Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Infection?

Started by rakat , Apr 25 2013 12:50 AM

  • Please log in to reply

#1
rakat
Posted 25 April 2013 - 12:50 AM

rakat

    New Member

  • Member
  • Pip
  • 2 posts
I started a topic in the Vista section regarding BSODs. However, remembering that I found spyware after scanning with Malwarebytes earlier today, I felt the need to dig deeper. I downloaded OLT and used it. On the task bar, The OLT icon says "corrupt file". Does that mean the computer is infected?

Any help is appreciated. Thank you for your time and assistance!

OLT log:
OTL logfile created on: 4/25/2013 2:40:09 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Me\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 61.98% Memory free
4.81 Gb Paging File | 3.84 Gb Available in Paging File | 79.83% Paging File free
Paging file location(s): c:\pagefile.sys 2048 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 207.35 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
Drive D: | 3.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RAK-PC | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Me\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Pale Moon\palemoon.exe (Moonchild Productions)
PRC - C:\Windows\Runservice.exe ()
PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\Me\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (KoshyJohn.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Pale Moon\mozjs.dll ()
MOD - C:\Program Files\Mumble\mumble_ol.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LicCtrlService) -- C:\Windows\Runservice.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2012\DfSdkS.exe (mst software GmbH, Germany)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (uonwq) -- System32\drivers\payuigu.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys File not found
DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (MEMSWEEP2) -- File not found
DRV - (mcdbus) -- File not found
DRV - (IpInIp) -- File not found
DRV - (catchme) -- File not found
DRV - (MpKsl2944d494) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1A1BF01-F798-4844-A3AC-5C0BD3E31F4E}\MpKsl2944d494.sys (Microsoft Corporation)
DRV - (MpKsl3c8b874a) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1A1BF01-F798-4844-A3AC-5C0BD3E31F4E}\MpKsl3c8b874a.sys ()
DRV - (MpKslac775454) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1A1BF01-F798-4844-A3AC-5C0BD3E31F4E}\MpKslac775454.sys ()
DRV - (USB_RNDIS_VISTA) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\ElRawDsk.sys (EldoS Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (USBNET_XP) -- C:\Windows\System32\drivers\netusbxp.sys (The LinkSys Group, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.vtrocket.com/start
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vtrocket.com/start
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.vtrocket.com/start
IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - SOFTWARE\Classes\CLSID\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {621BEB56-33C6-4B1C-88DD-2D51C6FEED77}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4E5A7C74-8BEF-4DB0-82A3-4245A2F862C3}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{621BEB56-33C6-4B1C-88DD-2D51C6FEED77}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{88BA080D-DF1A-45D2-8CE2-8461E30FBFFE}: "URL" = http://search.netzer...y={searchTerms}
IE - HKCU\..\SearchScopes\{EFD9C276-6863-4478-B012-F93CE7B93013}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{F5A591E1-8646-4D15-AC40-E8CF9E52D9BF}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js..browser.search.openintab: false

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@meadco.com/neptune plugin,version=2.0.0.29: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Me\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/06 05:58:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.0.1\extensions\\Components: C:\Program Files\Pale Moon\components [2013/04/14 00:36:31 | 000,000,000 | ---D | M]

[2012/04/18 16:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Extensions
[2013/04/22 18:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\rulku0es.default\extensions
[2013/04/22 18:21:24 | 000,000,000 | ---D | M] (Browse2savee) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\rulku0es.default\extensions\[email protected]
[2013/04/22 18:27:34 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\rulku0es.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/06 05:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 04:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 04:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 04:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.yahoo.com/?fr=fp-yie8
CHR - plugin: First user (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google Search = C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Browse2savee = C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\jimdlidimbbnjnpanndedicjkpnhglie\1\
CHR - Extension: Gmail = C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/04/15 23:22:34 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Memory Cleaner] C:\Users\Me\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (KoshyJohn.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228" File not found
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227" File not found
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C723B582-89C9-46B3-BED0-D6447C13A797}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C723B582-89C9-46B3-BED0-D6447C13A797}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD2F0BFD-8A4F-4E25-AC28-A4622D79BA6D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O27 - HKLM IFEO\asc.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dw20.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\finder.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ois.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setlang.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\suc10_uninstal.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\wo2012.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/02/25 18:24:44 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/25 00:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/04/25 00:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
[2013/04/25 00:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2013/04/25 00:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013/04/25 00:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2013/04/25 00:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2013/04/24 23:18:47 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013/04/24 23:18:46 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/04/24 23:18:46 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/04/24 23:18:46 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/04/24 23:18:46 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/04/24 23:18:43 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013/04/24 23:18:43 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013/04/24 23:18:43 | 000,147,968 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2013/04/24 23:18:43 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013/04/24 20:42:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2013/04/24 20:41:28 | 001,822,488 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2013/04/24 20:41:26 | 000,547,104 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\sltech32.dll
[2013/04/24 20:41:26 | 000,184,608 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\slprp32.dll
[2013/04/24 20:41:25 | 000,699,680 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\slcnt32.dll
[2013/04/24 20:41:24 | 000,336,672 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\sl3apo32.dll
[2013/04/24 20:41:23 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2013/04/24 20:41:22 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2013/04/24 20:41:22 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2013/04/24 20:41:20 | 004,335,384 | ---- | C] (A-volute) -- C:\Windows\System32\RTKSMlfx.dll
[2013/04/24 20:41:20 | 000,852,824 | ---- | C] (A-Volute) -- C:\Windows\System32\RTKSMSettingsIPC.dll
[2013/04/24 20:41:15 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2013/04/24 20:41:14 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2013/04/24 20:41:14 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2013/04/24 20:41:14 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2013/04/24 20:41:12 | 007,162,128 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2013/04/24 20:41:12 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2013/04/24 20:41:12 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2013/04/24 20:41:11 | 000,352,016 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2013/04/24 20:41:11 | 000,106,768 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2013/04/24 20:41:11 | 000,091,920 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2013/04/24 20:41:11 | 000,062,224 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2013/04/24 20:41:10 | 008,872,216 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioVnA.dll
[2013/04/24 20:41:10 | 000,349,048 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2013/04/24 20:41:09 | 001,656,600 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2013/04/24 20:41:08 | 013,769,496 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2013/04/24 20:41:07 | 000,776,984 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2013/04/24 20:41:07 | 000,639,256 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO50.dll
[2013/04/24 20:41:07 | 000,549,240 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO40.dll
[2013/04/24 20:41:07 | 000,350,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2013/04/24 20:41:06 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2013/04/24 20:41:02 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2013/04/24 20:41:01 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2013/04/24 20:41:01 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2013/04/24 20:41:01 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2013/04/24 20:41:01 | 000,426,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2013/04/24 20:41:01 | 000,402,888 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2013/04/24 20:41:01 | 000,346,056 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2013/04/24 20:41:00 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2013/04/24 20:41:00 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2013/04/24 20:41:00 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2013/04/24 20:41:00 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2013/04/24 20:41:00 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2013/04/24 20:41:00 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2013/04/24 20:41:00 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2013/04/24 20:40:59 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2013/04/24 20:40:59 | 000,090,624 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2013/04/24 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek(49)
[2013/04/24 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/04/24 20:35:27 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2013/04/24 16:06:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/20 04:15:58 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013/04/20 04:15:58 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013/04/20 04:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013/04/20 04:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2013/04/20 04:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/04/20 04:13:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/04/20 03:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/04/20 03:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/04/20 03:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/04/20 03:26:21 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Roaming\IObit
[2013/04/18 22:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/04/18 22:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/04/18 21:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/04/18 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/04/18 18:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2013/04/17 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/04/17 18:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/04/17 17:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/04/17 04:09:51 | 000,000,000 | ---D | C] -- C:\Users\Me\{ae38d16e-a8c9-40d5-a8ee-e3e17d3184ec}
[2013/04/17 03:55:59 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Roaming\PCCUStubInstaller
[2013/04/17 03:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/04/17 03:11:59 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Roaming\driveridentifier
[2013/04/17 03:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013/04/16 19:35:30 | 000,000,000 | ---D | C] -- C:\Users\Me\Documents\Windows7_Vista_jcgriff2
[2013/04/16 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/04/16 19:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2013/04/14 17:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013/04/14 17:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013/04/14 17:47:40 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2013/04/14 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2013/04/14 00:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Pale Moon
[2013/04/05 00:41:12 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Roaming\Unity
[2013/04/02 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Local\SWTORPerf
[2013/03/31 16:15:28 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2013/03/31 02:49:35 | 000,000,000 | ---D | C] -- C:\Users\Me\AppData\Local\Adobe_Systems_Incorporate
[2013/03/31 02:48:40 | 000,000,000 | ---D | C] -- C:\Users\Me\Documents\My Digital Editions
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/25 02:40:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0EED14AB-4D3A-4762-92BD-B5BB69CDD208}.job
[2013/04/25 01:42:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/25 01:22:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 01:22:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 00:39:01 | 000,000,797 | ---- | M] () -- C:\Users\Me\Desktop\HD Tune Pro.lnk
[2013/04/25 00:27:25 | 000,001,736 | ---- | M] () -- C:\Users\Me\Desktop\CrystalDiskInfo.lnk
[2013/04/25 00:27:24 | 000,001,775 | ---- | M] () -- C:\Users\Me\Desktop\CrystalDiskInfo Shizuku Edition.lnk
[2013/04/25 00:13:37 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/04/24 23:22:50 | 000,114,466 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/04/24 23:22:50 | 000,114,466 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/04/24 23:22:44 | 000,002,713 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2013/04/24 23:22:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/24 19:29:52 | 001,635,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/24 19:23:34 | 000,645,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/24 19:23:34 | 000,120,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/24 17:47:08 | 000,002,377 | ---- | M] () -- C:\Users\Me\Documents\MumbleAutomaticCertificateBackup.p12
[2013/04/24 16:06:35 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/20 04:15:55 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013/04/20 03:28:01 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/04/20 03:28:01 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/04/20 02:58:22 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dat
[2013/04/18 22:08:10 | 000,001,941 | ---- | M] () -- C:\Users\Me\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/04/18 18:33:15 | 000,002,615 | ---- | M] () -- C:\Users\Me\Desktop\HiJackThis.lnk
[2013/04/16 20:01:27 | 000,147,530 | ---- | M] () -- C:\Users\Me\Documents\perfmon.zip
[2013/04/16 19:53:37 | 003,163,844 | ---- | M] () -- C:\Users\Me\Documents\perfmon.html
[2013/04/16 19:43:39 | 002,215,850 | ---- | M] () -- C:\Users\Me\Documents\Windows7_Vista_jcgriff2.zip
[2013/04/14 17:47:50 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\One-Click-Optimizer (WO2012).lnk
[2013/04/14 17:47:50 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 2012.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/31 17:08:23 | 000,000,478 | ---- | M] () -- C:\Users\Me\Desktop\PrivaZer.ini
[2013/03/29 17:10:06 | 000,449,481 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/25 00:39:01 | 000,000,797 | ---- | C] () -- C:\Users\Me\Desktop\HD Tune Pro.lnk
[2013/04/25 00:27:25 | 000,001,736 | ---- | C] () -- C:\Users\Me\Desktop\CrystalDiskInfo.lnk
[2013/04/25 00:27:24 | 000,001,775 | ---- | C] () -- C:\Users\Me\Desktop\CrystalDiskInfo Shizuku Edition.lnk
[2013/04/25 00:13:37 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2013/04/25 00:13:37 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/04/24 23:20:09 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2013/04/24 20:41:22 | 003,180,264 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013/04/24 20:41:12 | 000,449,481 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/04/24 16:06:35 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/21 17:57:43 | 001,635,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/20 04:15:55 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013/04/20 04:15:54 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013/04/20 03:28:01 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/04/20 03:28:01 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/04/20 02:58:22 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2013/04/18 22:08:10 | 000,001,941 | ---- | C] () -- C:\Users\Me\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/04/18 18:33:01 | 000,002,615 | ---- | C] () -- C:\Users\Me\Desktop\HiJackThis.lnk
[2013/04/16 20:01:26 | 000,147,530 | ---- | C] () -- C:\Users\Me\Documents\perfmon.zip
[2013/04/16 19:56:07 | 003,163,844 | ---- | C] () -- C:\Users\Me\Documents\perfmon.html
[2013/04/16 19:43:37 | 002,215,850 | ---- | C] () -- C:\Users\Me\Documents\Windows7_Vista_jcgriff2.zip
[2013/04/14 17:47:50 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\One-Click-Optimizer (WO2012).lnk
[2013/04/14 17:47:50 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 2012.lnk
[2013/02/18 19:19:42 | 000,049,152 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/02/18 19:19:42 | 000,002,713 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2013/02/18 19:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/01/02 02:00:28 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2012/12/11 18:46:18 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012/08/15 02:22:46 | 000,338,432 | ---- | C] () -- C:\Windows\System32\Mss32.dll
[2012/08/14 17:02:12 | 000,000,247 | ---- | C] () -- C:\Users\Me\AppData\Roaming\burnaware.ini
[2012/05/02 00:07:37 | 000,000,680 | ---- | C] () -- C:\Users\Me\AppData\Local\d3d9caps.dat
[2012/04/19 19:46:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/04/19 19:45:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/04/18 16:21:50 | 000,000,632 | RHS- | C] () -- C:\Users\Me\ntuser.pol
[2012/01/28 16:27:18 | 000,124,872 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/05 22:20:26 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/09/02 00:21:57 | 000,000,376 | -H-- | C] () -- \IPH.PH
[2011/05/14 14:55:33 | 000,061,440 | ---- | C] () -- C:\Windows\uninstall.exe
[2011/05/12 11:51:31 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/05/09 23:41:50 | 000,114,466 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/05/09 23:41:49 | 000,114,466 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/05/06 13:03:29 | 000,000,144 | -HS- | C] () -- C:\ProgramData\450060720
[2010/01/16 20:26:08 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2010/01/16 20:26:08 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009/05/15 07:00:58 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/08/07 18:34:00 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/07 18:33:59 | 000,333,257 | RHS- | C] () -- \bootmgr
[2006/12/07 12:24:36 | 000,241,664 | ---- | C] () -- \EMicon.dll
[2006/11/02 06:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/21 00:08:50 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\.minecraft
[2012/12/23 05:03:45 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\DAEMON Tools Lite
[2013/04/20 05:20:39 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\driveridentifier
[2012/07/28 20:57:58 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\GrabIt
[2013/04/21 02:47:51 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\IObit
[2013/01/27 04:05:34 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\KoshyJohn.com
[2012/08/10 00:25:38 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\LolClient
[2012/04/18 16:26:03 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Moonchild Productions
[2013/04/25 01:45:53 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mumble
[2012/08/13 02:24:42 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\OnLive App
[2013/04/17 03:55:59 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\PCCUStubInstaller
[2012/07/18 00:38:55 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\SendSpace
[2012/12/24 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Stardock
[2012/11/04 04:29:06 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\SystemRequirementsLab
[2013/04/20 04:15:31 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\TuneUp Software
[2013/04/05 00:41:12 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Unity
[2012/07/28 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Unzbin

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP