things behave suspiciously damaged, like how Window's IE behaves much slower and weirder, and sometimes Win startup, but that might be performance. I kept Win drive as free as possible however, so I don't see why it slows down even if slightly.

It's a Lenovo IDEPAD series with Windows 7 Ultimate. So getting straight into it here are the FRST SCAN results and Addition....


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by salty-san (administrator) on SALTYSKY (27-01-2016 19:36:16)
Running from C:\Users\salty-san\Desktop
Loaded Profiles: salty-san (Available Profiles: salty-san)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(TorchMedia Inc.) C:\Users\salty-san\AppData\Local\Torch\Update\TorchCrashHandler.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-07-23] (Power Software Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-04] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BB2A1C55-6917-4C3A-8770-C53876319A70}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nyaa.se/
HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://anichart.net/fall
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-04] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-10-05] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-04] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-04] (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-10-05] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\salty-san\AppData\Roaming\Mozilla\Firefox\Profiles\kl9fv1vt.default
FF DefaultSearchEngine: DuckDuckGo
FF Session Restore: -> is enabled.
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-384921765-1548902971-3406650631-1000: TorchVLC -> C:\Users\salty-san\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Panda Security Toolbar - C:\Users\salty-san\AppData\Roaming\Mozilla\Firefox\Profiles\kl9fv1vt.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi [2015-09-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-04]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Search) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-07]
CHR Extension: (Gmail) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-04] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-10] (Intel Corporation)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2016-01-27] (Lenovo)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-10-02] (Visicom Media Inc.)
R2 TorchCrashHandler; C:\Users\salty-san\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217400 2015-12-26] (TorchMedia Inc.) <==== ATTENTION
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2970424 2015-06-29] (AVG Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-08-05] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2014-12-10] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3513048 2015-03-23] (Realtek Semiconductor Corporation )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 19:36 - 2016-01-27 19:36 - 00013811 _____ C:\Users\salty-san\Desktop\FRST.txt
2016-01-27 19:12 - 2016-01-27 19:36 - 00000000 ____D C:\FRST
2016-01-27 19:07 - 2016-01-27 19:07 - 02370560 _____ (Farbar) C:\Users\salty-san\Desktop\FRST64.exe
2016-01-27 17:46 - 2016-01-27 17:46 - 00000322 _____ C:\Users\salty-san\Desktop\New Text Document.txt
2016-01-21 15:04 - 2016-01-21 15:04 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-01-20 21:33 - 2016-01-20 21:33 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-20 18:11 - 2016-01-20 18:11 - 00637139 _____ C:\Users\salty-san\Downloads\Nietzsche-The-Birth-of-Tragedy.pdf
2016-01-20 17:35 - 2016-01-20 17:35 - 00291788 _____ C:\Users\salty-san\Downloads\documents.tips_186269803-nietzsche-nasterea-tragediei-estetica-lui-nietzsche.pdf
2016-01-19 19:50 - 2016-01-19 19:57 - 00001803 _____ C:\Users\salty-san\Desktop\Pup.txt
2016-01-14 12:23 - 2016-01-27 18:03 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2016-01-14 12:23 - 2016-01-14 12:24 - 00002237 _____ C:\Users\salty-san\Desktop\Free Music.lnk
2016-01-14 12:23 - 2016-01-14 12:24 - 00002237 _____ C:\Users\salty-san\Desktop\Free Games.lnk
2016-01-14 12:23 - 2016-01-14 12:24 - 00001407 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2016-01-14 12:23 - 2016-01-14 12:24 - 00001382 _____ C:\Users\salty-san\Desktop\Torch.lnk
2016-01-14 12:20 - 2016-01-14 12:23 - 00000000 ____D C:\Users\salty-san\AppData\Local\Torch
2016-01-09 04:19 - 2016-01-09 04:19 - 00000000 ____D C:\Users\salty-san\Desktop\Start Your Friday With This Animal Collective Acid Trip_files
2016-01-09 04:18 - 2016-01-09 04:19 - 00264562 _____ C:\Users\salty-san\Desktop\Start Your Friday With This Animal Collective Acid Trip.html
2016-01-08 19:04 - 2016-01-08 19:04 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Opera Software
2016-01-08 19:04 - 2016-01-08 19:04 - 00000000 ____D C:\Users\salty-san\AppData\Local\Opera Software
2016-01-08 19:03 - 2016-01-25 17:09 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-08 19:03 - 2016-01-21 17:08 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1452272629
2016-01-08 19:03 - 2016-01-08 19:03 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-01-08 19:03 - 2016-01-08 19:03 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-07 20:32 - 2015-09-14 13:03 - 00039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2016-01-07 20:32 - 2015-01-29 18:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-01-07 03:49 - 2016-01-07 03:49 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-01-07 03:46 - 2016-01-07 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-01-07 03:44 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-01-07 03:44 - 2016-01-07 03:44 - 00000000 ____D C:\Windows\PCHEALTH
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-01-07 03:39 - 2016-01-07 03:39 - 00000000 __RHD C:\MSOCache
2016-01-04 21:53 - 2016-01-04 21:53 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\AVAST Software
2016-01-04 21:53 - 2016-01-04 21:52 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-04 21:52 - 2016-01-23 23:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-04 21:52 - 2016-01-20 15:47 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-04 21:52 - 2016-01-20 15:47 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-04 21:52 - 2016-01-04 21:52 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-04 21:51 - 2016-01-04 21:51 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-04 21:35 - 2016-01-04 21:35 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-04 21:24 - 2016-01-04 21:24 - 00001848 _____ C:\Users\Public\Desktop\IrfanView 64 Thumbnails.lnk
2016-01-04 21:24 - 2016-01-04 21:24 - 00000974 _____ C:\Users\Public\Desktop\IrfanView 64.lnk
2016-01-04 21:24 - 2016-01-04 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-01-04 21:23 - 2016-01-04 21:23 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\IrfanView
2016-01-04 21:23 - 2016-01-04 21:23 - 00000000 ____D C:\Program Files\IrfanView
2016-01-04 21:20 - 2016-01-04 21:25 - 00000000 ____D C:\Program Files\Irfan View
2016-01-03 22:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-01-03 22:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-01-03 22:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-01-03 22:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-01-03 22:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-01-03 22:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-01-03 22:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-01-03 22:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-01-03 22:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-01-03 22:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-01-03 22:35 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-01-03 22:35 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-01-03 22:35 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-01-03 22:35 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-01-03 22:35 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-01-03 22:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-01-03 22:35 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-01-03 22:35 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-01-03 22:27 - 2016-01-26 19:07 - 00001332 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty 2 SinglePlayer.lnk
2016-01-03 22:27 - 2016-01-26 19:07 - 00001332 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty 2 MultiPlayer.lnk
2016-01-03 22:27 - 2016-01-26 19:07 - 00001300 _____ C:\Users\salty-san\Desktop\Call of Duty 2 MultiPlayer.lnk
2016-01-03 22:27 - 2016-01-22 12:39 - 00001300 _____ C:\Users\salty-san\Desktop\Call of Duty 2 SinglePlayer.lnk
2016-01-03 22:27 - 2016-01-03 22:27 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-01-03 21:46 - 2016-01-03 22:44 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-03 13:08 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\LocalLow\Adobe
2016-01-03 13:08 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\Local\CEF
2016-01-03 01:38 - 2016-01-12 21:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-03 01:37 - 2016-01-12 21:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-03 01:37 - 2016-01-03 01:37 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-03 01:36 - 2016-01-03 02:48 - 00000000 ____D C:\ProgramData\Adobe
2016-01-03 01:36 - 2016-01-03 01:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-03 01:35 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 19:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2016-01-27 18:41 - 2015-11-07 23:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 18:11 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-27 18:11 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 18:04 - 2015-11-07 23:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 18:03 - 2015-11-01 22:10 - 00097264 _____ (Lenovo (Beijing) Limited) C:\Windows\system32\LenovoCheck.exe
2016-01-27 18:03 - 2015-11-01 22:10 - 00026608 _____ (Lenovo) C:\Windows\system32\LenovoUpdate.exe
2016-01-27 18:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 18:02 - 2015-11-30 21:24 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-01-26 23:23 - 2015-12-04 11:06 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\vlc
2016-01-26 19:03 - 2015-11-05 13:53 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCTGN
2016-01-21 17:01 - 2015-11-29 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-01-21 17:01 - 2015-11-29 12:06 - 00000000 ____D C:\Program Files\7-Zip
2016-01-21 11:44 - 2015-11-07 23:30 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-21 11:44 - 2015-11-07 23:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-21 00:51 - 2015-11-30 21:24 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2016-01-20 21:33 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-19 21:38 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 21:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-01-19 21:35 - 2015-12-01 16:28 - 00000440 __RSH C:\ProgramData\ntuser.pol
2016-01-17 01:48 - 2015-12-21 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-11 21:21 - 2015-11-29 14:24 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Azureus
2016-01-07 04:41 - 2009-07-14 06:45 - 00432840 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-07 03:49 - 2015-11-04 00:17 - 00111520 _____ C:\Users\salty-san\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-07 03:48 - 2015-12-18 19:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-07 03:46 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2016-01-07 03:46 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-07 03:44 - 2015-12-18 19:11 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-07 03:42 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-07 03:42 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2016-01-04 22:03 - 2015-11-01 15:58 - 00000000 ____D C:\Users\salty-san\.oracle_jre_usage
2016-01-04 22:02 - 2015-11-01 15:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-04 22:02 - 2015-11-01 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-04 22:02 - 2015-11-01 15:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-04 21:42 - 2015-11-30 21:23 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-04 21:40 - 2015-11-30 21:22 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-04 21:39 - 2015-11-30 21:24 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Panda Security
2016-01-03 13:08 - 2015-11-01 12:22 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Adobe

Some files in TEMP:
====================
C:\Users\salty-san\AppData\Local\Temp\i4jdel0.exe
C:\Users\salty-san\AppData\Local\Temp\iv_uninstall.exe
C:\Users\salty-san\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 18:55

==================== End of FRST.txt ============================






Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by salty-san (2016-01-27 19:37:13)
Running from C:\Users\salty-san\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-11-01 10:20:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-384921765-1548902971-3406650631-500 - Administrator - Disabled)
Guest (S-1-5-21-384921765-1548902971-3406650631-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-384921765-1548902971-3406650631-1002 - Limited - Enabled)
salty-san (S-1-5-21-384921765-1548902971-3406650631-1000 - Administrator - Enabled) => C:\Users\salty-san

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.604 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.604 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.604 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Free Virtual Keyboard 3.0.1.0 (HKLM-x32\...\{CA4F9519-1A83-4907-8651-F17073A0E1CE}_is1) (Version: 3.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - )
Microsoft .NET Framework 4.6 (HKLM\...\{94A631D5-B30A-3DD8-B65C-1117C09DA73E}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.5 - Panda Security)
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.9 - Panda Security and Visicom Media Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29084 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0263 - REALTEK Semiconductor Corp.)
Torch (HKU\S-1-5-21-384921765-1548902971-3406650631-1000\...\Torch) (Version: 45.0.0.10802 - Torch Media, Inc) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.)
Wasteland 2 Directors Cut (HKLM-x32\...\Wasteland 2 Directors Cut_is1) (Version: - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00809CEB-983E-4655-913E-27A11EA54648} - System32\Tasks\Opera scheduled Autoupdate 1452272629 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-18] (Opera Software)
Task: {0C38AE2D-18A0-48F0-B68B-E17B888171DD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-04] (AVAST Software)
Task: {214B53EA-5A02-4CBC-B0A5-3C678EC43A48} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-06-29] (AVG Technologies)
Task: {439ADCDD-9069-427F-BA0A-FDAB1AD5F6DA} - System32\Tasks\{229E9532-8EC8-4310-8097-EDD225B446C7} => pcalua.exe -a C:\Users\salty-san\Desktop\unetbootin-windows-613.exe -d C:\Users\salty-san\Desktop
Task: {53E146DF-FA82-4BA4-BCB9-409B6E2C0C41} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {72FCCA83-504A-4CE8-881D-4DD1C857395E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {834A589D-850C-4622-8DEC-0A2633A53246} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-04] (AVAST Software)
Task: {8E7113DE-1211-4F7A-B164-C3F35E10312D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A37295E0-5544-4BDE-AAB5-9F122D4E6FC7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {C673A044-1E70-4CC0-85C5-F079F0C6596C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CA4A6E7F-6B77-414B-B595-97CDD1B0B259} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {CE4E4352-61BE-4AEA-B41F-74A61CC1BA25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\salty-san\Desktop\Free Games.lnk -> C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --run-by-tg hxxp://games.torchbrowser.com
ShortcutWithArgument: C:\Users\salty-san\Desktop\Free Music.lnk -> C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --run-by-tm hxxp://music.torchbrowser.com

==================== Loaded Modules (Whitelisted) ==============

2015-06-29 10:24 - 2015-06-29 10:24 - 00718136 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-29 10:24 - 2015-06-29 10:24 - 00862008 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2016-01-04 21:52 - 2016-01-04 21:52 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-04 21:52 - 2016-01-04 21:52 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-27 11:05 - 2016-01-27 11:05 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012700\algo.dll
2016-01-04 21:52 - 2016-01-04 21:52 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-27 18:46 - 2016-01-27 18:46 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012701\algo.dll
2016-01-04 21:52 - 2016-01-04 21:52 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-18 17:42 - 2015-12-18 17:42 - 21848248 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2015-12-18 17:42 - 2015-12-18 17:42 - 50708664 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\salty-san\Desktop\rufus-2.4.exe:xdg.origin.url
AlternateDataStreams: C:\Users\salty-san\Desktop\rufus-2.4.exe:xdg.referrer.url
AlternateDataStreams: C:\Users\salty-san\Desktop\unetbootin-windows-613.exe:xdg.origin.url

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{01DD5918-283F-4F3C-AC26-AF593412DF9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C05ACD7-2D66-4535-9966-F85B04F67719}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{508DDC13-5096-41A1-BE2C-A24C77183C13}] => (Block) D:\WASTELAND!\Wasteland 2 Directors Cut\Build\WL2.exe
FirewallRules: [TCP Query User{EEB53623-0283-483F-B645-04DD48C46786}C:\users\salty-san\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{14C2698F-42A4-41BB-9169-2211FDC0ECB1}C:\users\salty-san\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.exe
FirewallRules: [TCP Query User{DF6BC443-CABE-4E5A-9F0E-F4C4A78535F6}C:\users\salty-san\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.exe
FirewallRules: [UDP Query User{0D9DECF9-7EE8-4932-81B6-5AA519CD2957}C:\users\salty-san\documents\octgn\octgn\octgn.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.exe
FirewallRules: [{F89C0384-F502-44A5-B00A-9826C8B9E172}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB9DFD0F-5CC0-4A92-A4C5-E4DE9031F0C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F1506A7-0B4D-403B-82D5-6AE0FCD64A81}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{5AD605EC-0ACE-410F-AF39-F69403A72C74}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{8F66185E-5F8E-400B-A15A-8F8DA6CEBB58}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{7C1364C0-55B2-4E6A-BDBE-946DEF92421B}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{AB398789-6E10-407F-87BF-5842378F1A5D}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{B2461A95-D1B5-499E-9E34-DADFF19513C5}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{19FBF323-28DA-4563-9196-790954D5F72D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5D4FF2EB-07A6-4F96-AFF0-58616E255410}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{95B66243-C6D0-4B85-90F6-547B69CE822E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BCFAED00-B5EE-4558-AFC6-E54BC68D9562}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B247EA9C-0A1B-4E95-8AC0-562403FC4950}C:\users\salty-san\documents\octgn\octgn\octgn.online.standaloneserver.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [UDP Query User{260782A1-34CD-4BA2-9F89-72C24BA3BF7B}C:\users\salty-san\documents\octgn\octgn\octgn.online.standaloneserver.exe] => (Allow) C:\users\salty-san\documents\octgn\octgn\octgn.online.standaloneserver.exe
FirewallRules: [TCP Query User{AD90B0F5-5A10-4C62-A7A3-3CBA144F4692}D:\playboard\call of duty 2 full game mp - sp -=aviara=-\call of duty 2\cod2mp_s.exe] => (Block) D:\playboard\call of duty 2 full game mp - sp -=aviara=-\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{E45AB548-5CA2-49FC-BCAA-420157AA80F9}D:\playboard\call of duty 2 full game mp - sp -=aviara=-\call of duty 2\cod2mp_s.exe] => (Block) D:\playboard\call of duty 2 full game mp - sp -=aviara=-\call of duty 2\cod2mp_s.exe
FirewallRules: [{9D79CD9D-1138-4471-9107-72DC3CDE88B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3BFEB175-5043-44EA-B2C6-7D52F51741EE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2E2BBFA3-FB0B-479D-85AD-963E99B02215}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2BEE2144-B70C-4420-BC9E-5A25585FF686}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D12BA3CC-44A7-459F-A64F-35CFFEAEEE25}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{61A9AB3D-FFAC-4CC7-AD78-4CD094336EE2}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{033D788F-5880-45BB-BBD6-7D561EA3B327}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{72627C8F-FBC7-4D33-ABED-39D18C97D4BF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-01-2016 19:00:33 Windows Backup
26-01-2016 19:06:34 PreForum

==================== Faulty Device Manager Devices =============

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 06:20:51 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00003106

Error: (01/27/2016 06:20:51 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000001

Error: (01/27/2016 06:10:17 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x00000270

Error: (01/27/2016 06:04:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 03:17:23 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x0000335e

Error: (01/27/2016 03:17:23 PM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000002

Error: (01/27/2016 11:22:35 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x000036ec

Error: (01/27/2016 11:22:35 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopNum1++, loopNum1 is failed w/err 0x00000001

Error: (01/27/2016 11:06:46 AM) (Source: lupdate) (EventID: 0) (User: )
Description: lupdateloopTime is failed w/err 0x000003b3

Error: (01/27/2016 11:05:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1750

Start Time: 01d158e1cb06be6c

Termination Time: 480

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:


System errors:
=============
Error: (01/27/2016 06:07:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024809

Error: (01/27/2016 06:07:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024809

Error: (01/27/2016 04:32:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/27/2016 04:31:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 04:31:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/26/2016 07:18:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (01/26/2016 07:18:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (01/26/2016 06:27:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/26/2016 06:20:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/26/2016 06:14:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
Date: 2016-01-14 19:28:38.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 19:28:38.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 19:28:38.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 19:28:38.201
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-17 10:29:48.300
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-17 10:29:48.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-17 10:29:48.082
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-16 03:51:45.976
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-16 03:51:45.867
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-12-16 03:51:45.773
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 54%
Total physical RAM: 3981.36 MB
Available physical RAM: 1821.27 MB
Total Virtual: 7960.93 MB
Available Virtual: 5415.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:122.07 GB) (Free:71.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (East) (Fixed) (Total:343.69 GB) (Free:15.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9FA2484)
Partition 1: (Not Active) - (Size=343.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=122.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Hi Tibalt,
------------------------------------------------
You should disable Windows Defender so it doesn't interfere with Avast.
Turn Off Windows Defender

Open Windows Defender by clicking the Start button. In the search box, type Defender, and then, in the list of results, click Windows Defender.
Click Tools, and then Options.
Click Administrator, clear the "Use this program" check box, and then click Save.
Administrator permission required - If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
-----------------------------------------------
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
There are NO Safe ones.
Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

AVG PC TuneUp 2015
Java 8 Update 65
Panda Cloud Cleaner
Panda Security Toolbar
Vuze

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.
-----------------------------------------------------------
Run a New Scan With the Farbar Scan Tool
  • Double click FRST64.exe on your desktop to launch it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
  • Please post the contents in your next reply.

So we are looking for the FRST64 Fixlog.txt results, and the new Frst.txt log.
askey127
 

Attachments

Tibalt

Thread Starter
Joined
Mar 23, 2015
Messages
61
Alright, took those down. But Java seemed curious, was it because I had update 66? And Panda on top too much? Also I forgot to mention but I got all sorts of funky error messages when I tried to open some stuff lately, and I also got one when asked for Admin when I tried to uninstall one of those. So maybe that's corrupted.

I did the fix and scan and everything looks better now, even some errors I had. Here are the logs, I assume you don't need Addition again...

Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by salty-san (2016-02-01 21:18:50) Run:1
Running from C:\Users\salty-san\Desktop
Loaded Profiles: salty-san (Available Profiles: salty-san)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-10-05] ()
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-10-05] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-10-02] (Visicom Media Inc.)
R2 TorchCrashHandler; C:\Users\salty-san\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217400 2015-12-26] (TorchMedia Inc.) <==== ATTENTION
FF Plugin HKU\S-1-5-21-384921765-1548902971-3406650631-1000: TorchVLC -> C:\Users\salty-san\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
FF Extension: Panda Security Toolbar - C:\Users\salty-san\AppData\Roaming\Mozilla\Firefox\Profiles\kl9fv1vt.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi [2015-09-30] [not signed]
2016-01-14 12:23 - 2016-01-27 18:03 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2016-01-14 12:23 - 2016-01-14 12:24 - 00002237 _____ C:\Users\salty-san\Desktop\Free Games.lnk
2016-01-14 12:23 - 2016-01-14 12:24 - 00001382 _____ C:\Users\salty-san\Desktop\Torch.lnk
2016-01-14 12:20 - 2016-01-14 12:23 - 00000000 ____D C:\Users\salty-san\AppData\Local\Torch
2016-01-11 21:21 - 2015-11-29 14:24 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Azureus
2016-01-19 21:35 - 2015-12-01 16:28 - 00000440 __RSH C:\ProgramData\ntuser.pol
Task: {214B53EA-5A02-4CBC-B0A5-3C678EC43A48} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-06-29] (AVG Technologies)
ShortcutWithArgument: C:\Users\salty-san\Desktop\Free Games.lnk -> C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --run-by-tg hxxp://games.torchbrowser.com
ShortcutWithArgument: C:\Users\salty-san\Desktop\Free Music.lnk -> C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --run-by-tm hxxp://music.torchbrowser.com
FirewallRules: [{0F1506A7-0B4D-403B-82D5-6AE0FCD64A81}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{5AD605EC-0ACE-410F-AF39-F69403A72C74}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{8F66185E-5F8E-400B-A15A-8F8DA6CEBB58}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{7C1364C0-55B2-4E6A-BDBE-946DEF92421B}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{AB398789-6E10-407F-87BF-5842378F1A5D}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{B2461A95-D1B5-499E-9E34-DADFF19513C5}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{D12BA3CC-44A7-459F-A64F-35CFFEAEEE25}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{61A9AB3D-FFAC-4CC7-AD78-4CD094336EE2}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{033D788F-5880-45BB-BBD6-7D561EA3B327}] => (Allow) C:\Users\salty-san\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
C:\Users\salty-san\AppData\Local\Torch
C:\Program Files\Panda Security URL Filtering
C:\Program Files (x86)\pandasecuritytb
C:\Windows\System32\DRIVERS\PSKMAD.sys
C:\Program Files (x86)\AVG
C:\Program Files (x86)\Vuze
EmptyTemp:
Cmd: ipconfig /flushdns

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => key removed successfully
"HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value removed successfully
HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => value removed successfully
"HKCR\Wow6432Node\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => key removed successfully
panda_url_filtering => service removed successfully
TorchCrashHandler => service removed successfully
"HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Software\MozillaPlugins\TorchVLC" => key removed successfully
C:\Users\salty-san\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll => moved successfully
panda_url_filteringd => Service stopped successfully.
panda_url_filteringd => service removed successfully
PSKMAD => service removed successfully
TuneUpUtilitiesDrv => service not found.
C:\Users\salty-san\AppData\Roaming\Mozilla\Firefox\Profiles\kl9fv1vt.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi => moved successfully
C:\ProgramData\TorchCrashHandler => moved successfully
C:\Users\salty-san\Desktop\Free Games.lnk => moved successfully
C:\Users\salty-san\Desktop\Torch.lnk => moved successfully
C:\Users\salty-san\AppData\Local\Torch => moved successfully
C:\Users\salty-san\AppData\Roaming\Azureus => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{214B53EA-5A02-4CBC-B0A5-3C678EC43A48} => key not found.
C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013 => key not found.
C:\Users\salty-san\Desktop\Free Games.lnk => not found.
C:\Users\salty-san\Desktop\Free Music.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F1506A7-0B4D-403B-82D5-6AE0FCD64A81} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AD605EC-0ACE-410F-AF39-F69403A72C74} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F66185E-5F8E-400B-A15A-8F8DA6CEBB58} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C1364C0-55B2-4E6A-BDBE-946DEF92421B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB398789-6E10-407F-87BF-5842378F1A5D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2461A95-D1B5-499E-9E34-DADFF19513C5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D12BA3CC-44A7-459F-A64F-35CFFEAEEE25} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61A9AB3D-FFAC-4CC7-AD78-4CD094336EE2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{033D788F-5880-45BB-BBD6-7D561EA3B327} => value removed successfully
"C:\Users\salty-san\AppData\Local\Torch" => not found.
C:\Program Files\Panda Security URL Filtering => moved successfully
C:\Program Files (x86)\pandasecuritytb => moved successfully
C:\Windows\System32\DRIVERS\PSKMAD.sys => moved successfully
C:\Program Files (x86)\AVG => moved successfully
C:\Program Files (x86)\Vuze => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 842.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:21:14 ====


And Scan...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by salty-san (administrator) on SALTYSKY (01-02-2016 21:25:29)
Running from C:\Users\salty-san\Desktop
Loaded Profiles: salty-san (Available Profiles: salty-san)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-07-23] (Power Software Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-04] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BB2A1C55-6917-4C3A-8770-C53876319A70}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nyaa.se/
HKU\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://anichart.net/fall
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-04] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-04] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-04] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\salty-san\AppData\Roaming\Mozilla\Firefox\Profiles\kl9fv1vt.default
FF DefaultSearchEngine: DuckDuckGo
FF Session Restore: -> is enabled.
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-04]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Search) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-07]
CHR Extension: (Gmail) - C:\Users\salty-san\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-04] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-10] (Intel Corporation)
S3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2016-02-01] (Lenovo)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-08-05] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-04] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2014-12-10] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3513048 2015-03-23] (Realtek Semiconductor Corporation )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 21:25 - 2016-02-01 21:25 - 00011573 _____ C:\Users\salty-san\Desktop\FRST.txt
2016-02-01 21:18 - 2016-02-01 21:21 - 00008611 _____ C:\Users\salty-san\Desktop\Fixlog 2.txt
2016-02-01 04:33 - 2016-02-01 21:25 - 00000000 ____D C:\Users\salty-san\Desktop\Fixes
2016-02-01 04:31 - 2016-02-01 04:31 - 00000000 ____D C:\Windows\system32\appmgmt
2016-01-30 20:28 - 2016-01-30 20:28 - 00000000 ____D C:\Users\salty-san\Documents\League of Legends
2016-01-27 19:45 - 2016-01-27 21:17 - 00001423 _____ C:\Users\salty-san\Desktop\Malware.txt
2016-01-27 19:12 - 2016-02-01 21:25 - 00000000 ____D C:\FRST
2016-01-27 19:07 - 2016-01-27 19:07 - 02370560 _____ (Farbar) C:\Users\salty-san\Desktop\FRST64.exe
2016-01-27 17:46 - 2016-01-27 17:46 - 00000322 _____ C:\Users\salty-san\Desktop\New Text Document.txt
2016-01-21 15:04 - 2016-01-21 15:04 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-01-20 21:33 - 2016-01-20 21:33 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-20 18:11 - 2016-01-20 18:11 - 00637139 _____ C:\Users\salty-san\Downloads\Nietzsche-The-Birth-of-Tragedy.pdf
2016-01-20 17:35 - 2016-01-20 17:35 - 00291788 _____ C:\Users\salty-san\Downloads\documents.tips_186269803-nietzsche-nasterea-tragediei-estetica-lui-nietzsche.pdf
2016-01-19 19:50 - 2016-01-19 19:57 - 00001803 _____ C:\Users\salty-san\Desktop\Pup.txt
2016-01-14 12:23 - 2016-02-01 21:19 - 00001962 _____ C:\Users\salty-san\Desktop\Free Music.lnk
2016-01-14 12:23 - 2016-01-14 12:24 - 00001407 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2016-01-09 04:19 - 2016-01-09 04:19 - 00000000 ____D C:\Users\salty-san\Desktop\Start Your Friday With This Animal Collective Acid Trip_files
2016-01-09 04:18 - 2016-01-09 04:19 - 00264562 _____ C:\Users\salty-san\Desktop\Start Your Friday With This Animal Collective Acid Trip.html
2016-01-08 19:04 - 2016-01-08 19:04 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Opera Software
2016-01-08 19:04 - 2016-01-08 19:04 - 00000000 ____D C:\Users\salty-san\AppData\Local\Opera Software
2016-01-08 19:03 - 2016-01-25 17:09 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-08 19:03 - 2016-01-21 17:08 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1452272629
2016-01-08 19:03 - 2016-01-08 19:03 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-01-08 19:03 - 2016-01-08 19:03 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-07 20:32 - 2015-09-14 13:03 - 00039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2016-01-07 03:49 - 2016-01-07 03:49 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-01-07 03:46 - 2016-01-07 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-07 03:45 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-01-07 03:44 - 2016-01-07 03:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-01-07 03:44 - 2016-01-07 03:44 - 00000000 ____D C:\Windows\PCHEALTH
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-07 03:41 - 2016-01-07 03:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-01-07 03:39 - 2016-01-07 03:39 - 00000000 __RHD C:\MSOCache
2016-01-04 21:53 - 2016-01-04 21:53 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\AVAST Software
2016-01-04 21:53 - 2016-01-04 21:52 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-04 21:52 - 2016-01-31 01:01 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-04 21:52 - 2016-01-20 15:47 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-04 21:52 - 2016-01-20 15:47 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-04 21:52 - 2016-01-04 21:52 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-04 21:52 - 2016-01-04 21:52 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-04 21:52 - 2016-01-04 21:52 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-04 21:51 - 2016-01-04 21:51 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-04 21:35 - 2016-01-04 21:35 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-04 21:24 - 2016-01-04 21:24 - 00001848 _____ C:\Users\Public\Desktop\IrfanView 64 Thumbnails.lnk
2016-01-04 21:24 - 2016-01-04 21:24 - 00000974 _____ C:\Users\Public\Desktop\IrfanView 64.lnk
2016-01-04 21:24 - 2016-01-04 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-01-04 21:23 - 2016-01-04 21:23 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\IrfanView
2016-01-04 21:23 - 2016-01-04 21:23 - 00000000 ____D C:\Program Files\IrfanView
2016-01-04 21:20 - 2016-01-04 21:25 - 00000000 ____D C:\Program Files\Irfan View
2016-01-03 22:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-01-03 22:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-01-03 22:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-01-03 22:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-01-03 22:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-01-03 22:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-01-03 22:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-01-03 22:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-01-03 22:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-01-03 22:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-01-03 22:35 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-01-03 22:35 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-01-03 22:35 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-01-03 22:35 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-01-03 22:35 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-01-03 22:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-01-03 22:35 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-01-03 22:35 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-01-03 22:27 - 2016-01-26 19:07 - 00001332 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty 2 SinglePlayer.lnk
2016-01-03 22:27 - 2016-01-26 19:07 - 00001332 _____ C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty 2 MultiPlayer.lnk
2016-01-03 22:27 - 2016-01-26 19:07 - 00001300 _____ C:\Users\salty-san\Desktop\Call of Duty 2 MultiPlayer.lnk
2016-01-03 22:27 - 2016-01-22 12:39 - 00001300 _____ C:\Users\salty-san\Desktop\Call of Duty 2 SinglePlayer.lnk
2016-01-03 22:27 - 2016-01-03 22:27 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-01-03 21:46 - 2016-01-03 22:44 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-03 13:08 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\LocalLow\Adobe
2016-01-03 13:08 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\Local\CEF
2016-01-03 01:38 - 2016-01-12 21:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-03 01:37 - 2016-01-12 21:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-03 01:37 - 2016-01-03 01:37 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-03 01:36 - 2016-01-03 02:48 - 00000000 ____D C:\ProgramData\Adobe
2016-01-03 01:36 - 2016-01-03 01:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-03 01:35 - 2016-01-03 13:08 - 00000000 ____D C:\Users\salty-san\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-01 21:23 - 2015-11-07 23:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 21:23 - 2015-11-01 22:10 - 00097264 _____ (Lenovo (Beijing) Limited) C:\Windows\system32\LenovoCheck.exe
2016-02-01 21:23 - 2015-11-01 22:10 - 00026608 _____ (Lenovo) C:\Windows\system32\LenovoUpdate.exe
2016-02-01 21:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-01 20:41 - 2015-11-07 23:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 14:48 - 2015-11-30 21:24 - 00000000 ____D C:\ProgramData\panda_url_filtering
2016-02-01 11:19 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-01 11:19 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-01 04:31 - 2015-11-01 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-01 04:31 - 2015-11-01 15:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-31 13:19 - 2015-12-04 11:06 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\vlc
2016-01-28 23:47 - 2015-11-07 23:30 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 23:47 - 2015-11-07 23:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-28 08:01 - 2009-07-14 07:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-27 19:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2016-01-26 19:03 - 2015-11-05 13:53 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCTGN
2016-01-21 17:01 - 2015-11-29 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-01-21 17:01 - 2015-11-29 12:06 - 00000000 ____D C:\Program Files\7-Zip
2016-01-20 21:33 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-19 21:38 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 21:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-01-17 01:48 - 2015-12-21 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 04:41 - 2009-07-14 06:45 - 00432840 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-07 03:49 - 2015-11-04 00:17 - 00111520 _____ C:\Users\salty-san\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-07 03:48 - 2015-12-18 19:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-07 03:46 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2016-01-07 03:46 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-07 03:44 - 2015-12-18 19:11 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-07 03:42 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-07 03:42 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2016-01-04 22:03 - 2015-11-01 15:58 - 00000000 ____D C:\Users\salty-san\.oracle_jre_usage
2016-01-04 22:02 - 2015-11-01 15:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-04 21:42 - 2015-11-30 21:23 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-04 21:40 - 2015-11-30 21:22 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-04 21:39 - 2015-11-30 21:24 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Panda Security
2016-01-03 13:08 - 2015-11-01 12:22 - 00000000 ____D C:\Users\salty-san\AppData\Roaming\Adobe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-29 13:27

==================== End of FRST.txt ============================
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Tibalt,
------------------------------------------------------------
About Java:
Java Issue
You may want to read these before you decide whether to keep Java on your system:
http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/
http://www.itworld.com/article/2940...-make-yahoo-your-default-search-provider.html
If you somehow REQUIRE Java, you can re-install, but most Security experts don't allow it on their machines.
(This has nothing to do with the javascript used by most browsers.)
------------------------------------------------------------
You should only have ONE antivirus on the machine.
AVG and/or Panda will interfere with each other and with Avast.
(AVG has decided to start selling the information about all machines on which it resides, by the way)
You can have Malwarebytes Anti-malware or SuperAntiSpyware on there because they are not actual antivirus apps, and they are specifically designed to co-exist with AVs.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Malware Protection Live

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

Some applications resort to malicious tactics to prevent removal.
Let me know if you see remnants of any programs we removed.
askey127
 

Attachments

Tibalt

Thread Starter
Joined
Mar 23, 2015
Messages
61
Hmm...I wasn't sure about Java, I thought I heard about problems with it, but I thought it was mostly just Adobe Flash. Well I needed it for something and some applications, but very rarely and haven't used since, I guess I could uninstall until I absolutely need it.

Panda Cloud Cleaner was more like a separate tool that just ran when I told it, so I didn't think it would conflict, but whatever, just to be sure. Avast did look shady to me as it kept trying to advertise upgrades and the virus scan info seems very limited but I did notice it block threats. It felt stiff for freeware so I guess I know why now, might as well switch it sicne the whole plan of this was to upgrade security. Can only stick to freeware though.

Malaware Protection Live is something I noticed as suspicious before but I thought I removed it. No uninstall happened now when I pressed it, it just vanished. Also another thing this infection seemed to have damage is Opera Browser, mainly just when I right click it on Windows Bar it shows none of the advanced options like Incognito and such, and Chrome is the same. Weird...

Thanks a lot though. And I suppose that's it then?


Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by salty-san (2016-02-01 22:53:09) Run:2
Running from C:\Users\salty-san\Desktop
Loaded Profiles: salty-san (Available Profiles: salty-san)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-04] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-04] (Oracle Corporation)
C:\Users\salty-san\AppData\Local\Torch
C:\Program Files (x86)\Panda Security
C:\ProgramData\Panda Security
C:\Program Files (x86)\Java
EmptyTemp:
Cmd: ipconfig /flushdns



*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll => moved successfully
C:\Users\salty-san\AppData\Local\Torch => moved successfully
C:\Program Files (x86)\Panda Security => moved successfully
C:\ProgramData\Panda Security => moved successfully
C:\Program Files (x86)\Java => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 80.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:54:21 ====
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Tibalt,
---------------------------------------------
All the free antivirus have some kind of "hook".
The only one free of encumbrance is the Microsoft Security Essentials
-----------------------------------------------------------------
Run A Scan With SystemLook
Please download SystemLook from the download mirror and save it to your Desktop.
Download Mirror #1 (64-bit)
  • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *malware protection*
    *malwareprotection*
    :folderfind
    *malware protection*
    *malwareprotection*
    :regfind
    malware protection
    malwareprotection
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
 

Tibalt

Thread Starter
Joined
Mar 23, 2015
Messages
61
Ok there are some suspicious things going on but I think I found the problem. I forgot to mention but the Torch browser, which I have installed also has a built in torrenting function that I used. It's also default one. So I think some weaknesses are there, and maybe in IE too which acts up in many ways.

Te weird thing that happened is that I randomly got some "browser links" placet on my desktop to sites, like homepage and such. But the weirdest one of all those links is one to this very topic, lol. So "IT knows"! Happened when I opened Torch just now for a bit for a few links.

Also Vuze icon popped back and it looks "broken" like a few other icons on desktop for Torch. I posted a screenshot of it, so I guess we will look into Torch before I remove it just to be on the safe side? Since the scan didn't turn up anything.


SystemLook 04.09.10 by jpshortstuff
Log created at 18:52 on 02/02/2016 by salty-san
Administrator - Elevation successful

========== filefind ==========

Searching for "*malware protection*"
No files found.

Searching for "*malwareprotection*"
No files found.

========== folderfind ==========

Searching for "*malware protection*"
No folders found.

Searching for "*malwareprotection*"
No folders found.

========== regfind ==========

Searching for "malware protection"
No data found.

-= EOF =-
 

Attachments

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Tibalt,
We need to delete all of Torch. Otherwise it will keep loading garbage onto your machine.
Let's find the bulk of it.
---------------------------------------------
Run A Scan With SystemLook
  • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *torch*
    *vuze*
    :folderfind
    *torch*
    *vuze*
    :regfind
    torch
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
 

Tibalt

Thread Starter
Joined
Mar 23, 2015
Messages
61
Oh well yeah, remove it all is what I want too, I just meant that I shouldn't uninstall first in case that makes something be missed or get away. Ok log happened this time, and it's pretty big, wtf...


SystemLook 04.09.10 by jpshortstuff
Log created at 20:29 on 02/02/2016 by salty-san
Administrator - Elevation successful

========== filefind ==========

Searching for "*torch*"
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\TorchInstaller.dll --a---- 1422712 bytes [10:22 14/01/2016] [18:05 26/12/2015] 44333CCCEDCADD85F320D5BB20B37838
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\torch.exe --a---- 761352 bytes [10:22 14/01/2016] [21:24 26/12/2015] 8C331B27391293841976921ACC8D396F
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_default_apps\torch_games_app.crx --a---- 5755 bytes [10:22 14/01/2016] [21:24 26/12/2015] F30710D0B9135F24E0A523438C5ED6AF
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_default_apps\torch_music_app.crx --a---- 5624 bytes [10:22 14/01/2016] [21:24 26/12/2015] 9CAFA4B0B285B4C5E6ADA209965F06E4
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_default_apps\torch_torrent_app.crx --a---- 5776 bytes [10:22 14/01/2016] [21:24 26/12/2015] 80FAFD06911B570B0A181965FC82B991
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_extensions\torchhelper.crx --a---- 116329 bytes [10:22 14/01/2016] [21:24 26/12/2015] 482C4ECFF8E162AA040773AAFA198684
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_extensions\torch_games_ext.crx --a---- 6620 bytes [10:22 14/01/2016] [21:24 26/12/2015] A301E6174CE5E325CA7A621879D5D0AF
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_extensions\torch_music_ext.crx --a---- 346664 bytes [10:22 14/01/2016] [21:24 26/12/2015] E98A76222386515D123F2AB1DED212CF
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Update\TorchCrashHandler.exe --a---- 1217400 bytes [10:22 14/01/2016] [21:25 26/12/2015] 3F930629C7503FD7C74F24F8F1918B65
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Update\TorchNotifier.exe --a---- 1008504 bytes [10:22 14/01/2016] [21:25 26/12/2015] D8EE184CA02F5D5DF319836B035187F7
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Update\45.0.0.10802\TorchUpdate.exe --a---- 1122816 bytes [10:22 14/01/2016] [22:35 02/11/2015] B94B661413FD73E1EEDF76934707E80E
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\User Data\torch_shutdown_ms.txt --a---- 5 bytes [20:46 01/02/2016] [20:46 01/02/2016] BF44EFDE99386920D25FE0FE1840D85D
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo\1.2.0.10699_0\images\torch_32x32.png --a---- 1965 bytes [20:09 01/02/2016] [09:13 25/05/2015] ED3D8A64FF68A01413FBB43C722A60A6
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo\1.2.0.10839_0\images\torch_32x32.png --a---- 1965 bytes [15:17 14/01/2016] [09:13 25/05/2015] ED3D8A64FF68A01413FBB43C722A60A6
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk\1.1.0.10610_0\images\torch_32x32.png --a---- 1965 bytes [20:09 01/02/2016] [09:13 25/05/2015] ED3D8A64FF68A01413FBB43C722A60A6
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed\1.0.0.10786_0\images\torch_search_button.png --a---- 1592 bytes [20:09 01/02/2016] [09:13 25/05/2015] DA2EC6923BDA3F3AA8CBF05EFD65A3E7
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed\1.0.0.10786_0\images\torch_search_button_focus.png --a---- 1774 bytes [20:09 01/02/2016] [09:13 25/05/2015] 2F3FC2038A3D373476CD81123A029A41
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\User Data\Default\Local Storage\http_home.torchbrowser.com_0.localstorage --a---- 5120 bytes [04:19 17/01/2016] [20:13 19/01/2016] 6FF7F222BFD3D8BC5C1E9909173DC64C
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\User Data\Default\Local Storage\http_home.torchbrowser.com_0.localstorage-journal --a---- 0 bytes [04:19 17/01/2016] [20:13 19/01/2016] D41D8CD98F00B204E9800998ECF8427E
C:\FRST\Quarantine\C\Users\salty-san\Desktop\Torch.lnk.xBAD --a---- 1382 bytes [10:23 14/01/2016] [10:24 14/01/2016] B42DAF591D99A4CFC94CB66E75DD120F
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.183\deploy\assets\images\abilities\ViktorChaosStorm.png --a---- 8765 bytes [14:22 01/11/2015] [14:22 01/11/2015] AD5B0DFBC08981E3E5147AED96378C7F
C:\Users\salty-san\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O58J9LVX\Damn Torch![1].PNG --a---- 239874 bytes [17:46 02/02/2016] [17:46 02/02/2016] DA18FE593C9C0D96A624FAED5D872251
C:\Users\salty-san\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TAIZF4E0\Damn Torch![1].PNG --a---- 239874 bytes [17:45 02/02/2016] [17:45 02/02/2016] DA18FE593C9C0D96A624FAED5D872251
C:\Users\salty-san\AppData\Local\Torch\User Data\torch_shutdown_ms.txt --a---- 4 bytes [18:07 02/02/2016] [18:07 02/02/2016] B4C565C8C208F2950A8134F1A4A6E170
C:\Users\salty-san\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo\1.2.0.10839_0\images\torch_32x32.png --a---- 1965 bytes [16:20 02/02/2016] [09:13 25/05/2015] ED3D8A64FF68A01413FBB43C722A60A6
C:\Users\salty-san\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk\1.1.0.10610_0\images\torch_32x32.png --a---- 1965 bytes [15:20 02/02/2016] [09:13 25/05/2015] ED3D8A64FF68A01413FBB43C722A60A6
C:\Users\salty-san\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed\1.0.0.10912_0\images\torch_search_button.png --a---- 1592 bytes [16:21 02/02/2016] [09:13 25/05/2015] DA2EC6923BDA3F3AA8CBF05EFD65A3E7
C:\Users\salty-san\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed\1.0.0.10912_0\images\torch_search_button_focus.png --a---- 1774 bytes [16:21 02/02/2016] [09:13 25/05/2015] 2F3FC2038A3D373476CD81123A029A41
C:\Users\salty-san\AppData\Local\Torch\User Data\Default\Local Storage\http_home.torchbrowser.com_0.localstorage --a---- 5120 bytes [16:20 02/02/2016] [16:20 02/02/2016] 0BE1F55A5F70BEBC6EE8BFEF639A745B
C:\Users\salty-san\AppData\Local\Torch\User Data\Default\Local Storage\http_home.torchbrowser.com_0.localstorage-journal --a---- 0 bytes [16:20 02/02/2016] [16:20 02/02/2016] D41D8CD98F00B204E9800998ECF8427E
C:\Users\salty-san\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk --a---- 1186 bytes [10:23 14/01/2016] [10:23 14/01/2016] 80E5DEF4696AB3B0D99BD399B4D58B67
C:\Users\salty-san\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk --a---- 1934 bytes [10:23 14/01/2016] [20:09 01/02/2016] E419AED75FB2ACF21E2C339F003D0EAD
C:\Users\salty-san\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk --a---- 1407 bytes [10:23 14/01/2016] [10:24 14/01/2016] A3E660BFDB07271CA574F999AB8FAC01
C:\Users\salty-san\Desktop\Damn Torch!.PNG --a---- 239874 bytes [16:20 02/02/2016] [16:20 02/02/2016] DA18FE593C9C0D96A624FAED5D872251
C:\Users\salty-san\Pictures\1221 Torch!.png --a---- 2360946 bytes [10:22 14/01/2016] [10:22 14/01/2016] 392309E5D0F68BF1F35C762DC40B7B71
C:\Users\salty-san\Pictures\1227 Torch Torrent!!.png --a---- 1937079 bytes [10:27 14/01/2016] [10:27 14/01/2016] D1388A515A6E52F5B54960F876201CA6
C:\Users\salty-san\Pictures\21st Century Cop Torch!!.png --a---- 1538332 bytes [10:25 14/01/2016] [10:25 14/01/2016] 3206BA3D4245476463BA754B33DE66B5
C:\Windows\Prefetch\TORCH.EXE-10A0CA4C.pf --a---- 164796 bytes [20:09 01/02/2016] [18:04 02/02/2016] 42BA959C0CD901ABB54A38E2A55B02DA
C:\Windows\Prefetch\TORCH.EXE-6EDD1602.pf --a---- 229940 bytes [02:29 01/02/2016] [02:29 01/02/2016] EF4982CAB04A09FD6F0FB9B59692C458
C:\Windows\Prefetch\TORCHUPDATE.EXE-89F9A6A6.pf --a---- 16874 bytes [02:29 01/02/2016] [02:29 01/02/2016] B7C3F51FFE21BB4B5505939CB60F829A

Searching for "*vuze*"
C:\FRST\Quarantine\C\Program Files (x86)\Vuze\Vuze.ico --a---- 55652 bytes [12:24 29/11/2015] [16:16 03/06/2012] 70B3D77F119821239FB492F4B4F69043
C:\FRST\Quarantine\C\Program Files (x86)\Vuze\VuzeFW.exe --a---- 44544 bytes [12:24 29/11/2015] [07:26 30/07/2015] ABD9AD414A0A8E81BDFF50BC6A51CED8
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\VuzeActivities.config --a---- 603 bytes [12:24 29/11/2015] [02:26 01/02/2016] F68AE6351F0EC13FD1487DB409A8D903
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\VuzeActivities.config.bak --a---- 603 bytes [19:07 01/12/2015] [02:26 01/02/2016] F68AE6351F0EC13FD1487DB409A8D903
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\041E8B37EC28BC9ACA55.vuze --a---- 1201 bytes [20:10 03/01/2016] [20:10 03/01/2016] 94DDB303BED061C7F2B8743A284FF86C
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\0C149F2B0E95452F3307.vuze --a---- 3154 bytes [17:45 08/01/2016] [17:45 08/01/2016] 41E68B41EA0DA5CD546B8955054810AE
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\0FACA75FBAFA7696060B.vuze --a---- 3193 bytes [22:40 31/12/2015] [22:40 31/12/2015] 015205621D7F2843C931148D97626605
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\118F6C274745A47C4A3D.vuze --a---- 3242 bytes [22:40 31/12/2015] [22:40 31/12/2015] 7C00B2FEEF51CC24BD777330D1094757
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\12AA100E7D5C93DF4EA4.vuze --a---- 2919 bytes [22:40 31/12/2015] [22:40 31/12/2015] 406233FED41EEDC4D0DDE8BD80A3D584
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\16025CA9460EAAA190E4.vuze --a---- 1220 bytes [16:47 09/01/2016] [16:47 09/01/2016] 46D2A1BF29BA035C2B36C7DA4EE329D7
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\1700EB24274C9A45BBD3.vuze --a---- 1130 bytes [20:05 03/01/2016] [20:05 03/01/2016] 59448119C51897E90233122307201B36
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\171DD8D004BDDC636121.vuze --a---- 3214 bytes [22:40 31/12/2015] [22:40 31/12/2015] 13793D9F94129E9EB413F753FDF75978
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\26271BB7A691BDEED7C0.vuze --a---- 1144 bytes [19:07 03/01/2016] [19:07 03/01/2016] 7545CB8B42736EA4E193BDC4683F4E88
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\28B9C8122FC248BF3121.vuze --a---- 3212 bytes [19:07 03/01/2016] [19:07 03/01/2016] D31C0210BF6C43C794F3E0865D201A43
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\2D670F3AD5B77DA8FA5A.vuze --a---- 2675 bytes [23:18 01/01/2016] [23:18 01/01/2016] 63B0D2C751DF834D16FB09867102465A
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\2E3E8A569A5B8B01C287.vuze --a---- 3216 bytes [22:40 31/12/2015] [22:40 31/12/2015] AD709B663FEA1EEE65DA33E4150BE0B6
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\347B9498C323984E319B.vuze --a---- 3419 bytes [22:40 31/12/2015] [22:40 31/12/2015] C47419C6D5F44634E68096F1B2FCCE9F
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\386EF79F3F21669BB772.vuze --a---- 1179 bytes [16:47 09/01/2016] [16:47 09/01/2016] AB3576F12E453366E0C5A9F12E9D4B24
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\3A354B02703168937C06.vuze --a---- 1202 bytes [21:44 09/01/2016] [21:44 09/01/2016] F61C16D09552E1E1AAF26DF30D828AF5
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\3B76916DDC07E427CCB8.vuze --a---- 1472 bytes [19:55 03/01/2016] [19:55 03/01/2016] 5A58D0F25A07C1B856D475DD6356C43C
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\3BBFF57795C92B63E627.vuze --a---- 1209 bytes [16:47 09/01/2016] [16:47 09/01/2016] 95639004C2DBE5DF936118BF5DAC6F0E
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\3CE7FF15AD5019401884.vuze --a---- 1727 bytes [20:10 03/01/2016] [20:10 03/01/2016] 48A89A313838912F7ABBB4B0DA96072F
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\3F313E897A354753B384.vuze --a---- 1226 bytes [17:50 08/01/2016] [17:50 08/01/2016] 568C63B802AD42C2AF9B040EE7D00F0D
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\3F60379A867D7278A6BD.vuze --a---- 1219 bytes [16:47 09/01/2016] [16:47 09/01/2016] F58F9D0561FDB5BCF58841E4C13C2DA4
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\44B47D665BA01E5E8FC5.vuze --a---- 1319 bytes [21:48 09/01/2016] [21:48 09/01/2016] 21A87AE68D94E201858C0A2706790407
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\46812968BC4B6A27712A.vuze --a---- 3215 bytes [17:55 08/01/2016] [17:55 08/01/2016] A24B1F2A80BAECECF6EFC90FE072F25E
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\4C70F26CD41B67D2CCDA.vuze --a---- 1225 bytes [20:10 03/01/2016] [20:10 03/01/2016] 64A5FD6906021DB9C4FD7B128F5EE62B
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\4C90FEC64B1D0E81CDC2.vuze --a---- 1182 bytes [20:10 03/01/2016] [20:10 03/01/2016] 3C8FEFA1626A884EE095D16B7FDB264E
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\4E9EEF508CE39C1B9934.vuze --a---- 2934 bytes [17:50 08/01/2016] [17:50 08/01/2016] CCFC86CB3BE3D5F935C17B528B611D0D
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\5104299B7F6E02C00DEA.vuze --a---- 2606 bytes [17:45 08/01/2016] [17:45 08/01/2016] 27EB51CA5B4DEF9FFF7F80E14600BD55
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\5666C56D1B7E18C43B5F.vuze --a---- 3215 bytes [17:45 08/01/2016] [17:45 08/01/2016] EDE8ACAF8BC9F77EC5FFA5EF574EBE00
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\566EE565BF9F338984E4.vuze --a---- 1787 bytes [19:55 03/01/2016] [19:55 03/01/2016] 0DEBF8EB568750E982C675CD90035611
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\57E11AA8E89FC014DBA7.vuze --a---- 3144 bytes [17:50 08/01/2016] [17:50 08/01/2016] 73DA68EFF00A114ADF50AED3EEC57C83
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\5E798CED242651D79DA0.vuze --a---- 3237 bytes [00:26 08/01/2016] [00:26 08/01/2016] 6AEAFBC304A9ACBC55A5FEFDC206350F
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\64C5C9450DBA305DBB4C.vuze --a---- 3215 bytes [17:45 08/01/2016] [17:45 08/01/2016] 8CD8508D6CCAA090B133141AE4B9FC74
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\6881EC71E0F1DB749E55.vuze --a---- 3213 bytes [22:40 31/12/2015] [22:40 31/12/2015] A4F1EC27158F166884D9FA6B71469CE7
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\6D56252EE968C8DEC113.vuze --a---- 1312 bytes [20:10 03/01/2016] [20:10 03/01/2016] BED4204F34B514E78E6D5FA34BC8A9CA
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\7186936DA0D55C356A4E.vuze --a---- 3213 bytes [23:18 01/01/2016] [23:18 01/01/2016] 5D78D288A42BB9D06EF9447950095594
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\71A0E7567B07F251B8B8.vuze --a---- 1193 bytes [16:47 09/01/2016] [16:47 09/01/2016] 88F8E3F74D43B0D99A40ED84570EFC7F
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\761B7C2ECF471C5C3602.vuze --a---- 2572 bytes [22:40 31/12/2015] [22:40 31/12/2015] 2ECF0455950BC21D42610CD32A6D0D5B
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\765DC7EB9E5D470FF854.vuze --a---- 2781 bytes [22:40 31/12/2015] [22:40 31/12/2015] 0FB184E6AEF17379E79058F1B7629273
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\7A759D421BC0CBC49912.vuze --a---- 1167 bytes [20:10 03/01/2016] [20:10 03/01/2016] CC0AFE41960366731A6E6B65C01B0C3F
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\7A7E1A1F21690287CC96.vuze --a---- 1196 bytes [16:47 09/01/2016] [16:47 09/01/2016] E3E0C36A6DA5AC46DA6A6E8174329745
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\7BAD528868BCF5F7A39D.vuze --a---- 2606 bytes [22:40 31/12/2015] [22:40 31/12/2015] 9C348E05C09E9576FAC3F3A7928DB66F
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\7C03A16FAB764E64F9DE.vuze --a---- 1253 bytes [16:47 09/01/2016] [16:47 09/01/2016] C53C3C226D06AAB0F78B1907BD6E347E
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\80B675AE59EC25021BBF.vuze --a---- 3256 bytes [19:51 03/01/2016] [19:51 03/01/2016] 3BBCA19B17A4C90EF9A86075502F0A60
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\813823D2E7A16232EC35.vuze --a---- 1213 bytes [16:47 09/01/2016] [16:47 09/01/2016] E1078906A3F8404839A0D05E2BFAAB58
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\8A944F54AAFFA7B43D13.vuze --a---- 1168 bytes [00:26 08/01/2016] [00:26 08/01/2016] D8792C98323E96C6683636405A12DA35
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\8D860B0E01854ABF2D27.vuze --a---- 2874 bytes [19:08 11/01/2016] [19:08 11/01/2016] CED4FABB08BAB465C9AEDF662398FB63
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\8E641FE81D109E8AD901.vuze --a---- 1195 bytes [16:47 09/01/2016] [16:47 09/01/2016] 72428F195C52A167A9AB8EF8F8230956
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\901D59E502E265876772.vuze --a---- 3213 bytes [23:18 01/01/2016] [23:18 01/01/2016] 4A02E25008A3FDEDB8FAC77C109E047C
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\911D8D9EA60B91D4FEA0.vuze --a---- 1148 bytes [16:47 09/01/2016] [16:47 09/01/2016] C77106285A62334258986638272BFE00
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\93395ADBACB402BEBC23.vuze --a---- 1265 bytes [20:10 03/01/2016] [20:10 03/01/2016] 4998E3C9ED9F4FB5E0FAAAAD2CBC6388
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\9508F7751AE3EE71F67B.vuze --a---- 3213 bytes [22:40 31/12/2015] [22:40 31/12/2015] F2F25FF7641BA76FE597FFE73E2C270D
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\99823C110C9C8340C47F.vuze --a---- 1188 bytes [23:18 01/01/2016] [23:18 01/01/2016] D4284961DB4072D35EB3EAB5B0EB11FC
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\9FAD865618A65B26518E.vuze --a---- 1272 bytes [20:10 03/01/2016] [20:10 03/01/2016] 625699C576BD2CB83C2D8308F99634F2
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\A2669434F58CDF188890.vuze --a---- 1210 bytes [16:47 09/01/2016] [16:47 09/01/2016] B4C7365E5808A6CADDB72B489D309E9C
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\A57896484F23EF23A44C.vuze --a---- 1146 bytes [19:07 03/01/2016] [19:07 03/01/2016] E57E9B1F484A75BDB283E1638DC03A1E
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\A60752FECD4BF4009DC7.vuze --a---- 1226 bytes [16:47 09/01/2016] [16:47 09/01/2016] BB80C7D710C80135A483D97EF01DCB9C
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\B16A90154F58E2EB1DF3.vuze --a---- 3238 bytes [00:26 08/01/2016] [00:26 08/01/2016] AD84986E5225C8E6E9B1089EFC29F0B8
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\B1E2D9B5AFE60E095D50.vuze --a---- 2918 bytes [23:18 01/01/2016] [23:18 01/01/2016] 5587C6C5927010A60CAE458B850AD3D0
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\B92FB3C9E3BAAD44B771.vuze --a---- 2630 bytes [00:26 08/01/2016] [00:26 08/01/2016] 863CDCBD5ACDB62D7C29653563AB3969
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\BC903A00EF30429929FA.vuze --a---- 1232 bytes [16:47 09/01/2016] [16:47 09/01/2016] 9F443974F4EFF4EF4558F7A9D74F6CDB
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\C3BDBD02C67734AC4FA3.vuze --a---- 3194 bytes [17:45 08/01/2016] [17:45 08/01/2016] 5FA1EE58D9E4085730906379B483B6BA
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\CAFBE4617A8000CDCC65.vuze --a---- 1352 bytes [20:10 03/01/2016] [20:10 03/01/2016] 7F8A96F268963CDC2C63EDF5BF1B3574
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\CCEAC4D69A635973DC96.vuze --a---- 1188 bytes [17:50 08/01/2016] [17:50 08/01/2016] CC6A0E8D31498808A7986617DEEFC28D
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\CD4A48EC143BC60BB971.vuze --a---- 2400 bytes [20:10 03/01/2016] [20:10 03/01/2016] 33978207423002E92087E570BCC231AE
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\DFCAC2D96BA44012CFA0.vuze --a---- 1274 bytes [16:47 09/01/2016] [16:47 09/01/2016] 643289D6C60952A808C6420AAD9BDA26
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\E07C68558951A31EC33B.vuze --a---- 3255 bytes [00:26 08/01/2016] [00:26 08/01/2016] 5D03A5BFACD00224E61131EE7401BD46
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\E2AACE837F46549B8861.vuze --a---- 1121 bytes [16:42 09/01/2016] [16:42 09/01/2016] 5A418DD00236D27A4B357D02A45F31A7
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\F5B36944FA3086EF9629.vuze --a---- 768 bytes [17:50 08/01/2016] [17:50 08/01/2016] 65F9CCDC45E1E1ABB307C6FAF01A7D10
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\F65E98A03511954145EA.vuze --a---- 2545 bytes [19:55 03/01/2016] [19:55 03/01/2016] 043BB88E6C174DC44FADBB3653C49E87
C:\FRST\Quarantine\C\Users\salty-san\AppData\Roaming\Azureus\subs\F7EFE23ABE44E97CEDF6.vuze --a---- 2931 bytes [19:55 03/01/2016] [19:55 03/01/2016] 9891D762C4B62D176552EA57C14C8337
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk --a---- 1848 bytes [12:24 29/11/2015] [12:24 29/11/2015] 0CB49C0C98055AF45D3E5F397CF43234
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Vuze.lnk --a---- 1848 bytes [12:24 29/11/2015] [12:24 29/11/2015] 0CB49C0C98055AF45D3E5F397CF43234
C:\Users\Public\Desktop\Vuze.lnk --a---- 1848 bytes [12:24 29/11/2015] [12:24 29/11/2015] 0CB49C0C98055AF45D3E5F397CF43234
C:\Users\salty-san\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk --a---- 1848 bytes [12:24 29/11/2015] [12:24 29/11/2015] 0CB49C0C98055AF45D3E5F397CF43234
C:\Users\salty-san\Desktop\Fixes\Error Vuze uninstall haha!.png --a---- 367185 bytes [02:37 01/02/2016] [02:37 01/02/2016] 352185CB439E26075BDC883E418A12C6
C:\Users\salty-san\Pictures\21 Dec Vuze OPM.png --a---- 395722 bytes [10:50 21/12/2015] [10:50 21/12/2015] 637CCC22F02206614C8C299FB98C8B0C
C:\Users\salty-san\Pictures\21 Vuze!!.png --a---- 742422 bytes [12:23 29/11/2015] [12:23 29/11/2015] 15C88F47F01C44228891A55C61FE955A
C:\Users\salty-san\Pictures\21% Vuze!.png --a---- 294945 bytes [12:26 29/11/2015] [12:26 29/11/2015] 6D7C076D98ADE96A6987E762B5855438
C:\Users\salty-san\Pictures\2m21s VUzE!.png --a---- 321024 bytes [22:43 31/12/2015] [22:43 31/12/2015] B136010C75AD0935BDAA78FA550C624F
C:\Users\salty-san\Pictures\2m27s Vuze!4.png --a---- 321159 bytes [22:43 31/12/2015] [22:43 31/12/2015] CAB9CBAC5B21BEFFC1668106A7F92B99
C:\Users\salty-san\Pictures\Mon 21 and 7 321 OPM Vuze!!.png --a---- 396072 bytes [10:50 21/12/2015] [10:50 21/12/2015] DEE1C05159C87E4829DE4E1A774EC585

========== folderfind ==========

Searching for "*torch*"
C:\FRST\Quarantine\C\ProgramData\TorchCrashHandler d------ [10:23 14/01/2016]
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch d------ [19:19 01/02/2016]
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch d------ [20:09 01/02/2016]
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_default_apps d------ [10:22 14/01/2016]
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_default_themes d------ [10:22 14/01/2016]
C:\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\45.0.0.10802\torch_extensions d------ [10:22 14/01/2016]
C:\Users\salty-san\AppData\Local\Torch d------ [15:20 02/02/2016]
C:\Users\salty-san\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\salty-san\AppData\Local\Torch d------ [17:45 02/02/2016]

Searching for "*vuze*"
C:\FRST\Quarantine\C\Program Files (x86)\Vuze d------ [12:24 29/11/2015]
C:\Users\salty-san\Documents\Vuze Downloads d------ [12:24 29/11/2015]

========== regfind ==========

Searching for "torch"
[HKEY_CURRENT_USER\Software\Clients\StartmenuInternet]
@="Torch.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\67e5f21_0]
@="{0.0.0.00000000}.{9afd8bc1-4f8e-4de5-9dcc-fdef41d0377b}|\Device\HarddiskVolume1\Users\salty-san\AppData\Local\Torch\Application\torch.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7d2ceb4b_0]
@="{0.0.0.00000000}.{9afd8bc1-4f8e-4de5-9dcc-fdef41d0377b}|\Device\HarddiskVolume1\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\torch.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7fe06a63_0]
@="{0.0.0.00000000}.{36250af9-5c1c-49ef-a82d-5c97dacc2ab6}|\Device\HarddiskVolume1\Users\salty-san\AppData\Local\Torch\Application\torch.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fa9ecf83_0]
@="{0.0.0.00000000}.{810fa67e-c157-405d-9cfe-16d649a589ea}|\Device\HarddiskVolume1\Users\salty-san\AppData\Local\Torch\Application\torch.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
"Path"="C:\Users\salty-san\AppData\Local\Torch\Application"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
"Progid"="Torch.torrent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"DisplayName"="Torch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"UninstallString"=""C:\Users\salty-san\AppData\Local\Torch\uninstall.exe""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"InstallLocation"="C:\Users\salty-san\AppData\Local\Torch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"DisplayIcon"="C:\Users\salty-san\AppData\Local\Torch\uninstall.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"Publisher"="Torch Media, Inc"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Torch]
"tpath"="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"
[HKEY_CURRENT_USER\Software\Torch]
"home"="C:\Users\salty-san\AppData\Local\Torch"
[HKEY_CURRENT_USER\Software\Torch\Update\Clients\{10EF5446-BED9-42A9-B5F4-60CC55926827}]
"name"="Torch"
[HKEY_CURRENT_USER\Software\Torch\Update\Clients\{10EF5446-BED9-42A9-B5F4-60CC55926827}\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_CURRENT_USER\Software\Torch\Update\ClientState\{10EF5446-BED9-42A9-B5F4-60CC55926827}]
"UninstallString"="C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\Installer\setup.exe"
[HKEY_CURRENT_USER\Software\Torch\Update\ClientState\{10EF5446-BED9-42A9-B5F4-60CC55926827}]
"InstallerSuccessLaunchCmdLine"=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe""
[HKEY_CURRENT_USER\Software\Torch\Update\ClientState\{10EF5446-BED9-42A9-B5F4-60CC55926827}]
"UsageStatisticsURL"="service.torchbrowser.com/usage_statistics.php"
[HKEY_CURRENT_USER\Software\Classes\.flv]
@="Torch.flv"
[HKEY_CURRENT_USER\Software\Classes\.htm]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Classes\.htm\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_CURRENT_USER\Software\Classes\.html]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Classes\.html\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_CURRENT_USER\Software\Classes\.shtml]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Classes\.shtml\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="Torch.torrent"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
"Torch.torrent_backup"="Azureus"
[HKEY_CURRENT_USER\Software\Classes\.vob]
@="Torch.vob"
[HKEY_CURRENT_USER\Software\Classes\.webp\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_CURRENT_USER\Software\Classes\.xht]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Classes\.xht\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_CURRENT_USER\Software\Classes\.xhtml]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_CURRENT_USER\Software\Classes\.xhtml\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_CURRENT_USER\Software\Classes\ftp\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_CURRENT_USER\Software\Classes\ftp\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\http\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_CURRENT_USER\Software\Classes\http\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\https\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_CURRENT_USER\Software\Classes\https\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"="Torch"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe"="Torch"
[HKEY_CURRENT_USER\Software\Classes\Magnet]
@="Torch.torrent"
[HKEY_CURRENT_USER\Software\Classes\Magnet\DefaultIcon]
@=""C:\Users\salty-san\AppData\Local\Torch\Association.ico",0"
[HKEY_CURRENT_USER\Software\Classes\Magnet\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\Torch.flv]
[HKEY_CURRENT_USER\Software\Classes\Torch.flv\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_CURRENT_USER\Software\Classes\Torch.flv\shell\open]
@="Open with Torch"
[HKEY_CURRENT_USER\Software\Classes\Torch.flv\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_CURRENT_USER\Software\Classes\Torch.torrent]
[HKEY_CURRENT_USER\Software\Classes\Torch.torrent\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_CURRENT_USER\Software\Classes\Torch.torrent\shell\open]
@="Open with Torch"
[HKEY_CURRENT_USER\Software\Classes\Torch.torrent\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_CURRENT_USER\Software\Classes\Torch.vob]
[HKEY_CURRENT_USER\Software\Classes\Torch.vob\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_CURRENT_USER\Software\Classes\Torch.vob\shell\open]
@="Open with Torch"
[HKEY_CURRENT_USER\Software\Classes\Torch.vob\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_CURRENT_USER\Software\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI]
[HKEY_CURRENT_USER\Software\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI]
@="Torch HTML Document"
[HKEY_CURRENT_USER\Software\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_CURRENT_USER\Software\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\delegate_execute.exe""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
"ServerExecutable"="C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\delegate_execute.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bmp\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.dib\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gif\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ico\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jfif\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpe\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mfp\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdf\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.png\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webm\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithList\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Torch.exe\shell\Read\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\TorchSetup-r20-n-bc.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0CCCE10D-80F0-3B11-BDDF-D10BE459535A}\15.0.0.0]
"Class"="Microsoft.Office.Interop.Access.AcSeparatorCharacters"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI]
@="Torch HTML Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch\Capabilities\URLAssociations]
"magnet"="TorchHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI]
@="Torch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities]
"ApplicationDescription"="Torch is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Torch."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities]
"ApplicationIcon"="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities]
"ApplicationName"="Torch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".htm"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".html"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".shtml"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".xht"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".xhtml"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".webp"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\Startmenu]
"StartMenuInternet"="Torch.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"ftp"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"http"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"https"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"irc"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"mailto"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"mms"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"news"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"nntp"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"sms"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"smsto"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"tel"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"urn"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"webcal"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\InstallInfo]
"ReinstallCommand"=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\InstallInfo]
"HideIconsCommand"=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\InstallInfo]
"ShowIconsCommand"=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
"Path"="C:\Users\salty-san\AppData\Local\Torch\Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Torch.S46N532LMDZGRZ6YBCGV7N3IVI"="Software\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
"Path"="C:\Users\salty-san\AppData\Local\Torch\Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Torch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch\Capabilities\URLAssociations]
"magnet"="TorchHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI]
@="Torch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities]
"ApplicationDescription"="Torch is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Torch."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities]
"ApplicationIcon"="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities]
"ApplicationName"="Torch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".htm"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".html"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".shtml"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".xht"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".xhtml"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\FileAssociations]
".webp"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\Startmenu]
"StartMenuInternet"="Torch.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"ftp"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"http"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"https"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"irc"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"mailto"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"mms"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"news"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"nntp"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"sms"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"smsto"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"tel"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"urn"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities\URLAssociations]
"webcal"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\InstallInfo]
"ReinstallCommand"=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\InstallInfo]
"HideIconsCommand"=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\InstallInfo]
"ShowIconsCommand"=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"Torch.S46N532LMDZGRZ6YBCGV7N3IVI"="Software\Clients\StartMenuInternet\Torch.S46N532LMDZGRZ6YBCGV7N3IVI\Capabilities"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{B9FA2AE3-CF6B-4373-BFB3-CB2AF4317B03}C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe|Name=Torch|Desc=Torch|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{FC5EC47E-2AFF-466A-9577-5CEB0C7EF5F8}C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe|Name=Torch|Desc=Torch|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{B9FA2AE3-CF6B-4373-BFB3-CB2AF4317B03}C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe|Name=Torch|Desc=Torch|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{FC5EC47E-2AFF-466A-9577-5CEB0C7EF5F8}C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe|Name=Torch|Desc=Torch|"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Clients\StartmenuInternet]
@="Torch.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\67e5f21_0]
@="{0.0.0.00000000}.{9afd8bc1-4f8e-4de5-9dcc-fdef41d0377b}|\Device\HarddiskVolume1\Users\salty-san\AppData\Local\Torch\Application\torch.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7d2ceb4b_0]
@="{0.0.0.00000000}.{9afd8bc1-4f8e-4de5-9dcc-fdef41d0377b}|\Device\HarddiskVolume1\FRST\Quarantine\C\Users\salty-san\AppData\Local\Torch\Torch\Application\torch.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7fe06a63_0]
@="{0.0.0.00000000}.{36250af9-5c1c-49ef-a82d-5c97dacc2ab6}|\Device\HarddiskVolume1\Users\salty-san\AppData\Local\Torch\Application\torch.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\fa9ecf83_0]
@="{0.0.0.00000000}.{810fa67e-c157-405d-9cfe-16d649a589ea}|\Device\HarddiskVolume1\Users\salty-san\AppData\Local\Torch\Application\torch.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe]
"Path"="C:\Users\salty-san\AppData\Local\Torch\Application"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
"Progid"="Torch.torrent"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"DisplayName"="Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"UninstallString"=""C:\Users\salty-san\AppData\Local\Torch\uninstall.exe""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"InstallLocation"="C:\Users\salty-san\AppData\Local\Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"DisplayIcon"="C:\Users\salty-san\AppData\Local\Torch\uninstall.exe"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch]
"Publisher"="Torch Media, Inc"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"Progid"="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Torch]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Torch]
"tpath"="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Torch]
"home"="C:\Users\salty-san\AppData\Local\Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Torch\Update\Clients\{10EF5446-BED9-42A9-B5F4-60CC55926827}]
"name"="Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Torch\Update\Clients\{10EF5446-BED9-42A9-B5F4-60CC55926827}\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Torch\Update\ClientState\{10EF5446-BED9-42A9-B5F4-60CC55926827}]
"UninstallString"="C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\Installer\setup.exe"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Torch\Update\ClientState\{10EF5446-BED9-42A9-B5F4-60CC55926827}]
"InstallerSuccessLaunchCmdLine"=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Torch\Update\ClientState\{10EF5446-BED9-42A9-B5F4-60CC55926827}]
"UsageStatisticsURL"="service.torchbrowser.com/usage_statistics.php"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.flv]
@="Torch.flv"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.htm]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.htm\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.html]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.html\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.shtml]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.shtml\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.torrent]
@="Torch.torrent"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.torrent]
"Torch.torrent_backup"="Azureus"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.vob]
@="Torch.vob"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.webp\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.xht]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.xht\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.xhtml]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\.xhtml\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\ftp\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\ftp\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\http\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\http\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\https\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\https\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"="Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe"="Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Magnet]
@="Torch.torrent"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Magnet\DefaultIcon]
@=""C:\Users\salty-san\AppData\Local\Torch\Association.ico",0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Magnet\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.flv]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.flv\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.flv\shell\open]
@="Open with Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.flv\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.torrent]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.torrent\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.torrent\shell\open]
@="Open with Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.torrent\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.vob]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.vob\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.vob\shell\open]
@="Open with Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Torch.vob\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI]
@="Torch HTML Document"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000\Software\Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
"ServerExecutable"="C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\delegate_execute.exe"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.flv]
@="Torch.flv"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.htm]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.htm\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.html]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.html\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.shtml]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.shtml\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.torrent]
@="Torch.torrent"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.torrent]
"Torch.torrent_backup"="Azureus"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.vob]
@="Torch.vob"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.webp\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.xht]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.xht\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.xhtml]
@="TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\.xhtml\OpenWithProgids]
"TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI"=""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\ftp\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\ftp\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\http\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\http\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\https\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\https\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe"="Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\frst\quarantine\c\users\salty-san\appdata\local\torch\torch\application\torch.exe"="Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Magnet]
@="Torch.torrent"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Magnet\DefaultIcon]
@=""C:\Users\salty-san\AppData\Local\Torch\Association.ico",0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Magnet\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.flv]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.flv\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.flv\shell\open]
@="Open with Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.flv\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.torrent]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.torrent\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.torrent\shell\open]
@="Open with Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.torrent\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.vob]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.vob\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Association.ico,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.vob\shell\open]
@="Open with Torch"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Torch.vob\shell\open\command]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI]
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI]
@="Torch HTML Document"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI\DefaultIcon]
@="C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe,0"
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\TorchHTML.S46N532LMDZGRZ6YBCGV7N3IVI\shell\open\command]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\torch.exe" -- "%1""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
@=""C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-384921765-1548902971-3406650631-1000_Classes\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32]
"ServerExecutable"="C:\Users\salty-san\AppData\Local\Torch\Application\45.0.0.10802\delegate_execute.exe"

-= EOF =-
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
If you can actually Uninstall that junk browser, please do it.
..and then Reboot and run the last Systemlook scan again afterward.
It might save me from 500+ lines of Registry entries to go through.
Let me know.
Otherwise it will take a bit of time to evaluate, as you can guess.

This garbage tries to make so many entry points that you can NEVER get rid of it.
We will win, but I need your help.
 

Tibalt

Thread Starter
Joined
Mar 23, 2015
Messages
61
LOL! That sudden change in the tone of this all, it was so out of the blue it made me smirk...I did think it was just really weird that the log file is so huge. Ok, uhm, well Toch I pressed uninstal, but there was no info on it in the Control Panel, and it was just a simple "puff" and it vanished. Needless to say no actual uninstall process took place, and from what I can tell the log is just as huge as the last one, so do I even bother reposting it?

Since Win uninstall got corrupted, aren't there third party freewares to handle this too? ;S.....Sorry this got so messy, haha.
 
Last edited:

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Please don't smirk; it's not funny. It's difficult.
The change in tone is because you are not taking your situation as seriously as I do..
When I ask you to do something, I expect you to do it, not consider it.

I will get back to you, with a very large file to use for a correction.
Meanwhile...
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.

We are going to need it for all that cr... er .. stuff in your registry and elsewhere.
Be back when I am done putting together the FIX.
 
Last edited:

Tibalt

Thread Starter
Joined
Mar 23, 2015
Messages
61
Sorry I didn't mean it like that, just trying to make light hearted conversation out of the situation. I mean, that escalated quickly with that log. I am serious though, I actually had a different machine fall to corruption last year so I know it's got to be thorough, and I did everything you asked so far. So I do appreciate all the effort you put in for someone you don't know.

And I got OTL...Waiting.
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,721
Getting through it, but it's taking a while.
Probably be this evening, East Coast US time before I can get the FIX to you.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top