Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer super slow and registry and virus and spyware problems [Solve


  • This topic is locked This topic is locked

#1
314

314

    Member

  • Member
  • PipPip
  • 65 posts
my computer doesn't work right. it says my drivers are out of date that I have spyware and that I have registry problems and viruses and it is all messed. Please someone help me
  • 0

Advertisements


#2
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
sorry forgot the log and i have rcmp warning that wont let me do anything

here's my log i do have 2nd computer to check this site and flash drive


OTL logfile created on: 3/13/2013 6:19:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.06 Gb Available Physical Memory | 63.63% Memory free
15.89 Gb Paging File | 12.65 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 38.48 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1322.79 Gb Free Space | 94.67% Space Free | Partition Type: NTFS
Drive Z: | 1863.01 Gb Total Space | 741.98 Gb Free Space | 39.83% Space Free | Partition Type: NTFS

Computer Name: 314-PC | User Name: 314 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/13 18:19:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2013/03/10 18:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/02/25 08:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/02/11 17:51:40 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/02/08 14:15:36 | 029,387,072 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2013/02/07 04:26:54 | 003,590,224 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
PRC - [2013/01/24 14:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/01/18 15:25:34 | 000,030,032 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe
PRC - [2013/01/18 15:25:32 | 000,057,152 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\MaxiDisk\maxidisk.exe
PRC - [2013/01/18 15:25:32 | 000,026,448 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\MaxiDisk\mdmonitor.exe
PRC - [2013/01/16 14:47:30 | 000,327,496 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
PRC - [2013/01/16 14:47:30 | 000,026,456 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2013/01/08 11:27:24 | 000,395,224 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2013/01/08 11:27:24 | 000,026,600 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/03 13:57:32 | 034,199,424 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2012/11/13 15:44:34 | 001,502,376 | R--- | M] (eAcceleration Corp) -- C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe
PRC - [2012/10/18 17:57:13 | 000,115,784 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_svc.exe
PRC - [2012/10/18 17:30:16 | 000,264,152 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe
PRC - [2012/08/23 02:09:34 | 000,403,328 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/23 02:08:50 | 006,010,264 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/08/18 22:18:30 | 007,017,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/08/16 17:45:17 | 000,464,856 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Station\station_bk.exe
PRC - [2012/08/15 18:12:45 | 000,146,584 | ---- | M] (eAcceleration) -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
PRC - [2012/07/24 16:13:58 | 000,941,440 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012/01/11 14:48:16 | 000,148,024 | ---- | M] () -- C:\Program Files (x86)\TuneUp360\CareMon.exe
PRC - [2010/11/20 21:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/10/05 23:03:32 | 002,590,032 | ---- | M] (PC TuneUp Labs) -- C:\Program Files (x86)\PC HealthPack\PCHealthPack.exe
PRC - [2009/12/10 16:53:12 | 001,219,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe
PRC - [2009/12/10 16:53:10 | 000,697,104 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2003/04/01 20:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/13 18:14:27 | 001,169,408 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\wx._core_.pyd
MOD - [2013/03/13 18:14:27 | 001,024,616 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\windows._cacheinvalidation.pyd
MOD - [2013/03/13 18:14:27 | 000,807,424 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\wx._windows_.pyd
MOD - [2013/03/13 18:14:27 | 000,792,576 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\wx._gdi_.pyd
MOD - [2013/03/13 18:14:27 | 000,731,136 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\wx._misc_.pyd
MOD - [2013/03/13 18:14:27 | 000,645,120 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\_ssl.pyd
MOD - [2013/03/13 18:14:27 | 000,571,392 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\pysqlite2._sqlite.pyd
MOD - [2013/03/13 18:14:27 | 000,354,304 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\pythoncom26.dll
MOD - [2013/03/13 18:14:27 | 000,311,808 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\_hashlib.pyd
MOD - [2013/03/13 18:14:27 | 000,263,168 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32com.shell.shell.pyd
MOD - [2013/03/13 18:14:27 | 000,153,088 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\pyexpat.pyd
MOD - [2013/03/13 18:14:27 | 000,121,856 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\wx._wizard.pyd
MOD - [2013/03/13 18:14:27 | 000,111,104 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32file.pyd
MOD - [2013/03/13 18:14:27 | 000,110,592 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32security.pyd
MOD - [2013/03/13 18:14:27 | 000,110,592 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\PyWinTypes26.dll
MOD - [2013/03/13 18:14:27 | 000,096,256 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32api.pyd
MOD - [2013/03/13 18:14:27 | 000,086,016 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\_elementtree.pyd
MOD - [2013/03/13 18:14:27 | 000,073,728 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\_ctypes.pyd
MOD - [2013/03/13 18:14:27 | 000,070,656 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\wx._html2.pyd
MOD - [2013/03/13 18:14:27 | 000,040,448 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\_socket.pyd
MOD - [2013/03/13 18:14:27 | 000,039,424 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32inet.pyd
MOD - [2013/03/13 18:14:27 | 000,036,352 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32process.pyd
MOD - [2013/03/13 18:14:27 | 000,023,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32ts.pyd
MOD - [2013/03/13 18:14:27 | 000,022,528 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32pdh.pyd
MOD - [2013/03/13 18:14:27 | 000,017,920 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32profile.pyd
MOD - [2013/03/13 18:14:27 | 000,011,776 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32crypt.pyd
MOD - [2013/03/13 18:14:26 | 001,056,256 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\wx._controls_.pyd
MOD - [2013/03/13 18:14:26 | 000,585,728 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\unicodedata.pyd
MOD - [2013/03/13 18:14:26 | 000,017,920 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\win32event.pyd
MOD - [2013/03/13 18:14:26 | 000,011,776 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33882\select.pyd
MOD - [2013/03/10 18:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 18:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 18:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 18:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 18:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 18:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/25 08:39:32 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/02/19 12:48:10 | 020,340,648 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/01/18 15:25:30 | 000,138,048 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\locale\en\en.dll
MOD - [2013/01/18 15:25:22 | 000,114,496 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\InstallerExtensions.dll
MOD - [2013/01/18 15:25:22 | 000,020,288 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\cwebpage.dll
MOD - [2013/01/16 14:47:42 | 000,408,904 | ---- | M] () -- C:\Program Files (x86)\Uniblue\DriverScanner\locale\en\en.dll
MOD - [2013/01/16 14:47:30 | 000,019,272 | ---- | M] () -- C:\Program Files (x86)\Uniblue\DriverScanner\cwebpage.dll
MOD - [2013/01/16 14:47:28 | 000,114,504 | ---- | M] () -- C:\Program Files (x86)\Uniblue\DriverScanner\InstallerExtensions.dll
MOD - [2013/01/08 11:27:18 | 000,475,096 | ---- | M] () -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\locale\en\en.dll
MOD - [2013/01/08 11:27:06 | 000,114,648 | ---- | M] () -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\InstallerExtensions.dll
MOD - [2013/01/08 11:27:06 | 000,019,416 | ---- | M] () -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\cwebpage.dll
MOD - [2012/12/18 19:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/11 10:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 10:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 10:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/11/29 15:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/08/23 01:32:28 | 001,525,120 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2010/03/29 06:02:48 | 000,520,234 | ---- | M] () -- C:\ProgramData\Babylon\sqlite3.dll
MOD - [2009/02/12 15:26:20 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\madbasic_.bpl
MOD - [2009/02/12 15:26:20 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\maddisAsm_.bpl
MOD - [2003/04/01 20:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/01 16:09:38 | 012,907,520 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe -- (MySQL56)
SRV:64bit: - [2013/01/31 14:42:06 | 000,302,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV:64bit: - [2011/04/20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/13 17:26:37 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe -- (UtilityChest_49Service)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/11 17:51:40 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/01/24 14:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/18 15:25:34 | 000,030,032 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe -- (Uniblue.MaxiDiskSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/18 17:30:16 | 000,264,152 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
SRV - [2012/10/18 17:30:09 | 000,235,480 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_notifysvc.dll -- (eac_notifysvc)
SRV - [2012/08/23 02:11:48 | 001,126,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/22 20:54:44 | 000,182,224 | R--- | M] (eAcceleration Corp) [On_Demand | Stopped] -- C:\Program Files (x86)\StopSign\ThreatScanner\engines\vipre\viprecomsvc.exe -- (viprecomsvc)
SRV - [2012/08/18 22:18:30 | 007,017,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/08/15 18:12:45 | 000,146,584 | ---- | M] (eAcceleration) [Auto | Running] -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe -- (StopSign Update Manager)
SRV - [2012/01/11 14:48:16 | 000,148,024 | ---- | M] () [Auto | Start_Pending] -- C:\Program Files (x86)\TuneUp360\CareMon.exe -- (CareMon)
SRV - [2011/08/15 17:17:10 | 000,202,264 | R--- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\Acceleration Software\Anti-Virus\sstsmonsvc.dll -- (sstsmonsvc)
SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 21:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 16:53:10 | 000,697,104 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe -- (ASRservice)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/13 18:14:34 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/02/11 17:51:40 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/02/11 17:51:39 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/02/11 17:51:39 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/02/11 17:51:38 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/02/11 17:51:38 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/02/11 17:51:36 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/02/11 17:51:36 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/02/08 01:21:19 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/02/01 00:47:52 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/12/19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/02/23 20:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/24 16:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [1999/12/31 18:00:00 | 000,553,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...&si=EL_UTAUS_24
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...&ocid=iehp&tc=3
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 E3 CD 57 41 03 CE 01 [binary data]
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\URLSearchHook: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - No CLSID value found
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes,DefaultScope = {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000c860000957c1
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll (MindSpark)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\314\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\314\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] [2013/03/13 17:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_49.com: C:\Program Files (x86)\UtilityChest_49\bar\1.bin [2013/03/13 17:26:38 | 000,000,000 | ---D | M]

[2013/03/13 17:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...000c860000957c1
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylo...ome?affID=88888
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Babylon Translator = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: DealPly Shopping = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Assistant BHO) - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Toolbar BHO) - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Utility Chest) - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O3 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\Toolbar\WebBrowser: (Utility Chest) - {CF67755F-9265-449C-87CF-B945519E073B} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Advanced Spyware Remover] C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe (IObit)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [SoftwareStation] C:\Program Files (x86)\eAcceleration\Station\station.exe (eAcceleration Corp)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Utility Chest Search Scope Monitor] C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [UtilityChest_49 Browser Plugin Loader] C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [webscan] C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe (eAcceleration Corp)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: NameServer = 74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000 Winlogon: Shell - (C:\Users\314\AppData\Roaming\skype.dat) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fb9f039e-680a-11e2-810d-c860000957c1}\Shell\Option1\Command - "" = G:\HBCD\HBCDMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/13 17:30:41 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\eAcceleration
[2013/03/13 17:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acceleration Software
[2013/03/13 17:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eAcceleration
[2013/03/13 17:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eAcceleration
[2013/03/13 17:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eAcceleration
[2013/03/13 17:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eAcceleration
[2013/03/13 17:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StopSign
[2013/03/13 17:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseFixer
[2013/03/13 17:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\WiseFixer
[2013/03/13 17:26:54 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\UtilityChest_49
[2013/03/13 17:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UtilityChest_49
[2013/03/13 17:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2013/03/13 17:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/03/13 17:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013/03/13 17:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/03/13 17:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Spyware Remover
[2013/03/13 17:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/03/13 17:07:03 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\Babylon
[2013/03/13 17:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/03/13 17:06:58 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Uniblue
[2013/03/13 17:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/03/13 17:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2013/03/13 17:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2013/03/13 17:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2013/03/13 17:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2013/03/13 17:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/13 17:06:36 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Babylon
[2013/03/13 17:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/03/13 17:06:31 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013/03/13 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013/03/13 16:54:28 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\SpeedyPC Software
[2013/03/13 16:54:24 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2013/03/13 16:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2013/03/13 16:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/13 16:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2013/03/13 16:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
[2013/03/13 16:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/13 16:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/13 16:53:40 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\spotmau
[2013/03/13 16:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp360
[2013/03/13 16:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp360
[2013/03/13 16:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp360
[2013/03/13 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\PC HealthPack
[2013/03/13 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\ParetoLogic
[2013/03/13 16:49:23 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013/03/13 16:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2013/03/13 16:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/03/13 16:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2013/03/13 16:48:55 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC HealthPack
[2013/03/13 16:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC HealthPack
[2013/03/13 16:45:42 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\MyTurboPC.com
[2013/03/13 16:45:40 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
[2013/03/13 16:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2013/03/13 16:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTurboPC.com
[2013/03/13 16:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MyTurboPC.com
[2013/03/13 16:43:37 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\PC VITALWARE
[2013/03/13 16:43:35 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC VITALWARE
[2013/03/13 16:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC VITALWARE
[2013/03/13 16:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC VITALWARE
[2013/03/13 16:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC VITALWARE
[2013/03/13 16:40:24 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\PC Utility Kit
[2013/03/13 16:40:24 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\DriverCure
[2013/03/13 16:40:22 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit
[2013/03/13 16:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/03/13 16:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Utility Kit
[2013/03/13 16:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Utility Kit
[2013/03/13 16:11:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/03/13 16:11:35 | 000,000,000 | ---D | C] -- E:\Documents\Flash Player Pro
[2013/03/13 16:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/03/13 16:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/03/13 15:32:47 | 000,000,000 | ---D | C] -- C:\AMD
[2013/03/13 15:28:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/03/13 15:28:14 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013/03/13 15:28:14 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/03/13 15:28:14 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/03/13 15:28:14 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/03/13 15:28:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/03/13 15:28:13 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013/03/13 15:28:13 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013/03/13 15:28:13 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013/03/13 15:28:13 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013/03/13 15:28:13 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013/03/13 15:28:13 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/03/13 15:28:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/03/13 15:28:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/03/13 15:28:13 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013/03/13 15:28:13 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/03/13 15:28:13 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013/03/13 15:28:13 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013/03/13 15:28:13 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/03/13 15:28:13 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013/03/13 15:28:13 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013/03/13 15:28:13 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/03/13 15:28:13 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013/03/13 15:28:13 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013/03/13 15:28:12 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/03/13 15:28:12 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013/03/13 15:28:12 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013/03/13 15:28:12 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013/03/13 15:28:12 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013/03/13 15:28:12 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013/03/13 15:28:12 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013/03/13 15:28:12 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013/03/13 15:28:12 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013/03/13 15:28:12 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013/03/13 15:28:12 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013/03/13 15:28:12 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013/03/13 15:28:12 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013/03/13 15:28:12 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013/03/13 15:28:12 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013/03/13 15:28:12 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013/03/13 15:28:12 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/03/13 15:28:12 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013/03/13 15:28:12 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013/03/13 15:28:12 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013/03/13 15:28:11 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013/03/13 14:52:16 | 000,553,576 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/03/13 14:41:37 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\SlimWare Utilities Inc
[2013/03/13 14:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/03/13 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/03/13 14:41:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/03/11 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/03/11 14:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/03/11 14:30:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/03/11 14:11:11 | 000,000,000 | ---D | C] -- C:\Users\314\Desktop\6642_PG347_VISTA
[2013/03/10 03:24:50 | 000,000,000 | --SD | C] -- C:\Users\314\Google Drive
[2013/03/10 03:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/03/09 23:07:10 | 005,037,356 | ---- | C] (Swearware) -- C:\Users\314\Desktop\ComboFix.exe
[2013/03/09 22:56:36 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Mozilla
[2013/02/24 23:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
[2013/02/24 23:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames Interactive
[2013/02/24 23:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/02/19 01:52:39 | 000,000,000 | ---D | C] -- C:\Users\314\VirtualBox VMs
[2013/02/19 01:52:03 | 000,000,000 | ---D | C] -- C:\Users\314\.VirtualBox
[2013/02/19 01:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013/02/19 01:51:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/02/19 01:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013/02/17 00:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2013/02/17 00:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/02/17 00:14:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
[2013/02/17 00:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013/02/17 00:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013/02/17 00:13:42 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2013/02/17 00:00:53 | 000,000,000 | ---D | C] -- E:\Documents\StarCraft II
[2013/02/17 00:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2013/02/17 00:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/02/17 00:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/02/16 20:40:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\1
[2013/02/13 03:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHP
[2013/02/13 03:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2013/02/13 03:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2013/02/13 03:31:17 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2013/02/13 03:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySQL
[2013/02/13 03:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2013/02/13 03:30:04 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/02/13 03:30:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/02/13 03:30:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/02/13 03:28:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/02/13 03:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHP 5
[2013/02/11 18:35:58 | 000,000,000 | ---D | C] -- C:\Users\314\Desktop\GHOST32
[2013/02/11 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUHA
[2013/02/11 18:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinUHA

========== Files - Modified Within 30 Days ==========

[2013/03/13 18:22:24 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/13 18:22:24 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/13 18:19:50 | 000,762,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/13 18:19:50 | 000,652,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/13 18:19:50 | 000,113,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/13 18:15:26 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/03/13 18:15:26 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/03/13 18:14:34 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/03/13 18:14:33 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/13 18:14:32 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/13 18:14:32 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/13 18:14:32 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\PC HealthPack Startup.job
[2013/03/13 18:14:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013/03/13 18:14:32 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013/03/13 18:14:32 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\mdmonitor.job
[2013/03/13 18:14:32 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\TuneUp360 Reminder.job
[2013/03/13 18:14:32 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013/03/13 18:14:32 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\MaxiDisk.job
[2013/03/13 18:14:32 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013/03/13 18:13:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/13 18:13:52 | 2105,360,383 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/13 18:13:13 | 000,000,004 | ---- | M] () -- C:\Users\314\AppData\Roaming\skype.ini
[2013/03/13 18:09:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/13 18:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/03/13 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job
[2013/03/13 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2013/03/13 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\PC VITALWARE Registration3.job
[2013/03/13 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/03/13 17:56:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000UA.job
[2013/03/13 17:30:41 | 000,001,997 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\StopSign Software Station.lnk
[2013/03/13 17:30:35 | 000,002,027 | ---- | M] () -- C:\Users\314\Desktop\Scan Now for Viruses and Threats.lnk
[2013/03/13 17:29:52 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\WiseFixer.lnk
[2013/03/13 17:25:16 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/03/13 17:18:45 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/03/13 17:18:45 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job
[2013/03/13 17:18:45 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job
[2013/03/13 17:18:45 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/03/13 17:18:45 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2013/03/13 17:18:45 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\PC HealthPack Scheduled Scan.job
[2013/03/13 17:18:45 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\PC VITALWARE Update3.job
[2013/03/13 17:18:45 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/03/13 17:18:45 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2013/03/13 17:18:45 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.job
[2013/03/13 17:18:45 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\PC MRI.job
[2013/03/13 17:17:02 | 000,001,213 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/03/13 17:17:02 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/03/13 17:16:43 | 000,001,153 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\MaxiDisk.lnk
[2013/03/13 17:16:43 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\MaxiDisk.lnk
[2013/03/13 17:15:43 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Advanced Spyware Remover.lnk
[2013/03/13 17:06:59 | 000,001,174 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/03/13 17:06:59 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2013/03/13 17:06:52 | 000,001,169 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2013/03/13 17:06:52 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2013/03/13 16:54:24 | 000,001,201 | ---- | M] () -- C:\Users\314\Desktop\SpeedyPC Pro.lnk
[2013/03/13 16:54:20 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2013/03/13 16:53:35 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp360.lnk
[2013/03/13 16:49:23 | 000,001,190 | ---- | M] () -- C:\Users\314\Desktop\RegCure Pro.lnk
[2013/03/13 16:48:55 | 000,001,086 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\PC HealthPack.lnk
[2013/03/13 16:48:55 | 000,001,062 | ---- | M] () -- C:\Users\314\Desktop\PC HealthPack.lnk
[2013/03/13 16:45:40 | 000,001,160 | ---- | M] () -- C:\Users\314\Desktop\MyTurboPC.lnk
[2013/03/13 16:43:35 | 000,001,131 | ---- | M] () -- C:\Users\314\Desktop\PC MRI.lnk
[2013/03/13 16:40:22 | 000,001,242 | ---- | M] () -- C:\Users\314\Desktop\PC Utility Kit.lnk
[2013/03/13 16:11:35 | 000,001,103 | ---- | M] () -- C:\Users\314\Desktop\Flash Player Pro.lnk
[2013/03/13 15:00:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/13 14:41:35 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/03/13 10:56:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000Core.job
[2013/03/12 15:11:32 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/10 03:24:50 | 000,001,691 | ---- | M] () -- C:\Users\314\Desktop\Google Drive.lnk
[2013/03/10 01:44:05 | 000,270,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/09 23:07:13 | 005,037,356 | ---- | M] (Swearware) -- C:\Users\314\Desktop\ComboFix.exe
[2013/02/24 23:30:34 | 000,002,267 | ---- | M] () -- C:\Users\Public\Desktop\Play Civilization III.lnk
[2013/02/24 23:29:44 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat
[2013/02/19 01:51:53 | 000,001,100 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2013/02/19 01:51:53 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013/02/17 00:18:48 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/02/17 00:14:08 | 000,000,994 | ---- | M] () -- C:\Windows\winamp.ini
[2013/02/17 00:14:02 | 000,001,813 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\WINAMP.LNK
[2013/02/17 00:14:02 | 000,001,789 | ---- | M] () -- C:\Users\314\Desktop\WINAMP.LNK
[2013/02/11 18:35:33 | 000,000,943 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\WinUHA.lnk
[2013/02/11 18:35:33 | 000,000,919 | ---- | M] () -- C:\Users\314\Desktop\WinUHA.lnk

========== Files Created - No Company Name ==========

[2013/03/13 18:11:13 | 000,000,004 | ---- | C] () -- C:\Users\314\AppData\Roaming\skype.ini
[2013/03/13 17:30:41 | 000,001,997 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\StopSign Software Station.lnk
[2013/03/13 17:30:35 | 000,002,027 | ---- | C] () -- C:\Users\314\Desktop\Scan Now for Viruses and Threats.lnk
[2013/03/13 17:29:52 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\WiseFixer.lnk
[2013/03/13 17:26:00 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/03/13 17:25:57 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/03/13 17:25:16 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/03/13 17:17:04 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2013/03/13 17:17:03 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\dsmonitor.job
[2013/03/13 17:17:02 | 000,001,213 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/03/13 17:17:02 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/03/13 17:16:45 | 000,000,256 | ---- | C] () -- C:\Windows\tasks\MaxiDisk.job
[2013/03/13 17:16:44 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\mdmonitor.job
[2013/03/13 17:16:43 | 000,001,153 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\MaxiDisk.lnk
[2013/03/13 17:16:43 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\MaxiDisk.lnk
[2013/03/13 17:15:43 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Advanced Spyware Remover.lnk
[2013/03/13 17:07:00 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\spmonitor.job
[2013/03/13 17:07:00 | 000,000,254 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013/03/13 17:06:59 | 000,001,174 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/03/13 17:06:59 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2013/03/13 17:06:52 | 000,001,169 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2013/03/13 17:06:52 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2013/03/13 16:54:29 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/03/13 16:54:24 | 000,001,201 | ---- | C] () -- C:\Users\314\Desktop\SpeedyPC Pro.lnk
[2013/03/13 16:54:24 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/13 16:54:24 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/03/13 16:54:24 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/03/13 16:54:20 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2013/03/13 16:53:36 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\TuneUp360 Reminder.job
[2013/03/13 16:53:35 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp360.lnk
[2013/03/13 16:49:26 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/03/13 16:49:23 | 000,001,190 | ---- | C] () -- C:\Users\314\Desktop\RegCure Pro.lnk
[2013/03/13 16:49:23 | 000,000,490 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/13 16:49:23 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/03/13 16:49:23 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2013/03/13 16:48:56 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\PC HealthPack Scheduled Scan.job
[2013/03/13 16:48:56 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\PC HealthPack Startup.job
[2013/03/13 16:48:55 | 000,001,086 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\PC HealthPack.lnk
[2013/03/13 16:48:55 | 000,001,062 | ---- | C] () -- C:\Users\314\Desktop\PC HealthPack.lnk
[2013/03/13 16:45:43 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2013/03/13 16:45:40 | 000,001,160 | ---- | C] () -- C:\Users\314\Desktop\MyTurboPC.lnk
[2013/03/13 16:45:40 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2013/03/13 16:45:40 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.job
[2013/03/13 16:43:38 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\PC VITALWARE Registration3.job
[2013/03/13 16:43:35 | 000,001,131 | ---- | C] () -- C:\Users\314\Desktop\PC MRI.lnk
[2013/03/13 16:43:35 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\PC VITALWARE Update3.job
[2013/03/13 16:43:35 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\PC MRI.job
[2013/03/13 16:40:25 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Registration3.job
[2013/03/13 16:40:22 | 000,001,242 | ---- | C] () -- C:\Users\314\Desktop\PC Utility Kit.lnk
[2013/03/13 16:40:22 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Update3.job
[2013/03/13 16:40:22 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit.job
[2013/03/13 16:11:35 | 000,001,103 | ---- | C] () -- C:\Users\314\Desktop\Flash Player Pro.lnk
[2013/03/13 15:28:13 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/03/13 14:52:16 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013/03/13 14:41:39 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/03/13 14:41:35 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/03/10 03:24:50 | 000,001,691 | ---- | C] () -- C:\Users\314\Desktop\Google Drive.lnk
[2013/02/24 23:30:34 | 000,002,267 | ---- | C] () -- C:\Users\Public\Desktop\Play Civilization III.lnk
[2013/02/24 23:29:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/02/19 01:51:53 | 000,001,100 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2013/02/19 01:51:53 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013/02/17 00:14:02 | 000,001,813 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\WINAMP.LNK
[2013/02/17 00:14:02 | 000,001,789 | ---- | C] () -- C:\Users\314\Desktop\WINAMP.LNK
[2013/02/17 00:13:45 | 000,000,994 | ---- | C] () -- C:\Windows\winamp.ini
[2013/02/17 00:00:53 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/02/11 18:35:33 | 000,000,943 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\WinUHA.lnk
[2013/02/11 18:35:33 | 000,000,919 | ---- | C] () -- C:\Users\314\Desktop\WinUHA.lnk
[2013/02/11 18:32:21 | 001,227,943 | ---- | C] () -- C:\Users\314\Desktop\GHOST32.UHA
[2012/12/31 04:15:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/12/30 13:11:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/12/30 13:11:16 | 000,018,832 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/11 17:52:02 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Acronis
[2013/03/13 17:36:40 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Babylon
[2013/03/13 16:40:24 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\DriverCure
[2013/03/13 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\eAcceleration
[2013/01/10 03:29:51 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\FileZilla
[2013/01/10 03:14:32 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foxit Software
[2013/01/30 13:53:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Hard Disk Sentinel
[2013/02/01 00:45:50 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\MotioninJoy
[2013/03/13 16:45:42 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\MyTurboPC.com
[2013/03/13 16:49:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ParetoLogic
[2013/03/13 16:40:24 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\PC Utility Kit
[2013/03/13 16:43:37 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\PC VITALWARE
[2013/03/13 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\SpeedyPC Software
[2013/03/13 16:53:40 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\spotmau
[2013/03/13 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Uniblue
[2013/02/19 02:05:27 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9638A27E

< End of report >

OTL Extras logfile created on: 3/13/2013 6:19:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 5.06 Gb Available Physical Memory | 63.63% Memory free
15.89 Gb Paging File | 12.65 Gb Available in Paging File | 79.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 38.48 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1322.79 Gb Free Space | 94.67% Space Free | Partition Type: NTFS
Drive Z: | 1863.01 Gb Total Space | 741.98 Gb Free Space | 39.83% Space Free | Partition Type: NTFS

Computer Name: 314-PC | User Name: 314 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150841C6-BFBD-4550-B1CF-41EED86C9459}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{187D659E-840F-48BA-8658-CFD0533448EC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A7D707E-01CE-4592-88AA-25768DBDD51B}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B7E01EC-4DCB-4EB8-AF26-2F0E5258B90B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25D7A3EF-5FC0-4DB9-A7A4-0E9A3F126F85}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E803BD8-2FD3-4921-AA58-65BB01E6249B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{331F9F18-DA63-423A-8FFC-5967041FEC94}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{55855854-A372-44F4-94AA-6104FA36537D}" = rport=445 | protocol=6 | dir=out | app=system |
"{5AD6328B-5ED9-4648-9E1A-0144ACFA3528}" = lport=445 | protocol=6 | dir=in | app=system |
"{6DD41490-D6A3-47F7-9910-8AABF5F06FD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FC6E425-CEC8-42EE-89B0-2A662313353A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{76F3118D-C303-4B54-81F4-0C197C9B8247}" = rport=137 | protocol=17 | dir=out | app=system |
"{7A0BD0E1-AAC6-4071-BA49-A4BF0C0A69B0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{850EBA82-9704-46BF-982E-DEC733D65DC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9D516DA-3F28-44E8-996B-1550247801A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{C4C05879-A3BD-4B24-B2F2-5BD2EF14A1B3}" = lport=137 | protocol=17 | dir=in | app=system |
"{C4EAB0F9-3C7F-4890-8228-8E5E1F3CF078}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D2BB8D44-5259-4F58-BBB0-824F29CD09FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7096FBF-CBCD-4463-9814-2AB232D072F6}" = lport=138 | protocol=17 | dir=in | app=system |
"{FEC54D57-86FA-4BE0-9F8D-3B0D49DAB758}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF5B28F1-735F-4890-BDDA-3F8B9B5E99FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0627207B-A1C1-4122-B7C5-1CC6198FE417}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{083BA7B1-1006-4211-AE93-9EFBF85073C4}" = protocol=1 | dir=in | [email protected],-28543 |
"{1158BF9A-F7AC-424A-A3E5-3951CE240AAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1F01121D-7150-4AA8-9917-0993B05C25B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21D3F4B7-23A6-43ED-8DFF-8D423826AE26}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{267D6D41-35C4-486F-A32F-B8475476F46F}" = protocol=17 | dir=in | app=c:\users\314\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{290FC5C4-50E8-4441-B7B0-9D94AFFE6686}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{2B328ED7-009F-4592-AA82-C070EDB81A23}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{2D9586F8-A07E-4C10-99D8-A64D0AA95BEE}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\harddisksentinelupdate.exe |
"{36B17B42-1212-4CCE-8565-D4B421D35BC1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{37DE8224-1F38-4C76-837C-6D888B3A3E16}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C0DBFFF-9EE4-4D43-95A3-DA4ABDC27F4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{3C2FACB2-0320-4AB0-8A11-A797ECE39A93}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\hdsaction.exe |
"{3DA08DF0-0243-4EBD-9809-594A0AA026E5}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\hdsctrl.exe |
"{441C72B0-7FF8-4E06-A538-FD8F46ACF25F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{49DCC5FC-3802-4A6C-A448-24E497CABEE6}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\hdsentineltray.exe |
"{4B42C839-0A6A-4034-A9FF-AF7781D5BB1A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{4BABC18D-76F9-4ADB-99AB-49FDDB8D9021}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{57CD7A39-8DB5-46B9-96E4-6499611C9FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5B9F908C-4674-445E-B3E7-CD44783F9C57}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{5ED805D3-3D55-4C41-8620-8B58397B90B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61057979-AC09-4F0D-A607-CE6E232787F9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{65D66C00-64CD-4500-9138-4CAA7B199AA3}" = protocol=6 | dir=in | app=c:\users\314\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6716428A-1282-430A-B2FD-6C1B064E4A3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{825AF23B-E2CB-4CC7-95AD-00C7422BB151}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B7D5DDB-14DD-49BA-A1F4-0B893DB9AC09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{91525C86-B610-4627-823A-EA0A4C1BCFA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93462D68-BC7C-4FA6-A2AF-DCBBA683798A}" = dir=in | app=en_conquer2.0_5672_p2p.exe |
"{9A24BF32-F408-4249-8BA5-43BE5C550AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{9F348065-F3F1-4C79-BF2A-4EBF76C56C4F}" = protocol=17 | dir=in | app=c:\users\314\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A3DD9A80-47C4-461C-85DD-D4D5172B331E}" = protocol=6 | dir=in | app=c:\users\314\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A6EA2236-5404-4966-AB74-E9AA9211E85D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller [bleep] & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{AB6A192F-4F92-4B15-9ABB-45BBC87EDEED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1FEA0DC-B92B-4621-A95D-185A882A4ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{B8DBE5E2-D2AA-4448-863E-3A4FF9D516CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFA5B3F6-6AE0-4B5B-A072-E1C1CAD181B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller [bleep] & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{C151468A-CE50-4671-A045-84EB328E87B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{C2402185-A25B-418F-BC97-115F96A1C976}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C90C6485-C172-4ACD-AAF5-CC0E50B13B29}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD724252-47A1-480D-8EF4-7602DFF04FD8}" = protocol=6 | dir=out | app=system |
"{D1042DCE-BD03-4DBD-B9F3-8C5ECF794611}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{D9DFE2FD-4979-419C-8CC9-E61921B8B266}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E013F598-39F0-4461-A87C-779EA91040AA}" = dir=out | app=%programfiles% (x86)\hard disk sentinel\hdsentinel.exe |
"{EA5C1FA3-1A61-4EFF-A6F4-4A2671753B86}" = protocol=58 | dir=in | [email protected],-28545 |
"{F038CB2D-E7D9-4B9D-83A2-55BDE5998B86}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F0FF4E47-362D-46F6-B70D-69909C732182}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FF368598-BCFB-4B2B-942B-4C98796D7D5E}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{0084E5AE-BAB8-462C-A3C2-461305C3AB84}C:\pxe\binl\binlsrv.exe" = protocol=6 | dir=in | app=c:\pxe\binl\binlsrv.exe |
"TCP Query User{616B1D28-690B-4F19-8CD6-2F36942F242F}C:\users\314\downloads\en_conquer2.0_5672_p2p.exe" = protocol=6 | dir=in | app=c:\users\314\downloads\en_conquer2.0_5672_p2p.exe |
"TCP Query User{B6DF694E-BEBD-489B-95C7-BEC589D70A70}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{DA266034-55EE-4F10-9D02-727F5F717D00}C:\pxe\tftpd32\tftpd32.exe" = protocol=6 | dir=in | app=c:\pxe\tftpd32\tftpd32.exe |
"TCP Query User{F846867A-16A5-4F8B-A558-D803B67C9EBB}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{17CAE1D9-121B-4CF2-8E75-859B734602C4}C:\pxe\binl\binlsrv.exe" = protocol=17 | dir=in | app=c:\pxe\binl\binlsrv.exe |
"UDP Query User{388EAADF-C160-4CE8-B7CF-3A0862FDB079}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{416EBF09-7C36-4E8C-ACB9-C8B39ABF78F0}C:\pxe\tftpd32\tftpd32.exe" = protocol=17 | dir=in | app=c:\pxe\tftpd32\tftpd32.exe |
"UDP Query User{A710945A-C9EF-4AFA-A201-49E2511EAE2C}C:\users\314\downloads\en_conquer2.0_5672_p2p.exe" = protocol=17 | dir=in | app=c:\users\314\downloads\en_conquer2.0_5672_p2p.exe |
"UDP Query User{F33FA70A-3259-4CE2-ADDD-6EAA38880D0C}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{56DA0CB5-ABD2-4318-BEAB-62FDBC9B12CC}" = MySQL Server 5.6
"{7AE5C776-8742-4874-B53B-941190171E6D}" = RegHunter
"{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 4.0
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{E9220B1F-33C4-4A89-B34D-38374CFBE2CF}" = Macrium Reflect Free Edition
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0722DE57-0E12-4FB9-AE65-19BD6464940D}" = MySQL Installer
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{106DADAD-B062-4de5-8D1F-3FD2AD195E49}" = PC Utility Kit
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5C1130F5-F955-4319-BFF6-AFE4A42BC3A8}_is1" = MaxiDisk
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{6494069C-49A6-4293-BD60-B3E1994AA71C}" = PC MRI
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}" = [email protected] KillDisk
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9C66287C-1EE7-41AE-8CAF-F2611D94322E}" = PHP 5.3.21
"{A2F37CA8-53F8-4594-B701-32AE64BAED1A}" = MyTurboPC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{ADAEEC53-24AF-4A49-B872-75FCBDA59916}" = True Image 2013
"{ADAEEC53-24AF-4A49-B872-75FCBDA59916}Visible" = True Image 2013
"{C0508079-0000-4F68-A4DF-29C7ED7182C6}" = SlimDrivers
"{C1F2EF4E-CDAA-9B4C-A934-911D4B0D12KC}_is1" = TuneUp360 (Version 7.0.1)
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{EAC98582-5ED4-3BCA-BCD5-9E1A328BD7BE}" = Google Talk Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E38336-0739-405D-AA5E-2CF8A3DD09EF}" = DriverUpdate
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Spyware Remover_is1" = Advanced Spyware Remover
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2012-12-30
"DealPly" = DealPly (remove only)
"EaccelSetup" = StopSign Internet Security
"FileASSASSIN" = FileASSASSIN
"FileZilla Client" = FileZilla Client 3.6.0.2
"Flash Player Pro_is1" = Flash Player Pro V5.4
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"HIS iTurbo" = HIS iTurbo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"PC HealthPack" = PC HealthPack
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 202170" = Sleeping Dogs™
"Steam App 214870" = Painkiller [bleep] & Damnation
"UtilityChest_49bar Uninstall" = Utility Chest Toolbar
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp (remove only)
"WinToFlash Suggestor" = WinToFlash Suggestor
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2013 4:33:43 PM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2013 5:04:49 PM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2013 5:51:40 PM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2013 6:54:33 PM | Computer Name = 314-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RegHunter.exe, version: 1.0.1.0, time stamp:
0x4e5ceea3 Faulting module name: Acp.dll, version: 0.0.0.0, time stamp: 0x4e5cedd1
Exception
code: 0xc0000417 Fault offset: 0x0000000000065e38 Faulting process id: 0x1690 Faulting
application start time: 0x01ce203db7184eef Faulting application path: C:\Program
Files\Enigma Software Group\RegHunter\RegHunter.exe Faulting module path: C:\Program
Files\Enigma Software Group\RegHunter\Acp.dll Report Id: f87c5a17-8c30-11e2-b772-c860000957c1

Error - 3/13/2013 7:19:40 PM | Computer Name = 314-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RegHunter.exe, version: 1.0.1.0, time stamp:
0x4e5ceea3 Faulting module name: Acp.dll, version: 0.0.0.0, time stamp: 0x4e5cedd1
Exception
code: 0xc0000417 Fault offset: 0x0000000000065e38 Faulting process id: 0xff8 Faulting
application start time: 0x01ce204122ec66c8 Faulting application path: C:\Program
Files\Enigma Software Group\RegHunter\RegHunter.exe Faulting module path: C:\Program
Files\Enigma Software Group\RegHunter\Acp.dll Report Id: 7ab509a4-8c34-11e2-bd19-c860000957c1

Error - 3/13/2013 7:20:38 PM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2013 7:39:39 PM | Computer Name = 314-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RegHunter.exe, version: 1.0.1.0, time stamp:
0x4e5ceea3 Faulting module name: Acp.dll, version: 0.0.0.0, time stamp: 0x4e5cedd1
Exception
code: 0xc0000417 Fault offset: 0x0000000000065e38 Faulting process id: 0xd88 Faulting
application start time: 0x01ce2043f6d96a03 Faulting application path: C:\Program
Files\Enigma Software Group\RegHunter\RegHunter.exe Faulting module path: C:\Program
Files\Enigma Software Group\RegHunter\Acp.dll Report Id: 4544b50e-8c37-11e2-b8e8-c860000957c1

Error - 3/13/2013 7:40:50 PM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2013 8:14:57 PM | Computer Name = 314-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RegHunter.exe, version: 1.0.1.0, time stamp:
0x4e5ceea3 Faulting module name: Acp.dll, version: 0.0.0.0, time stamp: 0x4e5cedd1
Exception
code: 0xc0000417 Fault offset: 0x0000000000065e38 Faulting process id: 0x11ac Faulting
application start time: 0x01ce2048e70bb298 Faulting application path: C:\Program
Files\Enigma Software Group\RegHunter\RegHunter.exe Faulting module path: C:\Program
Files\Enigma Software Group\RegHunter\Acp.dll Report Id: 33a2ca0a-8c3c-11e2-afb4-c860000957c1

Error - 3/13/2013 8:15:49 PM | Computer Name = 314-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/11/2013 4:06:54 PM | Computer Name = 314-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/11/2013 4:06:55 PM | Computer Name = 314-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/11/2013 4:31:17 PM | Computer Name = 314-PC | Source = DCOM | ID = 10010
Description =

Error - 3/13/2013 5:02:24 PM | Computer Name = 314-PC | Source = DCOM | ID = 10010
Description =

Error - 3/13/2013 5:33:13 PM | Computer Name = 314-PC | Source = DCOM | ID = 10010
Description =

Error - 3/13/2013 7:18:03 PM | Computer Name = 314-PC | Source = DCOM | ID = 10010
Description =

Error - 3/13/2013 7:38:19 PM | Computer Name = 314-PC | Source = DCOM | ID = 10010
Description =

Error - 3/13/2013 8:13:16 PM | Computer Name = 314-PC | Source = DCOM | ID = 10010
Description =

Error - 3/13/2013 8:15:39 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7034
Description = The Utility ChestService service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/13/2013 8:24:52 PM | Computer Name = 314-PC | Source = Service Control Manager | ID = 7031
Description = The Acronis Nonstop Backup Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.


< End of report >
  • 0

#3
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello 314, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

The good news is the log doesn't show any evidence of a rootkit. Otherwise it's pretty messed up. A lot of that is due to no antivirus in the machine. I know you have IOBIT, but that's not an antivirus. We will get you one once the system is cleaned.
Part of the symptoms you list could be due to the driver updating programs you have on the system. The registry issues could be due to all of the system optimizers and registry cleaners you have and all of the dubious programs like WiseFixer, My Speedy PC, SpeedUpMyPC, IOBIT, TuneUp360, Speedy PC Pro, My Turbo PC, RegCure Pro, PC HealthPack, Advanced Spyware Remover.

And you also have a fake antivirus program called PC Utility Kit

You have driver update programs in the tadk scheduler meaning that they are scheduled to update your drivers. Programs like this are known for screwing up more drivers than they update. The registry cleaners are notorious for killing a registry. We do not recommend any registry cleaners. they just don't provide any benefits.
The warnings could be caused by the fake antivirus program but if you are still getting the driver and registry errors once we have cleaned all the junk from the system and we can't get that straightened out you may need to reset the system back to factory specs. Just preparing you.

The log also showed this

Error - 3/11/2013 4:06:55 PM | Computer Name = 314-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

This could be caused by all of the junk on the system or it could indicate a problem with the hard drive.

While I am reviewing the log I want you to do a few things.
First we need to get OTL where it belongs. OTL is designed to be run from the desktop of the drive with the operating system on in. In this case the C: drive. I want you to copy the OTL.exe file from the E:\Downloads folder to the desktop of the C: drive. Then go to the E:\Downloads folder and delete the OTL.exe, the OTL.txt and the Extras.txt files.

Next I want a couple of additional scans. Make sure the files are downloaded to the desktop of the C: drive. It might also be helpful to download all of the tools to the desktop first and then run them.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes (for ZeroAccess) or "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-2.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 64bits (x64) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • Right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt


Step-4

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The aswMBR log
2. The RKreport.txt log
3. The AdwCleaner[R1].txt log
  • 1

#4
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Here's the logs as you requesed, and thank you agian :) I have also added the RK_Quarantine report aswell

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-13 22:57:18
-----------------------------
22:57:18.901 OS Version: Windows x64 6.1.7601 Service Pack 1
22:57:18.901 Number of processors: 6 586 0x102
22:57:18.902 ComputerName: 314-PC UserName: 314
22:57:19.169 Initialize success
22:57:34.602 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:57:34.604 Disk 0 Vendor: OCZ-VERTEX3 2.22 Size: 114473MB BusType: 11
22:57:34.606 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
22:57:34.608 Disk 1 Vendor: ST1500DL003-9VT16L CC32 Size: 1430799MB BusType: 11
22:57:34.611 Disk 0 MBR read successfully
22:57:34.613 Disk 0 MBR scan
22:57:34.616 Disk 0 Windows 7 default MBR code
22:57:34.618 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:57:34.621 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
22:57:34.625 Disk 0 scanning C:\Windows\system32\drivers
22:57:35.636 Service scanning
22:57:38.116 Modules scanning
22:57:38.122 Disk 0 trace - called modules:
22:57:38.130 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vidsflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:57:38.135 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800755b060]
22:57:38.139 3 CLASSPNP.SYS[fffff880019be43f] -> nt!IofCallDriver -> [0xfffffa8007461b30]
22:57:38.143 5 vidsflt.sys[fffff88000fe45cd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006deb060]
22:57:38.147 Scan finished successfully
22:57:58.760 Disk 0 MBR has been saved successfully to "C:\Users\314\Desktop\MBR.dat"
22:57:58.767 The log file has been saved successfully to "C:\Users\314\Desktop\aswMBRlog.txt"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V8.5.3 _x64_ [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : 314 [Admin rights]
Mode : Scan -- Date : 03/13/2013 23:02:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\314\AppData\Roaming\skype.dat) [x] -> FOUND
[SHELL][Rans.Gendarm] HKUS\S-1-5-21-3361998210-192212384-1650811137-1000[...]\Winlogon : shell (explorer.exe,C:\Users\314\AppData\Roaming\skype.dat) [x] -> FOUND
[TASK][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe [-] -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04} : NameServer (74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04} : NameServer (74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-VERTEX3 ATA Device +++++
--- User ---
[MBR] 2e1e8e3b57c28408925e70e426ca5fc4
[BSP] 2199ba5a796029b0a4b50f27562bcf94 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST1500DL003-9VT16L ATA Device +++++
--- User ---
[MBR] 3cc1df2336373ab2790dd55417dbaa70
[BSP] ec85f2a3d418a084ac39ca131f06a164 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03132013_02d2302.txt >>
RKreport[1]_S_03132013_02d2302.txt





Time : 13/03/2013 23:02:05
--------------------------
ERROR [skype.dat.vir] -> C:\Users\314\AppData\Roaming\skype.dat
ERROR [skype.dat.vir] -> C:\Users\314\AppData\Roaming\skype.dat
[DAODx.exe.vir] -> C:\Windows\DAODx.exe


# AdwCleaner v2.114 - Logfile created 03/13/2013 at 23:04:55
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : 314 - 314-PC
# Boot Mode : Normal
# Running from : C:\Users\314\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Public\Desktop\Babylon.lnk
Folder Found : C:\Program Files (x86)\Babylon
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\DealPly
Folder Found : C:\Program Files\Babylon
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found : C:\Users\314\AppData\Local\Babylon
Folder Found : C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\314\AppData\Local\Temp\Babylon
Folder Found : C:\Users\314\AppData\Roaming\Babylon
Folder Found : C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\UpdateStar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\Software\DealPly
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Found : HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^xdm038^YY^ca&ptb=7B9D17A4-E932-49CB-AD8C-683A1CF61BDD&si=EL_UTAUS_24

-\\ Google Chrome v25.0.1364.172

File : C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.27] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Found [l.30] : keyword = "babylon.com",
Found [l.33] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=88888&babsrc=SP_def&mntrId=30184c70000000000000c860000957c1",
Found [l.1759] : homepage = "hxxp://search.babylon.com/home?affID=88888",
Found [l.2231] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/home?affID=88888" ]

*************************

AdwCleaner[R1].txt - [13230 octets] - [13/03/2013 23:04:55]

########## EOF - C:\AdwCleaner[R1].txt - [13291 octets] ##########
  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK, lets kill some nasties and get the junk removed.

Do you know anything about Linod hosting company out of Galloway NJ, or Nobis Technology Group, LLC out of Phoenix?


Step-1.

Re-run RogueKiller

Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on the Delete button.

    Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-3.

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
/md5stop
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above
2. The RKreport.txt logs
3. The AdwCleaner[S1].txt log
4. The JRT.txt log
5. The new OTL.txt log
  • 1

#6
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
No I have not heard of those companies, also it still looks to me like I still have a bunch of crap on my computer such as: PC Utility Kit, PC MRI, MyTurboPC, PC HealthPack, Regcure Pro, TuneUp360,RegHunter, SpeedyPC Pro, SpeedUpMyPC, Advanced Spyware Remover, Maxidisk, DriverScanner, DriverUpdate, WiseFixer, StopSign software, Flash Player Pro.

Just thought I'd let you know. Here's your logs thank you:)

RogueKiller V8.5.3 _x64_ [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : 314 [Admin rights]
Mode : Scan -- Date : 03/14/2013 11:35:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\314\AppData\Roaming\skype.dat) [x] -> FOUND
[SHELL][Rans.Gendarm] HKUS\S-1-5-21-3361998210-192212384-1650811137-1000[...]\Winlogon : shell (explorer.exe,C:\Users\314\AppData\Roaming\skype.dat) [x] -> FOUND
[TASK][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe [-] -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04} : NameServer (74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04} : NameServer (74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-VERTEX3 ATA Device +++++
--- User ---
[MBR] 2e1e8e3b57c28408925e70e426ca5fc4
[BSP] 2199ba5a796029b0a4b50f27562bcf94 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST1500DL003-9VT16L ATA Device +++++
--- User ---
[MBR] 3cc1df2336373ab2790dd55417dbaa70
[BSP] ec85f2a3d418a084ac39ca131f06a164 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_03142013_02d1135.txt >>
RKreport[1]_S_03132013_02d2302.txt ; RKreport[2]_S_03142013_02d1135.txt


RogueKiller V8.5.3 _x64_ [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : 314 [Admin rights]
Mode : Remove -- Date : 03/14/2013 11:37:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\314\AppData\Roaming\skype.dat) [x] -> DELETED
[TASK][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe [-] -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04} : NameServer (74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04} : NameServer (74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79) -> NOT REMOVED, USE DNSFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-VERTEX3 ATA Device +++++
--- User ---
[MBR] 2e1e8e3b57c28408925e70e426ca5fc4
[BSP] 2199ba5a796029b0a4b50f27562bcf94 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST1500DL003-9VT16L ATA Device +++++
--- User ---
[MBR] 3cc1df2336373ab2790dd55417dbaa70
[BSP] ec85f2a3d418a084ac39ca131f06a164 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_03142013_02d1137.txt >>
RKreport[1]_S_03132013_02d2302.txt ; RKreport[2]_S_03142013_02d1135.txt ; RKreport[3]_D_03142013_02d1137.txt



RogueKiller V8.5.3 _x64_ [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : 314 [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/14/2013 11:37:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 7 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 309 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 49 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[Z:] \Device\LanmanRedirector\;Z:000000000002f217\bryan-icore5\h -- 0x4 --> Skipped

Finished : << RKreport[4]_SC_03142013_02d1137.txt >>
RKreport[1]_S_03132013_02d2302.txt ; RKreport[2]_S_03142013_02d1135.txt ; RKreport[3]_D_03142013_02d1137.txt ; RKreport[4]_SC_03142013_02d1137.txt




# AdwCleaner v2.114 - Logfile created 03/14/2013 at 11:38:52
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : 314 - 314-PC
# Boot Mode : Normal
# Running from : C:\Users\314\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Babylon
File Deleted : C:\Users\Public\Desktop\Babylon.lnk
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\Users\314\AppData\Local\Babylon
Folder Deleted : C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\314\AppData\Local\Temp\Babylon
Folder Deleted : C:\Users\314\AppData\Roaming\Babylon
Folder Deleted : C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A89A7E3-6ADD-4EF9-8EE7-A3C3B7D83BB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^xdm038^YY^ca&ptb=7B9D17A4-E932-49CB-AD8C-683A1CF61BDD&si=EL_UTAUS_24 --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.172

File : C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.27] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.30] : keyword = "babylon.com",
Deleted [l.33] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=88888&babsrc=SP_def&mntrId=301[...]
Deleted [l.1802] : homepage = "hxxp://search.babylon.com/home?affID=88888",
Deleted [l.2327] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/home?affID=88888" ]

*************************

AdwCleaner[R1].txt - [13311 octets] - [13/03/2013 23:04:55]
AdwCleaner[S1].txt - [13465 octets] - [14/03/2013 11:38:52]

########## EOF - C:\AdwCleaner[S1].txt - [13526 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Professional x64
Ran by 314 on Thu 03/14/2013 at 11:42:36.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\utility chest search scope monitor
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\utilitychest_49 browser plugin loader
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{cf67755f-9265-449c-87cf-b945519e073b}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cf67755f-9265-449c-87cf-b945519e073b}



~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\DriverScanner.job"
Successfully deleted: [File] "C:\Windows\tasks\driverupdate startup.job"
Successfully deleted: [File] "C:\Users\314\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\314\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\314\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Users\314\appdata\local\utilitychest_49"
Successfully deleted: [Folder] "C:\Users\314\appdata\locallow\utilitychest_49"
Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"
Successfully deleted: [Folder] "C:\Program Files (x86)\speedypc software"
Successfully deleted: [Folder] "C:\Program Files (x86)\utilitychest_49"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"
Successfully deleted: [Folder] "C:\Users\314\AppData\Roaming\microsoft\windows\start menu\programs\speedypc software"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\314\appdata\local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/14/2013 at 11:48:49.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 3/14/2013 11:54:35 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\314\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.53% Memory free
15.89 Gb Paging File | 13.60 Gb Available in Paging File | 85.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 37.97 Gb Free Space | 34.00% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1322.79 Gb Free Space | 94.67% Space Free | Partition Type: NTFS
Drive Z: | 1863.01 Gb Total Space | 741.98 Gb Free Space | 39.83% Space Free | Partition Type: NTFS

Computer Name: 314-PC | User Name: 314 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/13 18:19:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\314\Desktop\OTL.exe
PRC - [2013/02/25 08:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/11 17:51:40 | 003,696,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/02/08 14:15:36 | 029,387,072 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2013/01/24 14:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/01/18 15:25:34 | 000,030,032 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe
PRC - [2013/01/18 15:25:32 | 000,057,152 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\MaxiDisk\maxidisk.exe
PRC - [2013/01/18 15:25:32 | 000,026,448 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\MaxiDisk\mdmonitor.exe
PRC - [2013/01/16 14:47:30 | 000,026,456 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2013/01/08 11:27:24 | 000,026,600 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/13 15:44:34 | 001,502,376 | R--- | M] (eAcceleration Corp) -- C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe
PRC - [2012/10/18 17:57:13 | 000,115,784 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_svc.exe
PRC - [2012/10/18 17:30:16 | 000,264,152 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe
PRC - [2012/08/23 02:09:34 | 000,403,328 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/23 02:08:50 | 006,010,264 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/08/18 22:18:30 | 007,017,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/08/16 17:45:17 | 000,464,856 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Station\station_bk.exe
PRC - [2012/08/15 18:12:45 | 000,146,584 | ---- | M] (eAcceleration) -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
PRC - [2012/07/24 16:13:58 | 000,941,440 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012/01/11 14:48:16 | 000,148,024 | ---- | M] () -- C:\Program Files (x86)\TuneUp360\CareMon.exe
PRC - [2010/11/20 21:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/10/05 23:03:32 | 002,590,032 | ---- | M] (PC TuneUp Labs) -- C:\Program Files (x86)\PC HealthPack\PCHealthPack.exe
PRC - [2009/12/10 16:53:12 | 001,219,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe
PRC - [2009/12/10 16:53:10 | 000,697,104 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
PRC - [2006/10/23 02:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2003/04/01 20:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/14 11:50:37 | 001,169,408 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._core_.pyd
MOD - [2013/03/14 11:50:37 | 001,056,256 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._controls_.pyd
MOD - [2013/03/14 11:50:37 | 001,024,616 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\windows._cacheinvalidation.pyd
MOD - [2013/03/14 11:50:37 | 000,807,424 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._windows_.pyd
MOD - [2013/03/14 11:50:37 | 000,792,576 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._gdi_.pyd
MOD - [2013/03/14 11:50:37 | 000,731,136 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._misc_.pyd
MOD - [2013/03/14 11:50:37 | 000,645,120 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_ssl.pyd
MOD - [2013/03/14 11:50:37 | 000,585,728 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\unicodedata.pyd
MOD - [2013/03/14 11:50:37 | 000,571,392 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\pysqlite2._sqlite.pyd
MOD - [2013/03/14 11:50:37 | 000,354,304 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\pythoncom26.dll
MOD - [2013/03/14 11:50:37 | 000,311,808 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_hashlib.pyd
MOD - [2013/03/14 11:50:37 | 000,263,168 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32com.shell.shell.pyd
MOD - [2013/03/14 11:50:37 | 000,153,088 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\pyexpat.pyd
MOD - [2013/03/14 11:50:37 | 000,121,856 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._wizard.pyd
MOD - [2013/03/14 11:50:37 | 000,111,104 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32file.pyd
MOD - [2013/03/14 11:50:37 | 000,110,592 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32security.pyd
MOD - [2013/03/14 11:50:37 | 000,110,592 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\PyWinTypes26.dll
MOD - [2013/03/14 11:50:37 | 000,096,256 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32api.pyd
MOD - [2013/03/14 11:50:37 | 000,086,016 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_elementtree.pyd
MOD - [2013/03/14 11:50:37 | 000,073,728 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_ctypes.pyd
MOD - [2013/03/14 11:50:37 | 000,070,656 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._html2.pyd
MOD - [2013/03/14 11:50:37 | 000,040,448 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_socket.pyd
MOD - [2013/03/14 11:50:37 | 000,039,424 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32inet.pyd
MOD - [2013/03/14 11:50:37 | 000,036,352 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32process.pyd
MOD - [2013/03/14 11:50:37 | 000,023,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32ts.pyd
MOD - [2013/03/14 11:50:37 | 000,022,528 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32pdh.pyd
MOD - [2013/03/14 11:50:37 | 000,017,920 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32profile.pyd
MOD - [2013/03/14 11:50:37 | 000,017,920 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32event.pyd
MOD - [2013/03/14 11:50:37 | 000,011,776 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32crypt.pyd
MOD - [2013/03/14 11:50:37 | 000,011,776 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\select.pyd
MOD - [2013/01/18 15:25:30 | 000,138,048 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\locale\en\en.dll
MOD - [2013/01/18 15:25:22 | 000,114,496 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\InstallerExtensions.dll
MOD - [2013/01/18 15:25:22 | 000,020,288 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\cwebpage.dll
MOD - [2012/08/23 01:32:28 | 001,525,120 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2009/02/12 15:26:20 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\madbasic_.bpl
MOD - [2009/02/12 15:26:20 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\maddisAsm_.bpl
MOD - [2003/04/01 20:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/01 16:09:38 | 012,907,520 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe -- (MySQL56)
SRV:64bit: - [2013/01/31 14:42:06 | 000,302,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV:64bit: - [2011/04/20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/11 17:51:40 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/01/24 14:07:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/18 15:25:34 | 000,030,032 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe -- (Uniblue.MaxiDiskSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/18 17:30:16 | 000,264,152 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
SRV - [2012/10/18 17:30:09 | 000,235,480 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_notifysvc.dll -- (eac_notifysvc)
SRV - [2012/08/23 02:11:48 | 001,126,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/08/22 20:54:44 | 000,182,224 | R--- | M] (eAcceleration Corp) [On_Demand | Stopped] -- C:\Program Files (x86)\StopSign\ThreatScanner\engines\vipre\viprecomsvc.exe -- (viprecomsvc)
SRV - [2012/08/18 22:18:30 | 007,017,888 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/08/15 18:12:45 | 000,146,584 | ---- | M] (eAcceleration) [Auto | Running] -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe -- (StopSign Update Manager)
SRV - [2012/01/11 14:48:16 | 000,148,024 | ---- | M] () [Auto | Start_Pending] -- C:\Program Files (x86)\TuneUp360\CareMon.exe -- (CareMon)
SRV - [2011/08/15 17:17:10 | 000,202,264 | R--- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\Acceleration Software\Anti-Virus\sstsmonsvc.dll -- (sstsmonsvc)
SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 21:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 16:53:10 | 000,697,104 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe -- (ASRservice)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/14 11:50:42 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/02/11 17:51:40 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/02/11 17:51:39 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/02/11 17:51:39 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/02/11 17:51:38 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/02/11 17:51:38 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/02/11 17:51:36 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/02/11 17:51:36 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/02/08 01:21:19 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/02/01 00:47:52 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/12/19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/02/23 20:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/24 16:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [1999/12/31 18:00:00 | 000,553,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...&ocid=iehp&tc=3
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 E3 CD 57 41 03 CE 01 [binary data]
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\URLSearchHook: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - No CLSID value found
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\314\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\314\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\314\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_49.com: C:\Program Files (x86)\UtilityChest_49\bar\1.bin

[2013/03/13 17:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: DealPly Shopping = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\314\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Advanced Spyware Remover] C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe (IObit)
O4 - HKLM..\Run: [SoftwareStation] C:\Program Files (x86)\eAcceleration\Station\station.exe (eAcceleration Corp)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [webscan] C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe (eAcceleration Corp)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3361998210-192212384-1650811137-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: NameServer = 74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fb9f039e-680a-11e2-810d-c860000957c1}\Shell\Option1\Command - "" = G:\HBCD\HBCDMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/14 11:42:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/14 11:42:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/14 11:27:02 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\314\Desktop\JRT.exe
[2013/03/14 01:01:30 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\QuickScan
[2013/03/14 00:59:45 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\IAC
[2013/03/13 22:58:18 | 000,000,000 | ---D | C] -- C:\Users\314\Desktop\RK_Quarantine
[2013/03/13 22:55:16 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\314\Desktop\aswMBR.exe
[2013/03/13 22:54:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\314\Desktop\OTL.exe
[2013/03/13 17:30:41 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\eAcceleration
[2013/03/13 17:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acceleration Software
[2013/03/13 17:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eAcceleration
[2013/03/13 17:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eAcceleration
[2013/03/13 17:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eAcceleration
[2013/03/13 17:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eAcceleration
[2013/03/13 17:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StopSign
[2013/03/13 17:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseFixer
[2013/03/13 17:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\WiseFixer
[2013/03/13 17:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2013/03/13 17:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2013/03/13 17:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013/03/13 17:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/03/13 17:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Spyware Remover
[2013/03/13 17:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/03/13 17:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/03/13 17:06:58 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Uniblue
[2013/03/13 17:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/03/13 17:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/13 16:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
[2013/03/13 16:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/13 16:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/13 16:53:40 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\spotmau
[2013/03/13 16:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp360
[2013/03/13 16:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp360
[2013/03/13 16:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp360
[2013/03/13 16:49:59 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\PC HealthPack
[2013/03/13 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\ParetoLogic
[2013/03/13 16:49:23 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013/03/13 16:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2013/03/13 16:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/03/13 16:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2013/03/13 16:48:55 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC HealthPack
[2013/03/13 16:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC HealthPack
[2013/03/13 16:45:42 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\MyTurboPC.com
[2013/03/13 16:45:40 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
[2013/03/13 16:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2013/03/13 16:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTurboPC.com
[2013/03/13 16:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MyTurboPC.com
[2013/03/13 16:43:37 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\PC VITALWARE
[2013/03/13 16:43:35 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC VITALWARE
[2013/03/13 16:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC VITALWARE
[2013/03/13 16:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC VITALWARE
[2013/03/13 16:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC VITALWARE
[2013/03/13 16:40:24 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\PC Utility Kit
[2013/03/13 16:40:22 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit
[2013/03/13 16:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
[2013/03/13 16:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Utility Kit
[2013/03/13 16:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Utility Kit
[2013/03/13 16:11:36 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 16:11:36 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/13 16:11:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/03/13 16:11:35 | 000,000,000 | ---D | C] -- E:\Documents\Flash Player Pro
[2013/03/13 16:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/03/13 16:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/03/13 15:33:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/13 15:33:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/13 15:33:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/13 15:33:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/13 15:33:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/13 15:33:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/13 15:33:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/13 15:33:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/13 15:33:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 15:33:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/13 15:33:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/13 15:33:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/13 15:33:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/13 15:33:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/13 15:33:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/13 15:32:47 | 000,000,000 | ---D | C] -- C:\AMD
[2013/03/13 15:28:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/03/13 15:28:14 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013/03/13 15:28:14 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013/03/13 15:28:14 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013/03/13 15:28:14 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/03/13 15:28:14 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/03/13 15:28:14 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/03/13 15:28:14 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/03/13 15:28:14 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013/03/13 15:28:14 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013/03/13 15:28:13 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013/03/13 15:28:13 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013/03/13 15:28:13 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013/03/13 15:28:13 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013/03/13 15:28:13 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013/03/13 15:28:13 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013/03/13 15:28:13 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013/03/13 15:28:13 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013/03/13 15:28:13 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013/03/13 15:28:13 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013/03/13 15:28:13 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013/03/13 15:28:13 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/03/13 15:28:13 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013/03/13 15:28:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/03/13 15:28:13 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/03/13 15:28:13 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013/03/13 15:28:13 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013/03/13 15:28:13 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/03/13 15:28:13 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013/03/13 15:28:13 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013/03/13 15:28:13 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013/03/13 15:28:13 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013/03/13 15:28:13 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/03/13 15:28:13 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013/03/13 15:28:13 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013/03/13 15:28:13 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/03/13 15:28:13 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013/03/13 15:28:13 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013/03/13 15:28:13 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013/03/13 15:28:12 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/03/13 15:28:12 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013/03/13 15:28:12 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013/03/13 15:28:12 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013/03/13 15:28:12 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013/03/13 15:28:12 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013/03/13 15:28:12 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013/03/13 15:28:12 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013/03/13 15:28:12 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013/03/13 15:28:12 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013/03/13 15:28:12 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013/03/13 15:28:12 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013/03/13 15:28:12 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013/03/13 15:28:12 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013/03/13 15:28:12 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013/03/13 15:28:12 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013/03/13 15:28:12 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/03/13 15:28:12 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013/03/13 15:28:12 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013/03/13 15:28:12 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013/03/13 15:28:11 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013/03/13 15:28:11 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013/03/13 15:28:11 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013/03/13 14:52:16 | 000,553,576 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/03/13 14:41:37 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Local\SlimWare Utilities Inc
[2013/03/13 14:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/03/13 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/03/13 14:41:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/03/11 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/03/11 14:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/03/11 14:30:21 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013/03/11 14:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp
[2013/03/11 14:11:11 | 000,000,000 | ---D | C] -- C:\Users\314\Desktop\6642_PG347_VISTA
[2013/03/10 03:24:50 | 000,000,000 | --SD | C] -- C:\Users\314\Google Drive
[2013/03/10 03:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/03/09 23:07:10 | 005,037,356 | ---- | C] (Swearware) -- C:\Users\314\Desktop\ComboFix.exe
[2013/03/09 22:56:36 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Mozilla
[2013/02/24 23:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
[2013/02/24 23:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames Interactive
[2013/02/24 23:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/02/19 01:52:39 | 000,000,000 | ---D | C] -- C:\Users\314\VirtualBox VMs
[2013/02/19 01:52:03 | 000,000,000 | ---D | C] -- C:\Users\314\.VirtualBox
[2013/02/19 01:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013/02/19 01:51:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/02/19 01:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013/02/17 00:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2013/02/17 00:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/02/17 00:14:02 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
[2013/02/17 00:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013/02/17 00:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013/02/17 00:13:42 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2013/02/17 00:00:53 | 000,000,000 | ---D | C] -- E:\Documents\StarCraft II
[2013/02/17 00:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2013/02/17 00:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/02/17 00:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/02/16 20:40:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\1
[2013/02/13 23:25:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/02/13 23:25:54 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/02/13 23:25:54 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/02/13 23:25:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/02/13 23:25:54 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/02/13 23:25:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/02/13 23:25:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/02/13 23:25:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/02/13 23:25:54 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/02/13 23:25:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/02/13 23:25:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/02/13 23:25:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/02/13 15:08:50 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 15:08:50 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 15:08:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 15:07:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 15:07:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 15:07:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 15:07:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 15:07:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 15:07:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 15:07:00 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/13 03:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHP
[2013/02/13 03:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2013/02/13 03:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2013/02/13 03:31:17 | 000,000,000 | ---D | C] -- C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2013/02/13 03:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySQL
[2013/02/13 03:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2013/02/13 03:30:04 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/02/13 03:30:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/02/13 03:30:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/02/13 03:28:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/02/13 03:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHP 5

========== Files - Modified Within 30 Days ==========

[2013/03/14 11:56:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000UA.job
[2013/03/14 11:55:25 | 000,762,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/14 11:55:25 | 000,652,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/14 11:55:25 | 000,113,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/14 11:52:17 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013/03/14 11:51:58 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/03/14 11:50:42 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/03/14 11:50:41 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/14 11:50:41 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\TuneUp360 Reminder.job
[2013/03/14 11:50:40 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/14 11:50:40 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/14 11:50:40 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\PC HealthPack Startup.job
[2013/03/14 11:50:40 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013/03/14 11:50:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013/03/14 11:50:40 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\mdmonitor.job
[2013/03/14 11:50:40 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\MaxiDisk.job
[2013/03/14 11:50:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/14 11:50:26 | 2105,360,383 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/14 11:48:11 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/14 11:48:11 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/14 11:39:03 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/03/14 11:33:31 | 000,971,664 | ---- | M] () -- C:\Users\314\Desktop\instructions.xps
[2013/03/14 11:27:09 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\314\Desktop\JRT.exe
[2013/03/14 11:09:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/14 10:56:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000Core.job
[2013/03/14 04:03:01 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job
[2013/03/14 02:53:42 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job
[2013/03/14 01:43:02 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.job
[2013/03/14 01:07:00 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/03/14 00:05:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/03/13 22:59:28 | 000,597,667 | ---- | M] () -- C:\Users\314\Desktop\adwcleaner.exe
[2013/03/13 22:57:58 | 000,000,512 | ---- | M] () -- C:\Users\314\Desktop\MBR.dat
[2013/03/13 22:56:39 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\314\Desktop\aswMBR.exe
[2013/03/13 22:56:31 | 000,790,016 | ---- | M] () -- C:\Users\314\Desktop\RogueKillerX64.exe
[2013/03/13 18:19:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\314\Desktop\OTL.exe
[2013/03/13 18:13:13 | 000,000,004 | ---- | M] () -- C:\Users\314\AppData\Roaming\skype.ini
[2013/03/13 18:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/03/13 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job
[2013/03/13 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2013/03/13 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\PC VITALWARE Registration3.job
[2013/03/13 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/03/13 17:30:41 | 000,001,997 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\StopSign Software Station.lnk
[2013/03/13 17:30:35 | 000,002,027 | ---- | M] () -- C:\Users\314\Desktop\Scan Now for Viruses and Threats.lnk
[2013/03/13 17:29:52 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\WiseFixer.lnk
[2013/03/13 17:25:16 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/03/13 17:18:45 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2013/03/13 17:18:45 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\PC HealthPack Scheduled Scan.job
[2013/03/13 17:18:45 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\PC VITALWARE Update3.job
[2013/03/13 17:18:45 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/03/13 17:18:45 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2013/03/13 17:18:45 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\PC MRI.job
[2013/03/13 17:17:02 | 000,001,213 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/03/13 17:17:02 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/03/13 17:16:43 | 000,001,153 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\MaxiDisk.lnk
[2013/03/13 17:16:43 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\MaxiDisk.lnk
[2013/03/13 17:15:43 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Advanced Spyware Remover.lnk
[2013/03/13 17:06:59 | 000,001,174 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/03/13 17:06:59 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2013/03/13 16:54:24 | 000,001,201 | ---- | M] () -- C:\Users\314\Desktop\SpeedyPC Pro.lnk
[2013/03/13 16:54:20 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2013/03/13 16:53:35 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp360.lnk
[2013/03/13 16:49:23 | 000,001,190 | ---- | M] () -- C:\Users\314\Desktop\RegCure Pro.lnk
[2013/03/13 16:48:55 | 000,001,086 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\PC HealthPack.lnk
[2013/03/13 16:48:55 | 000,001,062 | ---- | M] () -- C:\Users\314\Desktop\PC HealthPack.lnk
[2013/03/13 16:45:40 | 000,001,160 | ---- | M] () -- C:\Users\314\Desktop\MyTurboPC.lnk
[2013/03/13 16:43:35 | 000,001,131 | ---- | M] () -- C:\Users\314\Desktop\PC MRI.lnk
[2013/03/13 16:40:22 | 000,001,242 | ---- | M] () -- C:\Users\314\Desktop\PC Utility Kit.lnk
[2013/03/13 16:11:36 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 16:11:36 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/13 16:11:35 | 000,001,103 | ---- | M] () -- C:\Users\314\Desktop\Flash Player Pro.lnk
[2013/03/13 15:00:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/13 14:41:35 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/03/12 15:11:32 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/10 03:24:50 | 000,001,691 | ---- | M] () -- C:\Users\314\Desktop\Google Drive.lnk
[2013/03/10 01:44:05 | 000,270,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/09 23:07:13 | 005,037,356 | ---- | M] (Swearware) -- C:\Users\314\Desktop\ComboFix.exe
[2013/02/24 23:30:34 | 000,002,267 | ---- | M] () -- C:\Users\Public\Desktop\Play Civilization III.lnk
[2013/02/24 23:29:44 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat
[2013/02/19 01:51:53 | 000,001,100 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2013/02/19 01:51:53 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013/02/17 00:18:48 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013/02/17 00:14:08 | 000,000,994 | ---- | M] () -- C:\Windows\winamp.ini
[2013/02/17 00:14:02 | 000,001,813 | ---- | M] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\WINAMP.LNK
[2013/02/17 00:14:02 | 000,001,789 | ---- | M] () -- C:\Users\314\Desktop\WINAMP.LNK

========== Files Created - No Company Name ==========

[2013/03/14 11:38:57 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/03/14 11:33:30 | 000,971,664 | ---- | C] () -- C:\Users\314\Desktop\instructions.xps
[2013/03/13 22:59:24 | 000,597,667 | ---- | C] () -- C:\Users\314\Desktop\adwcleaner.exe
[2013/03/13 22:57:58 | 000,000,512 | ---- | C] () -- C:\Users\314\Desktop\MBR.dat
[2013/03/13 22:56:42 | 000,790,016 | ---- | C] () -- C:\Users\314\Desktop\RogueKillerX64.exe
[2013/03/13 18:11:13 | 000,000,004 | ---- | C] () -- C:\Users\314\AppData\Roaming\skype.ini
[2013/03/13 17:30:41 | 000,001,997 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\StopSign Software Station.lnk
[2013/03/13 17:30:35 | 000,002,027 | ---- | C] () -- C:\Users\314\Desktop\Scan Now for Viruses and Threats.lnk
[2013/03/13 17:29:52 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\WiseFixer.lnk
[2013/03/13 17:25:16 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/03/13 17:17:03 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\dsmonitor.job
[2013/03/13 17:17:02 | 000,001,213 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/03/13 17:17:02 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/03/13 17:16:45 | 000,000,256 | ---- | C] () -- C:\Windows\tasks\MaxiDisk.job
[2013/03/13 17:16:44 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\mdmonitor.job
[2013/03/13 17:16:43 | 000,001,153 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\MaxiDisk.lnk
[2013/03/13 17:16:43 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\MaxiDisk.lnk
[2013/03/13 17:15:43 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Advanced Spyware Remover.lnk
[2013/03/13 17:07:00 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\spmonitor.job
[2013/03/13 17:07:00 | 000,000,254 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013/03/13 17:06:59 | 000,001,174 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/03/13 17:06:59 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2013/03/13 16:54:29 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/03/13 16:54:24 | 000,001,201 | ---- | C] () -- C:\Users\314\Desktop\SpeedyPC Pro.lnk
[2013/03/13 16:54:24 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/13 16:54:24 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/03/13 16:54:24 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/03/13 16:54:20 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2013/03/13 16:53:36 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\TuneUp360 Reminder.job
[2013/03/13 16:53:35 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp360.lnk
[2013/03/13 16:49:26 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/03/13 16:49:23 | 000,001,190 | ---- | C] () -- C:\Users\314\Desktop\RegCure Pro.lnk
[2013/03/13 16:49:23 | 000,000,490 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/13 16:49:23 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/03/13 16:49:23 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2013/03/13 16:48:56 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\PC HealthPack Scheduled Scan.job
[2013/03/13 16:48:56 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\PC HealthPack Startup.job
[2013/03/13 16:48:55 | 000,001,086 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\PC HealthPack.lnk
[2013/03/13 16:48:55 | 000,001,062 | ---- | C] () -- C:\Users\314\Desktop\PC HealthPack.lnk
[2013/03/13 16:45:43 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2013/03/13 16:45:40 | 000,001,160 | ---- | C] () -- C:\Users\314\Desktop\MyTurboPC.lnk
[2013/03/13 16:45:40 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2013/03/13 16:45:40 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.job
[2013/03/13 16:43:38 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\PC VITALWARE Registration3.job
[2013/03/13 16:43:35 | 000,001,131 | ---- | C] () -- C:\Users\314\Desktop\PC MRI.lnk
[2013/03/13 16:43:35 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\PC VITALWARE Update3.job
[2013/03/13 16:43:35 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\PC MRI.job
[2013/03/13 16:40:25 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Registration3.job
[2013/03/13 16:40:22 | 000,001,242 | ---- | C] () -- C:\Users\314\Desktop\PC Utility Kit.lnk
[2013/03/13 16:40:22 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Update3.job
[2013/03/13 16:40:22 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit.job
[2013/03/13 16:11:35 | 000,001,103 | ---- | C] () -- C:\Users\314\Desktop\Flash Player Pro.lnk
[2013/03/13 15:28:13 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/03/13 14:52:16 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013/03/13 14:41:39 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/03/13 14:41:37 | 000,016,152 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/03/13 14:41:35 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2013/03/10 03:24:50 | 000,001,691 | ---- | C] () -- C:\Users\314\Desktop\Google Drive.lnk
[2013/02/24 23:30:34 | 000,002,267 | ---- | C] () -- C:\Users\Public\Desktop\Play Civilization III.lnk
[2013/02/24 23:29:44 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/02/19 01:51:53 | 000,001,100 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2013/02/19 01:51:53 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013/02/17 00:14:02 | 000,001,813 | ---- | C] () -- C:\Users\314\Application Data\Microsoft\Internet Explorer\Quick Launch\WINAMP.LNK
[2013/02/17 00:14:02 | 000,001,789 | ---- | C] () -- C:\Users\314\Desktop\WINAMP.LNK
[2013/02/17 00:13:45 | 000,000,994 | ---- | C] () -- C:\Windows\winamp.ini
[2013/02/17 00:00:53 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/12/31 04:15:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/12/30 13:11:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/12/30 13:11:16 | 000,018,832 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/11 17:52:02 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Acronis
[2013/03/13 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\eAcceleration
[2013/01/10 03:29:51 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\FileZilla
[2013/01/10 03:14:32 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Foxit Software
[2013/01/30 13:53:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Hard Disk Sentinel
[2013/02/01 00:45:50 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\MotioninJoy
[2013/03/13 16:45:42 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\MyTurboPC.com
[2013/03/13 16:49:25 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\ParetoLogic
[2013/03/13 16:40:24 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\PC Utility Kit
[2013/03/13 16:43:37 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\PC VITALWARE
[2013/03/14 01:01:33 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\QuickScan
[2013/03/13 16:53:40 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\spotmau
[2013/03/13 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\Uniblue
[2013/02/19 02:05:27 | 000,000,000 | ---D | M] -- C:\Users\314\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 21:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES._ >
[2004/08/04 05:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\PXE\tftpboot\winxp\I386\SERVICES._
[2004/08/04 05:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\PXE\tools\WinLite\I386\SERVICES._

< MD5 for: SERVICES.DAT >
[2013/02/12 15:45:04 | 000,001,529 | ---- | M] () MD5=E8685F466FABD90B42D32D7898417207 -- C:\JRT\services.dat

< MD5 for: SERVICES.EX_ >
[2010/06/29 21:15:18 | 000,049,921 | ---- | M] () MD5=274EC8A3577CDE46B082E1A3464C1140 -- C:\PXE\tftpboot\winxp\I386\SERVICES.EX_
[2010/06/29 21:15:18 | 000,049,921 | ---- | M] () MD5=274EC8A3577CDE46B082E1A3464C1140 -- C:\PXE\tools\WinLite\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 02:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 02:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.H >
[2013/02/01 15:52:54 | 000,001,124 | ---- | M] () MD5=18812E802F1B1A25B3631950BBF1ADC2 -- C:\Program Files\MySQL\MySQL Server 5.6\include\mysql\services.h

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MS_ >
[2004/08/04 05:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\PXE\tftpboot\winxp\I386\SERVICES.MS_
[2004/08/04 05:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\PXE\tools\WinLite\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2011/04/12 02:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 02:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 02:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 02:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9638A27E

< End of report >
  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

That round killed a bunch more crap. Let's get rid of those programs you listed above.
Who is your internet service with?


Step-1.

Uninstall Programs

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

RegHunter
WiseFixer 4.0
PC Utility Kit
MaxiDisk
SpeedyPC Pro
PC MRI
MyTurboPC
TuneUp360 (Version 7.0.1)
DriverScanner
RegCure Pro
SpeedUpMyPC
DriverUpdate
Advanced Spyware Remover
Babylon
Babylon toolbar
DealPly (remove only)
StopSign Internet Security
Flash Player Pro V5.4
PC HealthPack
Utility Chest Toolbar
WinToFlash Suggestor


3. (Vista/7 users: Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:SERVICES
Uniblue.MaxiDiskSvc
eac_productsvc
eac_notifysvc
StopSign Update Manager
sstsmonsvc
ASRservice

:OTL
PRC - [2013/01/18 15:25:34 | 000,030,032 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe
PRC - [2013/01/18 15:25:32 | 000,057,152 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\MaxiDisk\maxidisk.exe
PRC - [2013/01/18 15:25:32 | 000,026,448 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\MaxiDisk\mdmonitor.exe
PRC - [2013/01/16 14:47:30 | 000,026,456 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2013/01/08 11:27:24 | 000,026,600 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012/11/13 15:44:34 | 001,502,376 | R--- | M] (eAcceleration Corp) -- C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe
PRC - [2012/10/18 17:57:13 | 000,115,784 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_svc.exe
PRC - [2012/10/18 17:30:16 | 000,264,152 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe
PRC - [2012/08/16 17:45:17 | 000,464,856 | ---- | M] (eAcceleration Corp) -- C:\Program Files (x86)\eAcceleration\Station\station_bk.exe
PRC - [2012/08/15 18:12:45 | 000,146,584 | ---- | M] (eAcceleration) -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
PRC - [2012/01/11 14:48:16 | 000,148,024 | ---- | M] () -- C:\Program Files (x86)\TuneUp360\CareMon.exe
PRC - [2009/12/10 16:53:12 | 001,219,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe
PRC - [2009/12/10 16:53:10 | 000,697,104 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
MOD - [2013/03/14 11:50:37 | 001,169,408 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._core_.pyd
MOD - [2013/03/14 11:50:37 | 001,056,256 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._controls_.pyd
MOD - [2013/03/14 11:50:37 | 001,024,616 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\windows._cacheinvalidation.pyd
MOD - [2013/03/14 11:50:37 | 000,807,424 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._windows_.pyd
MOD - [2013/03/14 11:50:37 | 000,792,576 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._gdi_.pyd
MOD - [2013/03/14 11:50:37 | 000,731,136 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._misc_.pyd
MOD - [2013/03/14 11:50:37 | 000,645,120 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_ssl.pyd
MOD - [2013/03/14 11:50:37 | 000,585,728 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\unicodedata.pyd
MOD - [2013/03/14 11:50:37 | 000,571,392 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\pysqlite2._sqlite.pyd
MOD - [2013/03/14 11:50:37 | 000,354,304 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\pythoncom26.dll
MOD - [2013/03/14 11:50:37 | 000,311,808 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_hashlib.pyd
MOD - [2013/03/14 11:50:37 | 000,263,168 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32com.shell.shell.pyd
MOD - [2013/03/14 11:50:37 | 000,153,088 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\pyexpat.pyd
MOD - [2013/03/14 11:50:37 | 000,121,856 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._wizard.pyd
MOD - [2013/03/14 11:50:37 | 000,111,104 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32file.pyd
MOD - [2013/03/14 11:50:37 | 000,110,592 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32security.pyd
MOD - [2013/03/14 11:50:37 | 000,110,592 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\PyWinTypes26.dll
MOD - [2013/03/14 11:50:37 | 000,096,256 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32api.pyd
MOD - [2013/03/14 11:50:37 | 000,086,016 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_elementtree.pyd
MOD - [2013/03/14 11:50:37 | 000,073,728 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_ctypes.pyd
MOD - [2013/03/14 11:50:37 | 000,070,656 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\wx._html2.pyd
MOD - [2013/03/14 11:50:37 | 000,040,448 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\_socket.pyd
MOD - [2013/03/14 11:50:37 | 000,039,424 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32inet.pyd
MOD - [2013/03/14 11:50:37 | 000,036,352 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32process.pyd
MOD - [2013/03/14 11:50:37 | 000,023,040 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32ts.pyd
MOD - [2013/03/14 11:50:37 | 000,022,528 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32pdh.pyd
MOD - [2013/03/14 11:50:37 | 000,017,920 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32profile.pyd
MOD - [2013/03/14 11:50:37 | 000,017,920 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32event.pyd
MOD - [2013/03/14 11:50:37 | 000,011,776 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\win32crypt.pyd
MOD - [2013/03/14 11:50:37 | 000,011,776 | ---- | M] () -- C:\Users\314\AppData\Local\Temp\_MEI33322\select.pyd
MOD - [2013/01/18 15:25:30 | 000,138,048 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\locale\en\en.dll
MOD - [2013/01/18 15:25:22 | 000,114,496 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\InstallerExtensions.dll
MOD - [2013/01/18 15:25:22 | 000,020,288 | ---- | M] () -- C:\Program Files (x86)\Uniblue\MaxiDisk\cwebpage.dll
MOD - [2009/02/12 15:26:20 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\madbasic_.bpl
MOD - [2009/02/12 15:26:20 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\maddisAsm_.bpl
SRV - [2013/01/18 15:25:34 | 000,030,032 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe -- (Uniblue.MaxiDiskSvc)
SRV - [2012/10/18 17:30:16 | 000,264,152 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe -- (eac_productsvc)
SRV - [2012/10/18 17:30:09 | 000,235,480 | ---- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\eAcceleration\Framework\eac_notifysvc.dll -- (eac_notifysvc)
SRV - [2012/08/15 18:12:45 | 000,146,584 | ---- | M] (eAcceleration) [Auto | Running] -- C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe -- (StopSign Update Manager)
SRV - [2011/08/15 17:17:10 | 000,202,264 | R--- | M] (eAcceleration Corp) [Auto | Running] -- C:\Program Files (x86)\Acceleration Software\Anti-Virus\sstsmonsvc.dll -- (sstsmonsvc)
SRV - [2009/12/10 16:53:10 | 000,697,104 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe -- (ASRservice)
IE - HKU\S-1-5-21-3361998210-192212384-1650811137-1000\..\URLSearchHook: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_49.com: C:\Program Files (x86)\UtilityChest_49\bar\1.bin
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O4 - HKLM..\Run: [Advanced Spyware Remover] C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe (IObit)
O4 - HKLM..\Run: [SoftwareStation] C:\Program Files (x86)\eAcceleration\Station\station.exe (eAcceleration Corp)
O4 - HKLM..\Run: [webscan] C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe (eAcceleration Corp)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}: NameServer = 74.207.247.4,216.87.84.211,208.111.40.37,173.234.255.79
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{fb9f039e-680a-11e2-810d-c860000957c1}\Shell\Option1\Command - "" = G:\HBCD\HBCDMenu.exe
[2013/03/14 11:52:17 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013/03/14 11:50:41 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\TuneUp360 Reminder.job
[2013/03/14 11:50:40 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/14 11:50:40 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/14 11:50:40 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\PC HealthPack Startup.job
[2013/03/14 11:50:40 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013/03/14 11:50:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013/03/14 11:50:40 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\mdmonitor.job
[2013/03/14 11:50:40 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\MaxiDisk.job
[2013/03/14 04:03:01 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job
[2013/03/14 02:53:42 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job
[2013/03/14 01:43:02 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.job
[2013/03/14 01:07:00 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/03/14 00:05:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/03/13 18:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/03/13 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job
[2013/03/13 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2013/03/13 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\PC VITALWARE Registration3.job
[2013/03/13 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/03/13 17:29:52 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\WiseFixer.lnk
[2013/03/13 17:25:16 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/03/13 17:18:45 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2013/03/13 17:18:45 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\PC HealthPack Scheduled Scan.job
[2013/03/13 17:18:45 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\PC VITALWARE Update3.job
[2013/03/13 17:18:45 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2013/03/13 17:18:45 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2013/03/13 17:18:45 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\PC MRI.job
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9638A27E

:FILES
ipconfig /flushdns /c
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eAcceleration
C:\Program Files (x86)\Common Files\eAcceleration
C:\Program Files (x86)\Acceleration Software
C:\Users\314\AppData\Roaming\eAcceleration
C:\Program Files (x86)\eAcceleration
C:\ProgramData\eAcceleration
C:\Program Files (x86)\StopSign
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseFixer
C:\Program Files\WiseFixer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
C:\Program Files (x86)\DriverUpdate
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Spyware Remover
C:\Program Files (x86)\IObit
C:\ProgramData\IObit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
C:\Users\314\AppData\Roaming\Uniblue
C:\Program Files (x86)\Uniblue
C:\ProgramData\Uniblue
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
C:\Users\314\AppData\Roaming\spotmau
C:\Program Files (x86)\TuneUp360
C:\ProgramData\TuneUp360
C:\Users\314\AppData\Local\PC HealthPack
C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
C:\Program Files (x86)\Common Files\ParetoLogic
C:\Users\314\AppData\Roaming\ParetoLogic
C:\Program Files (x86)\ParetoLogic
C:\ProgramData\ParetoLogic
C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC HealthPack
C:\Program Files (x86)\PC HealthPack
C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
C:\Program Files (x86)\Common Files\MyTurboPC.com
C:\Users\314\AppData\Roaming\MyTurboPC.com
C:\Program Files (x86)\MyTurboPC.com
C:\ProgramData\MyTurboPC.com
C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC VITALWARE
C:\Program Files (x86)\Common Files\PC VITALWARE
C:\Users\314\AppData\Roaming\PC VITALWARE
C:\Program Files (x86)\PC VITALWARE
C:\ProgramData\PC VITALWARE
C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit
C:\Program Files (x86)\Common Files\PC Utility Kit
C:\Users\314\AppData\Roaming\PC Utility Kit
C:\Program Files (x86)\PC Utility Kit
C:\ProgramData\PC Utility Kit

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question above
2. Let me know how the uninstalls went.
3. The OTL fixes log
4. The ComboFix log
5. How is the system running now?
  • 1

#8
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
1. My internet is with shaw cable or Shaw.ca, at least I found out how i got infected, 8 year old cousin.

2. Most of the uninstalls worked except the utility tool bar gave an error that the dll could not be found. I couldn't find anything with babylon, also I thought that my sidebar was disabled(I don't like it anyway)

3.
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Error: No service named Uniblue.MaxiDiskSvc was found to stop!
Service\Driver key Uniblue.MaxiDiskSvc not found.
Error: No service named eac_productsvc was found to stop!
Service\Driver key eac_productsvc not found.
Error: No service named eac_notifysvc was found to stop!
Service\Driver key eac_notifysvc not found.
Error: No service named StopSign Update Manager was found to stop!
Service\Driver key StopSign Update Manager not found.
Error: No service named sstsmonsvc was found to stop!
Service\Driver key sstsmonsvc not found.
Error: No service named ASRservice was found to stop!
Service\Driver key ASRservice not found.
========== OTL ==========
No active process named service.exe was found!
No active process named maxidisk.exe was found!
No active process named mdmonitor.exe was found!
No active process named dsmonitor.exe was found!
No active process named spmonitor.exe was found!
No active process named stopsignav.exe was found!
No active process named eac_svc.exe was found!
No active process named eac_productsvc.exe was found!
No active process named station_bk.exe was found!
No active process named eacsvc.exe was found!
No active process named CareMon.exe was found!
No active process named ASRtray.exe was found!
No active process named ASRsrv.exe was found!
Error: No service named Uniblue.MaxiDiskSvc was found to stop!
Service\Driver key Uniblue.MaxiDiskSvc not found.
File C:\Program Files (x86)\Uniblue\MaxiDisk\service.exe not found.
Error: No service named eac_productsvc was found to stop!
Service\Driver key eac_productsvc not found.
File C:\Program Files (x86)\eAcceleration\Framework\eac_productsvc.exe not found.
Error: No service named eac_notifysvc was found to stop!
Service\Driver key eac_notifysvc not found.
File C:\Program Files (x86)\eAcceleration\Framework\eac_notifysvc.dll not found.
Error: No service named StopSign Update Manager was found to stop!
Service\Driver key StopSign Update Manager not found.
File C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe not found.
Error: No service named sstsmonsvc was found to stop!
Service\Driver key sstsmonsvc not found.
File C:\Program Files (x86)\Acceleration Software\Anti-Virus\sstsmonsvc.dll not found.
Error: No service named ASRservice was found to stop!
Service\Driver key ASRservice not found.
File C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe not found.
Registry value HKEY_USERS\S-1-5-21-3361998210-192212384-1650811137-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@UtilityChest_49.com/Plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\49ffxt[email protected]_49.com deleted successfully.
File C:\Program Files (x86)\UtilityChest_49\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}\ deleted successfully.
File C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced Spyware Remover not found.
File C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareStation not found.
File C:\Program Files (x86)\eAcceleration\Station\station.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\webscan not found.
File C:\Program Files (x86)\Acceleration Software\Anti-Virus\stopsignav.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F}\ not found.
File C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F}\ not found.
File C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B34334DF-D1B6-4C8D-B6DB-D28E92966C04}\\NameServer| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9f039e-680a-11e2-810d-c860000957c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9f039e-680a-11e2-810d-c860000957c1}\ not found.
File G:\HBCD\HBCDMenu.exe not found.
File C:\Windows\tasks\SpeedUpMyPC.job not found.
File C:\Windows\tasks\TuneUp360 Reminder.job not found.
C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job moved successfully.
File C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job not found.
File C:\Windows\tasks\PC HealthPack Startup.job not found.
File C:\Windows\tasks\dsmonitor.job not found.
File C:\Windows\tasks\spmonitor.job not found.
File C:\Windows\tasks\mdmonitor.job not found.
File C:\Windows\tasks\MaxiDisk.job not found.
File C:\Windows\tasks\PC Utility Kit Update3.job not found.
File C:\Windows\tasks\PC Utility Kit.job not found.
File C:\Windows\tasks\MyTurboPC.job not found.
File C:\Windows\tasks\ParetoLogic Update Version3.job not found.
C:\Windows\Tasks\SpeedyPC Update Version3.job moved successfully.
C:\Windows\Tasks\SpeedyPC Registration3.job moved successfully.
File C:\Windows\tasks\PC Utility Kit Registration3.job not found.
File C:\Windows\tasks\MyTurboPC.com Registration3.job not found.
File C:\Windows\tasks\PC VITALWARE Registration3.job not found.
File C:\Windows\tasks\ParetoLogic Registration3.job not found.
File C:\Users\Public\Desktop\WiseFixer.lnk not found.
File C:\Users\Public\Desktop\DriverUpdate.lnk not found.
File C:\Windows\tasks\MyTurboPC.com Update3.job not found.
File C:\Windows\tasks\PC HealthPack Scheduled Scan.job not found.
File C:\Windows\tasks\PC VITALWARE Update3.job not found.
C:\Windows\Tasks\SpeedyPC Pro.job moved successfully.
File C:\Windows\tasks\RegCure Pro.job not found.
File C:\Windows\tasks\PC MRI.job not found.
ADS C:\ProgramData\TEMP:9638A27E deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\314\Desktop\cmd.bat deleted successfully.
C:\Users\314\Desktop\cmd.txt deleted successfully.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eAcceleration not found.
File\Folder C:\Program Files (x86)\Common Files\eAcceleration not found.
File\Folder C:\Program Files (x86)\Acceleration Software not found.
File\Folder C:\Users\314\AppData\Roaming\eAcceleration not found.
File\Folder C:\Program Files (x86)\eAcceleration not found.
File\Folder C:\ProgramData\eAcceleration not found.
File\Folder C:\Program Files (x86)\StopSign not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseFixer not found.
File\Folder C:\Program Files\WiseFixer not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate not found.
File\Folder C:\Program Files (x86)\DriverUpdate not found.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Spyware Remover not found.
C:\Program Files (x86)\IObit\Advanced Spyware Remover\Quarantine Zone folder moved successfully.
C:\Program Files (x86)\IObit\Advanced Spyware Remover folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
C:\ProgramData\IObit\Advanced Spyware Remover folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue not found.
File\Folder C:\Users\314\AppData\Roaming\Uniblue not found.
C:\Program Files (x86)\Uniblue folder moved successfully.
C:\ProgramData\Uniblue\DriverScanner folder moved successfully.
C:\ProgramData\Uniblue folder moved successfully.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter not found.
C:\Users\314\AppData\Roaming\spotmau\WinCare2010\Startup Baks folder moved successfully.
C:\Users\314\AppData\Roaming\spotmau\WinCare2010 folder moved successfully.
C:\Users\314\AppData\Roaming\spotmau folder moved successfully.
File\Folder C:\Program Files (x86)\TuneUp360 not found.
C:\ProgramData\TuneUp360 folder moved successfully.
File\Folder C:\Users\314\AppData\Local\PC HealthPack not found.
File\Folder C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic not found.
File\Folder C:\Program Files (x86)\Common Files\ParetoLogic not found.
C:\Users\314\AppData\Roaming\ParetoLogic\RegCure Pro folder moved successfully.
C:\Users\314\AppData\Roaming\ParetoLogic folder moved successfully.
File\Folder C:\Program Files (x86)\ParetoLogic not found.
C:\ProgramData\ParetoLogic\RegCure Pro folder moved successfully.
C:\ProgramData\ParetoLogic folder moved successfully.
File\Folder C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC HealthPack not found.
File\Folder C:\Program Files (x86)\PC HealthPack not found.
File\Folder C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com not found.
File\Folder C:\Program Files (x86)\Common Files\MyTurboPC.com not found.
C:\Users\314\AppData\Roaming\MyTurboPC.com\MyTurboPC folder moved successfully.
C:\Users\314\AppData\Roaming\MyTurboPC.com folder moved successfully.
File\Folder C:\Program Files (x86)\MyTurboPC.com not found.
C:\ProgramData\MyTurboPC.com\MyTurboPC folder moved successfully.
C:\ProgramData\MyTurboPC.com folder moved successfully.
File\Folder C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC VITALWARE not found.
File\Folder C:\Program Files (x86)\Common Files\PC VITALWARE not found.
C:\Users\314\AppData\Roaming\PC VITALWARE\PC MRI folder moved successfully.
C:\Users\314\AppData\Roaming\PC VITALWARE folder moved successfully.
File\Folder C:\Program Files (x86)\PC VITALWARE not found.
C:\ProgramData\PC VITALWARE\PC MRI folder moved successfully.
C:\ProgramData\PC VITALWARE folder moved successfully.
File\Folder C:\Users\314\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit not found.
File\Folder C:\Program Files (x86)\Common Files\PC Utility Kit not found.
C:\Users\314\AppData\Roaming\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\Users\314\AppData\Roaming\PC Utility Kit folder moved successfully.
File\Folder C:\Program Files (x86)\PC Utility Kit not found.
C:\ProgramData\PC Utility Kit\PC Utility Kit folder moved successfully.
C:\ProgramData\PC Utility Kit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 314
->Temp folder emptied: 1387005205 bytes
->Temporary Internet Files folder emptied: 329484094 bytes
->Google Chrome cache emptied: 400682232 bytes
->Flash cache emptied: 1764 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 435951 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55354630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36122167 bytes
RecycleBin emptied: 653468463 bytes

Total Files Cleaned = 2,730.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03152013_004413

Files\Folders moved on Reboot...
C:\Users\314\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

4.

ComboFix 13-03-14.02 - 314 03/15/2013 0:49.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8138.6217 [GMT -6:00]
Running from: c:\users\314\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\314\AppData\Local\Temp\_MEI35362\_ctypes.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\_elementtree.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\_hashlib.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\_socket.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\_ssl.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\pyexpat.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\pysqlite2._sqlite.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\python26.dll
c:\users\314\AppData\Local\Temp\_MEI35362\pythoncom26.dll
c:\users\314\AppData\Local\Temp\_MEI35362\PyWinTypes26.dll
c:\users\314\AppData\Local\Temp\_MEI35362\select.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\unicodedata.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32api.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32com.shell.shell.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32crypt.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32event.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32file.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32inet.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32pdh.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32process.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32profile.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32security.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\win32ts.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\windows._cacheinvalidation.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\wx._controls_.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\wx._core_.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\wx._gdi_.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\wx._html2.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\wx._misc_.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\wx._windows_.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\wx._wizard.pyd
c:\users\314\AppData\Local\Temp\_MEI35362\wxbase293u_net_vc.dll
c:\users\314\AppData\Local\Temp\_MEI35362\wxbase293u_vc.dll
c:\users\314\AppData\Local\Temp\_MEI35362\wxmsw293u_adv_vc.dll
c:\users\314\AppData\Local\Temp\_MEI35362\wxmsw293u_core_vc.dll
c:\users\314\AppData\Local\Temp\_MEI35362\wxmsw293u_html_vc.dll
c:\users\314\AppData\Local\Temp\_MEI35362\wxmsw293u_webview_vc.dll
c:\users\314\AppData\Roaming\skype.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-15 to 2013-03-15 )))))))))))))))))))))))))))))))
.
.
2013-03-15 06:44 . 2013-03-15 06:44 -------- d-----w- C:\_OTL
2013-03-14 17:42 . 2013-03-14 17:42 -------- d-----w- c:\windows\ERUNT
2013-03-14 17:42 . 2013-03-14 17:42 -------- d-----w- C:\JRT
2013-03-14 17:38 . 2013-03-14 17:39 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-14 07:01 . 2013-03-14 07:01 -------- d-----w- c:\users\314\AppData\Roaming\QuickScan
2013-03-14 06:59 . 2013-03-14 06:59 -------- d-----w- c:\users\314\AppData\Local\IAC
2013-03-13 22:54 . 2013-03-13 22:54 -------- d-----w- c:\program files\Enigma Software Group
2013-03-13 22:54 . 2013-03-13 22:54 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-13 22:11 . 2013-03-13 22:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 22:11 . 2013-03-13 22:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 22:11 . 2013-03-13 22:11 -------- d-----w- c:\windows\SysWow64\Macromed
2013-03-13 21:32 . 2013-03-13 21:32 -------- d-----w- C:\AMD
2013-03-13 20:52 . 2000-01-01 00:00 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-03-13 20:52 . 2000-01-01 00:00 553576 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-03-13 20:41 . 2013-03-15 06:54 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-03-13 20:41 . 2013-03-13 23:25 -------- d-----w- c:\users\314\AppData\Local\SlimWare Utilities Inc
2013-03-13 20:41 . 2013-03-13 20:41 -------- d-----w- c:\program files (x86)\SlimDrivers
2013-03-12 11:24 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9687615D-EE53-46F2-8253-9C6E0B80513F}\mpengine.dll
2013-03-11 20:30 . 2013-03-11 20:30 -------- d-----w- c:\program files\Realtek
2013-03-11 20:30 . 2013-03-13 20:58 -------- d-----w- c:\program files (x86)\Realtek
2013-03-11 20:30 . 2013-03-13 21:29 -------- d-----w- c:\program files (x86)\Temp
2013-03-11 20:30 . 2000-01-01 00:00 1706640 ----a-w- c:\windows\RtlExUpd.dll
2013-03-10 09:24 . 2013-03-15 06:47 -------- d-s---w- c:\users\314\Google Drive
2013-03-10 07:35 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-10 07:35 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-25 05:27 . 2013-02-25 05:27 -------- d-----w- c:\program files (x86)\Infogrames Interactive
2013-02-25 05:27 . 2013-03-11 20:30 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-02-19 07:52 . 2013-02-19 07:52 -------- d-----w- c:\users\314\VirtualBox VMs
2013-02-19 07:52 . 2013-02-24 03:47 -------- d-----w- c:\users\314\.VirtualBox
2013-02-19 07:51 . 2012-12-19 21:48 237992 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-02-19 07:51 . 2013-02-19 07:51 -------- dc----w- c:\windows\system32\DRVSTORE
2013-02-19 07:51 . 2012-12-19 21:47 120232 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-02-19 07:51 . 2013-02-19 07:51 -------- d-----w- c:\program files\Oracle
2013-02-17 06:15 . 2013-02-17 06:15 -------- d-----w- c:\programdata\Battle.net
2013-02-17 06:13 . 2013-02-17 06:14 -------- d-----w- c:\program files (x86)\Winamp
2013-02-17 06:00 . 2013-02-17 06:27 -------- d-----w- c:\program files (x86)\StarCraft II
2013-02-17 06:00 . 2013-02-17 06:18 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-02-17 06:00 . 2013-02-17 06:18 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-02-14 05:25 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll
2013-02-14 05:25 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
2013-02-14 05:25 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll
2013-02-14 05:25 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll
2013-02-14 05:25 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll
2013-02-14 05:25 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe
2013-02-14 05:25 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2013-02-14 05:25 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2013-02-14 05:25 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2013-02-14 05:25 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2013-02-14 05:25 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2013-02-14 05:25 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2013-02-13 21:08 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 21:08 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:08 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 21:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 21:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 21:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 21:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 21:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 21:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 21:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 21:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 21:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 09:33 . 2013-02-13 09:48 -------- d-----w- c:\program files (x86)\PHP
2013-02-13 09:31 . 2013-02-13 09:31 -------- d-----w- c:\program files\MySQL
2013-02-13 09:31 . 2013-02-13 09:31 -------- d-----w- c:\program files (x86)\MySQL
2013-02-13 09:31 . 2013-02-13 09:31 -------- d-----w- c:\programdata\MySQL
2013-02-13 09:30 . 2013-02-13 09:43 -------- d-----w- c:\users\DefaultAppPool
2013-02-13 09:30 . 2013-02-13 09:30 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-02-13 09:30 . 2013-02-13 09:30 -------- d-----w- c:\windows\system32\BestPractices
2013-02-13 09:30 . 2013-02-13 09:30 -------- d-----w- C:\inetpub
2013-02-13 09:28 . 2013-02-13 09:28 -------- d-----w- c:\windows\system32\appmgmt
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 21:34 . 2013-01-08 06:19 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 16:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 16:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 16:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 16:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 16:50 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 16:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-11 23:51 . 2013-02-11 23:51 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-02-11 23:51 . 2013-02-11 23:51 1340040 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2013-02-11 23:51 . 2013-02-11 23:51 1093256 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2013-02-11 23:51 . 2013-02-11 23:51 228488 ----a-w- c:\windows\system32\drivers\vididr.sys
2013-02-11 23:51 . 2013-02-11 23:51 166024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2013-02-11 23:51 . 2013-02-11 23:51 155272 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-02-11 23:51 . 2013-02-08 07:21 340104 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-02-08 07:21 . 2013-02-08 07:21 971360 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-02-01 06:47 . 2013-02-01 06:45 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2013-01-31 20:42 . 2013-01-31 20:42 13944 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2013-01-31 20:42 . 2013-01-31 20:42 57976 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2013-01-17 08:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 06:23 . 2013-01-08 06:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-01-08 06:23 . 2013-01-08 06:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-01-08 06:23 . 2013-01-08 06:23 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-01-08 06:23 . 2013-01-08 06:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-01-08 06:23 . 2013-01-08 06:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-01-08 06:23 . 2013-01-08 06:23 82432 ----a-w- c:\windows\system32\icardie.dll
2013-01-08 06:23 . 2013-01-08 06:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-08 06:23 . 2013-01-08 06:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-01-08 06:23 . 2013-01-08 06:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-08 06:23 . 2013-01-08 06:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-01-08 06:23 . 2013-01-08 06:23 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-01-08 06:23 . 2013-01-08 06:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-01-08 06:23 . 2013-01-08 06:23 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-01-08 06:23 . 2013-01-08 06:23 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-01-08 06:23 . 2013-01-08 06:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-01-08 06:23 . 2013-01-08 06:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-01-08 06:23 . 2013-01-08 06:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-01-08 06:23 . 2013-01-08 06:23 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-01-08 06:23 . 2013-01-08 06:23 448512 ----a-w- c:\windows\system32\html.iec
2013-01-08 06:23 . 2013-01-08 06:23 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-01-08 06:23 . 2013-01-08 06:23 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-01-08 06:23 . 2013-01-08 06:23 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-01-08 06:23 . 2013-01-08 06:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-01-08 06:23 . 2013-01-08 06:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-01-08 06:23 . 2013-01-08 06:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-01-08 06:23 . 2013-01-08 06:23 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-01-08 06:23 . 2013-01-08 06:23 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-01-08 06:23 . 2013-01-08 06:23 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-01-08 06:23 . 2013-01-08 06:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-01-08 06:23 . 2013-01-08 06:23 222208 ----a-w- c:\windows\system32\msls31.dll
2013-01-08 06:23 . 2013-01-08 06:23 197120 ----a-w- c:\windows\system32\msrating.dll
2013-01-08 06:23 . 2013-01-08 06:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-01-08 06:23 . 2013-01-08 06:23 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-01-08 06:23 . 2013-01-08 06:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-01-08 06:23 . 2013-01-08 06:23 160256 ----a-w- c:\windows\system32\wextract.exe
2013-01-08 06:23 . 2013-01-08 06:23 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-01-08 06:23 . 2013-01-08 06:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-01-08 06:23 . 2013-01-08 06:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-01-08 06:23 . 2013-01-08 06:23 149504 ----a-w- c:\windows\system32\occache.dll
2013-01-08 06:23 . 2013-01-08 06:23 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-01-08 06:23 . 2013-01-08 06:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-01-08 06:23 . 2013-01-08 06:23 12288 ----a-w- c:\windows\system32\mshta.exe
2013-01-08 06:23 . 2013-01-08 06:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-01-08 06:23 . 2013-01-08 06:23 114176 ----a-w- c:\windows\system32\admparse.dll
2013-01-08 06:23 . 2013-01-08 06:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-01-08 06:23 . 2013-01-08 06:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-01-08 06:23 . 2013-01-08 06:23 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-01-08 06:23 . 2013-01-08 06:23 103936 ----a-w- c:\windows\system32\inseng.dll
2013-01-08 06:23 . 2013-01-08 06:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-01-04 04:43 . 2013-02-13 21:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-19 21:47 . 2012-12-19 21:47 204200 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-12-19 21:47 . 2012-12-19 21:47 146856 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-12-19 21:47 . 2012-12-19 21:47 132008 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-12-16 17:11 . 2013-01-01 10:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-01 10:03 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-01 10:03 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-01 10:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6010264]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 941440]
"WinampAgent"="c:\program files (x86)\Winamp\Winampa.exe" [2003-04-02 12288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-1-24 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UtilityChest_49Service;Utility ChestService;c:\progra~2\UTILIT~2\bar\1.bin\49barsvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2013-02-01 121416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-03-15 16152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-01 1255736]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2013-02-11 155272]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2013-02-11 1093256]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2013-02-11 228488]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2013-02-11 166024]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-02-11 3696632]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2013-01-31 302200]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-19 7017888]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-02-11 367200]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 553576]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 21:09 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 19:12]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 19:12]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000Core.job
- c:\users\314\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-30 06:58]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000UA.job
- c:\users\314\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-30 06:58]
.
2013-03-15 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-02-08 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 08:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 08:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 08:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403328]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 6548112]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.6\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-DRQE-QCWA-ACJU-1AXK-DV2U-XTH4UZS"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-03-15 00:55:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-15 06:55
.
Pre-Run: 43,699,376,128 bytes free
Post-Run: 43,034,066,944 bytes free
.
- - End Of File - - 9762CBBB9B4721CF603EF56C5A21C11D

5. It looks like it's running good except there is a link still on my desktop for speedy pc pro, that and do to the fixes that you suggested I have lost space on my C: which is a ssd so I want to use it as little as possible. But other than that It works good thank you.

By the way Just a personal question or two which A/V do you personally use and why and Which free A/V can you suggest to me, also do you remember back in the day "bonzai buddy (ad-ware)"
  • 0

#9
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

My internet is with shaw cable or Shaw.ca, at least I found out how i got infected, 8 year old cousin.

You mean he/she installed all of that on the computer? I would seriously consider making him/her a user account with limited priviliges so that can't happen again.

Most of the uninstalls worked except the utility tool bar gave an error that the dll could not be found. I couldn't find anything with babylon, also I thought that my sidebar was disabled(I don't like it anyway)

Most likely when AdwCleaner ran it got the Babylon stuff. I just wanted to be thorough. The Sidebar showed to be running at startup. So you may have stopped it from showing on the desktop, but it was still loading at startup.

It looks like it's running good except there is a link still on my desktop for speedy pc pro,

I'm glad were getting it clean. Just delete the SpeedyPC Pro link on the desktop.

... that and do to the fixes that you suggested I have lost space on my C: which is a ssd so I want to use it as little as possible...

Nothing that we have done should cause a loss of disk space. With all of the uninstalls and crap files we've removed the opposite should happen.


There are still a couple of things I see in the CF log. Let's kill them and get an antivirus on the system. The one I use is Microsoft Security Essentials. I use it because it is just as effective as any other free and most commercial AVs. And it integrates into the windows system very well. I see lots of problems with other AVs and other programs and even Windows system files, but I've never encountered that with a properly installed MSSE. MSSE is designed to be used in conjunction with the Windows firewall, but you can use a 3rd part firewall, just turn the Windows firewall off if you decide to use another firewall.


Step-1.

You don't have Anti-Virus protection installed.
It is very important that you have Anti-Virus software running on your machine. It is your first line of defense. By having an Anti-Virus program running, files will be scanned as you use them, download them, or open them. If a virus is found in one of the items you are about to use, the Anti-Virus program will stop you from being able to run that program and therefore infect yourself. They also protect against spyware and other potentially unwanted software.
*NOTE* One Anti-Virus program is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed a couple of free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Please go to our Free Antivirus and Antispyware Software topic.
Look under the Free Antivirus Software heading for our recommendations. Any of the first three are fine. Just download the setup file to the desktop and then close all browsers and windows and right click the setup file to start the installation. Follow all prompts.

IF you want to use a third party firewall, scroll down to the Free Firewalls section.
Remember: Turn off the Windows firewall after you download the firewall, but before you install it. Do NOT run more than ONE firewall.


Step-2.

Posted Image Run a CFScript

1. Close any open Windows, especially browsers.
  • IMPORTANT:- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This fix will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to the link here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
2. Copy all of the text in the Quote box below (Do Not copy the word Quote) into Notepad. To do that highlight all the text in the Quote box (except the word Quote) then right click the mouse and click Copy.

Folder::
c:\progra~2\UTILIT~2

Driver::
UtilityChest_49Service


Note: The above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Open Notepad. To do that click Start>>Run. in the Open box type notepad and click OK. An empty notepad window will open.
  • Right click inside the Notepad window and click Paste.
  • Click File then Save AS.
  • On the Save AS window click Desktop (on the left side of the window).
  • In the File Name box type CFScript.txt<---Be sure the file name looks exactly like the one shown
  • Click the Save as type down arrow and click All Files (*.*)
  • Click Save
This will save the CFScript.txt file to the Desktop.

4. Referring to the animation below, drag the CFScript.txt file onto the ComboFix.exe Cat icon and drop it.
ComboFix will launch and run the CFScript file
.

Posted Image

Note:

1. Do not mouse click ComboFix's window while it's running. That may cause it to stall**
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.
When finished, ComboFix will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Do not forget to restart your AntiVirus and Antispyware programs


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the Antivirus installation was successful.
2. The ComboFix.txt log
  • 1

#10
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Yes My A/V was installed successfully, I have Installed Mcafee Internet security

ComboFix 13-03-15.01 - 314 03/15/2013 12:09:55.2.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8138.6045 [GMT -6:00]
Running from: c:\users\314\Desktop\ComboFix.exe
Command switches used :: c:\users\314\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\314\AppData\Local\Temp\_MEI24122\_ctypes.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\_elementtree.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\_hashlib.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\_socket.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\_ssl.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\pyexpat.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\pysqlite2._sqlite.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\python26.dll
c:\users\314\AppData\Local\Temp\_MEI24122\pythoncom26.dll
c:\users\314\AppData\Local\Temp\_MEI24122\PyWinTypes26.dll
c:\users\314\AppData\Local\Temp\_MEI24122\select.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\unicodedata.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32api.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32com.shell.shell.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32crypt.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32event.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32file.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32inet.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32pdh.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32process.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32profile.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32security.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\win32ts.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\windows._cacheinvalidation.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\wx._controls_.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\wx._core_.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\wx._gdi_.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\wx._html2.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\wx._misc_.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\wx._windows_.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\wx._wizard.pyd
c:\users\314\AppData\Local\Temp\_MEI24122\wxbase293u_net_vc.dll
c:\users\314\AppData\Local\Temp\_MEI24122\wxbase293u_vc.dll
c:\users\314\AppData\Local\Temp\_MEI24122\wxmsw293u_adv_vc.dll
c:\users\314\AppData\Local\Temp\_MEI24122\wxmsw293u_core_vc.dll
c:\users\314\AppData\Local\Temp\_MEI24122\wxmsw293u_html_vc.dll
c:\users\314\AppData\Local\Temp\_MEI24122\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_UtilityChest_49Service
.
.
((((((((((((((((((((((((( Files Created from 2013-02-15 to 2013-03-15 )))))))))))))))))))))))))))))))
.
.
2013-03-15 18:18 . 2013-03-15 18:18 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-15 18:18 . 2013-03-15 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-15 11:59 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D8F7B29-0A6F-4FFB-9F2C-C6047B1FB73A}\mpengine.dll
2013-03-15 06:44 . 2013-03-15 06:44 -------- d-----w- C:\_OTL
2013-03-14 17:42 . 2013-03-14 17:42 -------- d-----w- c:\windows\ERUNT
2013-03-14 17:42 . 2013-03-14 17:42 -------- d-----w- C:\JRT
2013-03-14 17:38 . 2013-03-14 17:39 98 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-14 07:01 . 2013-03-14 07:01 -------- d-----w- c:\users\314\AppData\Roaming\QuickScan
2013-03-14 06:59 . 2013-03-14 06:59 -------- d-----w- c:\users\314\AppData\Local\IAC
2013-03-13 22:54 . 2013-03-13 22:54 -------- d-----w- c:\program files\Enigma Software Group
2013-03-13 22:54 . 2013-03-13 22:54 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-13 22:11 . 2013-03-13 22:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 22:11 . 2013-03-13 22:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 22:11 . 2013-03-13 22:11 -------- d-----w- c:\windows\SysWow64\Macromed
2013-03-13 21:32 . 2013-03-13 21:32 -------- d-----w- C:\AMD
2013-03-13 20:52 . 2000-01-01 00:00 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-03-13 20:52 . 2000-01-01 00:00 553576 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-03-13 20:41 . 2013-03-15 18:19 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-03-13 20:41 . 2013-03-13 23:25 -------- d-----w- c:\users\314\AppData\Local\SlimWare Utilities Inc
2013-03-13 20:41 . 2013-03-13 20:41 -------- d-----w- c:\program files (x86)\SlimDrivers
2013-03-11 20:30 . 2013-03-11 20:30 -------- d-----w- c:\program files\Realtek
2013-03-11 20:30 . 2013-03-13 20:58 -------- d-----w- c:\program files (x86)\Realtek
2013-03-11 20:30 . 2013-03-13 21:29 -------- d-----w- c:\program files (x86)\Temp
2013-03-11 20:30 . 2000-01-01 00:00 1706640 ----a-w- c:\windows\RtlExUpd.dll
2013-03-10 09:24 . 2013-03-15 06:59 -------- d-s---w- c:\users\314\Google Drive
2013-03-10 07:35 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-10 07:35 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-25 05:27 . 2013-02-25 05:27 -------- d-----w- c:\program files (x86)\Infogrames Interactive
2013-02-25 05:27 . 2013-03-11 20:30 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-02-19 07:52 . 2013-02-19 07:52 -------- d-----w- c:\users\314\VirtualBox VMs
2013-02-19 07:52 . 2013-02-24 03:47 -------- d-----w- c:\users\314\.VirtualBox
2013-02-19 07:51 . 2012-12-19 21:48 237992 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-02-19 07:51 . 2013-02-19 07:51 -------- dc----w- c:\windows\system32\DRVSTORE
2013-02-19 07:51 . 2012-12-19 21:47 120232 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-02-19 07:51 . 2013-02-19 07:51 -------- d-----w- c:\program files\Oracle
2013-02-17 06:15 . 2013-02-17 06:15 -------- d-----w- c:\programdata\Battle.net
2013-02-17 06:13 . 2013-02-17 06:14 -------- d-----w- c:\program files (x86)\Winamp
2013-02-17 06:00 . 2013-02-17 06:27 -------- d-----w- c:\program files (x86)\StarCraft II
2013-02-17 06:00 . 2013-02-17 06:18 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-02-17 06:00 . 2013-02-17 06:18 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-02-14 05:25 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll
2013-02-14 05:25 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
2013-02-14 05:25 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll
2013-02-14 05:25 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll
2013-02-14 05:25 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll
2013-02-14 05:25 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe
2013-02-14 05:25 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2013-02-14 05:25 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2013-02-14 05:25 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2013-02-14 05:25 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2013-02-14 05:25 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2013-02-14 05:25 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2013-02-13 21:08 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 21:08 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:08 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 21:07 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 21:07 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 21:07 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 21:07 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 21:07 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 21:07 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 21:07 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 21:07 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 21:07 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 21:34 . 2013-01-08 06:19 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 16:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 16:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 16:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 16:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 16:50 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 16:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-11 23:51 . 2013-02-11 23:51 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-02-11 23:51 . 2013-02-11 23:51 1340040 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2013-02-11 23:51 . 2013-02-11 23:51 1093256 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2013-02-11 23:51 . 2013-02-11 23:51 228488 ----a-w- c:\windows\system32\drivers\vididr.sys
2013-02-11 23:51 . 2013-02-11 23:51 166024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2013-02-11 23:51 . 2013-02-11 23:51 155272 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-02-11 23:51 . 2013-02-08 07:21 340104 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-02-08 07:21 . 2013-02-08 07:21 971360 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-02-01 06:47 . 2013-02-01 06:45 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2013-01-31 20:42 . 2013-01-31 20:42 13944 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2013-01-31 20:42 . 2013-01-31 20:42 57976 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2013-01-17 08:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 06:23 . 2013-01-08 06:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-01-08 06:23 . 2013-01-08 06:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-01-08 06:23 . 2013-01-08 06:23 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-01-08 06:23 . 2013-01-08 06:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-01-08 06:23 . 2013-01-08 06:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-01-08 06:23 . 2013-01-08 06:23 82432 ----a-w- c:\windows\system32\icardie.dll
2013-01-08 06:23 . 2013-01-08 06:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-08 06:23 . 2013-01-08 06:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-01-08 06:23 . 2013-01-08 06:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-08 06:23 . 2013-01-08 06:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-01-08 06:23 . 2013-01-08 06:23 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-01-08 06:23 . 2013-01-08 06:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-01-08 06:23 . 2013-01-08 06:23 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-01-08 06:23 . 2013-01-08 06:23 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-01-08 06:23 . 2013-01-08 06:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-01-08 06:23 . 2013-01-08 06:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-01-08 06:23 . 2013-01-08 06:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-01-08 06:23 . 2013-01-08 06:23 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-01-08 06:23 . 2013-01-08 06:23 448512 ----a-w- c:\windows\system32\html.iec
2013-01-08 06:23 . 2013-01-08 06:23 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-01-08 06:23 . 2013-01-08 06:23 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-01-08 06:23 . 2013-01-08 06:23 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-01-08 06:23 . 2013-01-08 06:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-01-08 06:23 . 2013-01-08 06:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-01-08 06:23 . 2013-01-08 06:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-01-08 06:23 . 2013-01-08 06:23 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-01-08 06:23 . 2013-01-08 06:23 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-01-08 06:23 . 2013-01-08 06:23 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-01-08 06:23 . 2013-01-08 06:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-01-08 06:23 . 2013-01-08 06:23 222208 ----a-w- c:\windows\system32\msls31.dll
2013-01-08 06:23 . 2013-01-08 06:23 197120 ----a-w- c:\windows\system32\msrating.dll
2013-01-08 06:23 . 2013-01-08 06:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-01-08 06:23 . 2013-01-08 06:23 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-01-08 06:23 . 2013-01-08 06:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-01-08 06:23 . 2013-01-08 06:23 160256 ----a-w- c:\windows\system32\wextract.exe
2013-01-08 06:23 . 2013-01-08 06:23 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-01-08 06:23 . 2013-01-08 06:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-01-08 06:23 . 2013-01-08 06:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-01-08 06:23 . 2013-01-08 06:23 149504 ----a-w- c:\windows\system32\occache.dll
2013-01-08 06:23 . 2013-01-08 06:23 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-01-08 06:23 . 2013-01-08 06:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-01-08 06:23 . 2013-01-08 06:23 12288 ----a-w- c:\windows\system32\mshta.exe
2013-01-08 06:23 . 2013-01-08 06:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-01-08 06:23 . 2013-01-08 06:23 114176 ----a-w- c:\windows\system32\admparse.dll
2013-01-08 06:23 . 2013-01-08 06:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-01-08 06:23 . 2013-01-08 06:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-01-08 06:23 . 2013-01-08 06:23 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-01-08 06:23 . 2013-01-08 06:23 103936 ----a-w- c:\windows\system32\inseng.dll
2013-01-08 06:23 . 2013-01-08 06:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-01-04 04:43 . 2013-02-13 21:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-19 21:47 . 2012-12-19 21:47 204200 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-12-19 21:47 . 2012-12-19 21:47 146856 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-12-19 21:47 . 2012-12-19 21:47 132008 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-12-16 17:11 . 2013-01-01 10:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-01 10:03 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-01 10:03 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-01 10:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6010264]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 941440]
"WinampAgent"="c:\program files (x86)\Winamp\Winampa.exe" [2003-04-02 12288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-1-24 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2013-02-01 121416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-03-15 16152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-01 1255736]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2013-02-11 155272]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2013-02-11 1093256]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2013-02-11 228488]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2013-02-11 166024]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-02-11 3696632]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2013-01-31 302200]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-19 7017888]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-02-11 367200]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 553576]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 21:09 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 19:12]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-30 19:12]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000Core.job
- c:\users\314\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-30 06:58]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3361998210-192212384-1650811137-1000UA.job
- c:\users\314\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-30 06:58]
.
2013-03-15 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-02-08 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 08:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 08:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 08:13 2732160 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403328]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 6548112]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.6\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-DRQE-QCWA-ACJU-1AXK-DV2U-XTH4UZS"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-15 12:28:56 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-15 18:28
ComboFix2.txt 2013-03-15 06:55
.
Pre-Run: 42,560,249,856 bytes free
Post-Run: 42,152,923,136 bytes free
.
- - End Of File - - AF608EC707E1DB194BDC8E420255735A
  • 0

Advertisements


#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's check for any out of date programs.


Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The checkup.txt log
  • 1

#12
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Google Chrome 25.0.1364.172
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
  • 0

#13
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
No programs need updating. The scans look good. I want you to check the search provider in Chrome and change Babylon if it is there. Then delete the DealPly Shopping extension if it is still there.

Then I want to check the system files and check the hard drive for problems.


Step-1.

A.
Reset/Delete a Search engine in Chrome

Open the Chrome browser

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Select Settings and find the "Search" section.
  • Click Manage search engines.
  • Remove a search engine: Look for anything with the name Babylon and click the x that appears at the end of the row.

Set your default search engine

  • Go back to the Search section.
  • Select the search engine you want to use from the menu (like Google). If the search engine you want to use doesn't appear in the menu, click Manage search engines.
  • In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
  • Click the Make default button that appears at the end of the row. Don’t see the button? You may need to edit its URL. See details below on setting up a search engine.

B.
Delete a Google Chrome extension:

Open the Chrome browser:

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions.
  • Look for any Babylon items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
  • A confirmation dialog will appear, click Remove.


Step-2.

Delete Old SFC Log and run SFC

Windows Vista/7

  • Open an elevated command prompt. To do that:
    • Click Start, click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)

    Posted Image
  • A command window will open like the image below:

    Posted Image
  • Type the following and press ENTER after each line:
    cd \windows\Logs\cbs
    copy cbs.log cbs.old
    del cbs.log


    Back at the blinking cursor:
  • Type or copy and paste the following command and press Enter:

    sfc /scannow

    Posted Image

    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. Note: This may take awhile to finish.
  • Write down the results of the scan so you can post them in your next reply.
  • Type exit and press the ENTER key to close the command window.

Step-3.

Check Hard Disk For Errors:

Windows Vista/7

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

  • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:
    • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
    • At the bottom in the File Name: box type testhd.bat
    • In the Save as type: box, click the down arrow and click All Files(*.*)
    • Click Save
    This will put a new file on the Desktop named testhd.bat
    The file icon will look like this:
    Posted Image

    Close all open windows and any open Browsers.
  • Right click the testhd.bat file on the desktop and click Run As Admininstrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
  • When the command window has closed there will be a new file on the desktop named checkhd.txt
  • Copy and paste the contents of the checkhd.txt file in your next reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know what SFC found.
2. The checkhd.txt
  • 1

#14
314

314

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
windows resource protection did not find any integrity violations

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
186 large file records processed.

0 bad file records processed.

2 EA records processed.

71 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
24661 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

117115903 KB total disk space.
77147020 KB in 112611 files.
65464 KB in 24662 indexes.
0 KB in bad sectors.
291399 KB in use by the system.
65536 KB occupied by the log file.
39612020 KB available on disk.

4096 bytes in each allocation unit.
29278975 total allocation units on disk.
9903005 allocation units available on disk.
  • 0

#15
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
That's good news. There's no problem with the system files and the file system shows no problems. Now I want one final OTL scan to make sure everything is gone and the system events log is not still showing the controller error on \Device\Harddisk1\DR1.


Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • Vista /7 users: right click the icon and click Run as Administrator.
Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console, click the box beside Scan All Users and Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the circle beside Use Safelist.<---Very Important
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.
Repeat for the Extras.txt file

Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL.txt log
2. The Extras.txt log
  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP