Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A haunting, transparent virus that I can't get rid of. [Solved]


  • This topic is locked This topic is locked

#1
Neinei

Neinei

    Member

  • Member
  • PipPip
  • 18 posts
Hi Geeks2go....
I'm a new member here, but have looked around this site from time to time, and I can say I'm really impressed. I have a severe problem with my laptop that started just 3 and a half weeks ago. I'm currently on my mothers computer because my computer has been slowed dramatically after something got into my computer.

The story: Not too long ago, I was helping a friend with her computer. Nothing was wrong at all with my laptop, it would have minimal lag, and the overall health was satisfactory. I logged into her computer using LogMeIn Rescue so I could remotely help out. Big mistake, because her computer symptoms became mine. Her computer was slow, it would stop responding or freeze on her, and had many errors. It came to a point she took her computer to my house, and I really did help her. Me, being computer literate, knew I'd be able to help her out.
I shouldn't have done it remotely, though!! We both noticed how my cursor wasn't responding correctly on her screen (I would be moving it but she wouldn't see, it was frozen to her). That's when my computer started to slow down gradually. By the end of the night, programs weren't responding, it would take 30 minutes or more for the computer to reboot, 15 to get into the desktop, and my cursor would be moving fine, but when it clicks a program, it'd take maybe 6 minutes or more to actually execute. I performed a factory reset which did indeed wipe the computer. BUT, just when Toshiba services were installing themselves for the first time use of the computer, I got a blue screen and an error message which reboot and continued installing Toshiba services. Then I get the error again... now it wouldn't get past "Starting Windows"! So I got it taken to OfficeMax to be repaired for $50 and got it back in the state it was in right before something got into my computer.
Still didn't help.

The problem: I got the all too familiar "Lag" a little after I activated windows when I took it home with the SAME product key my windows was activated with, the SAME Wifi, and most of the SAME programs I had before, that I used the SAME USB flash drive to transfer over those same programs to the newly installed Windows. This has slowed my computer down at least by 60%, and I'm truly at a loss with what I can do now. If I power off during it's unresponsiveness, it will take 40 minutes to boot back into windows. This has never happened. I bought this computer at a closing OfficeMax for $412. The original price was $800 something.

The specs: I have a satellite p755-s5184 Toshiba, Intel Core i5 processor with 4 gigs of ram (2.50GHz) Windows 7 Home Premium- (Genuine) Service Pk1- 64bit PC.

What I did to aid this: I have run SpyBot, Avg scans that aren't able to complete anymore because of the performance issue, I installed Kapersky, but uninstalled it since its AV registry key conflicted with AVG, I looked around on the internet for a solution, and have asked on Yahoo Answers about it. When my computer was first like this, I read around and saw that some viruses hide in system restore, so I disabled it and boot into safe mode to run the scans. I format my computer 3 times. OfficeMax had to wipe the Hard Drive, making it 4 times. I used CMD to do the Clean All command just last night and reinstalled windows. I now have a program on my computer named Advanced SystemCare Pro. The lag is still unbearable, hence me having to use my mothers computer right now to do this. Note: When reading Geeks2Go instructions on what to do before posting, I switched to my laptop to download OTL. SpyBot had all of your links locked, saying "Host name can't be resolved". I had to use my mothers external hard drive to transfer OTL to my desktop, and I did the scan. Now I need to transfer the .txt over to this computer.

My Suspicions: I don't know whether this is a virus, or something else. It is unbearably hard to deal with, for I've tried so much to get this out of my computer. I have had a few thoughts of this being something attached to my Product key, or a Wifi-wide code... except no one else has this.... I used the same programs that I had on my computer before (Ccleaner, AVG, iolo sysMechanic (free), steam, ect. Maybe this thing in my computer is tracking what I do just in case I happen to format my computer completely, and still finds me? Is it my IP address? Hasn't that changed with the Hard Drive? Has this thing in my computer nestled itself into a deep root of my computer that can't be touched? I've read some of the successes on Geeks2Go, and I'm sold. I truly hope this isn't a giant wall of text, I want to be as thorough as possible for a thorough solution to end this haunting I have in my computer.... Thank you so much to the person who can shed some light on this all.
The OTL Log: (God forbid I'm transferring something to my mothers computer by using her Hard Drive like this....)
OTL logfile created on: 5/23/2013 7:53:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bearbear\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.96% Memory free
7.82 Gb Paging File | 6.02 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 575.19 Gb Free Space | 96.50% Space Free | Partition Type: NTFS

Computer Name: BEARBEAR-PC | User Name: Bearbear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 07:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
PRC - [2013/05/23 02:16:04 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/05/17 16:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:58:42 | 003,881,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/04/22 18:45:32 | 004,080,960 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
PRC - [2013/04/18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013/04/08 19:02:16 | 000,720,192 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 02:16:04 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/05/17 16:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dll
MOD - [2013/05/17 16:35:41 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
MOD - [2013/05/17 16:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
MOD - [2013/05/17 16:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dll
MOD - [2013/05/17 16:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dll
MOD - [2013/05/17 16:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/04/15 18:49:00 | 001,232,704 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Scan.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2013/01/15 18:47:50 | 000,517,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/10/19 14:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 14:31:40 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/10/19 14:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/26 08:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/05 03:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 08:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2013/04/03 16:22:42 | 000,039,504 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 53 C0 C3 68 57 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Wolf and the Ice Planet = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck\1_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

O1 HOSTS File: ([2013/05/22 23:52:33 | 000,447,822 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15376 more lines...
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D22093CA-E336-4018-A821-01CC23D08FDF}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 07:52:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
[2013/05/23 02:16:19 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\PMB Files
[2013/05/23 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/05/23 02:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/05/23 02:15:53 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\.swt
[2013/05/23 02:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[2013/05/23 01:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2013/05/23 01:54:10 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/05/23 01:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/05/23 01:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/05/23 01:37:43 | 000,026,432 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/05/23 00:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/05/23 00:35:53 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Apple Computer
[2013/05/23 00:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/05/23 00:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/05/23 00:35:15 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\IObit
[2013/05/23 00:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/05/23 00:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/05/22 23:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/22 23:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/22 23:38:56 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/05/22 23:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/05/22 23:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/05/22 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Programs
[2013/05/22 23:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Adobe
[2013/05/22 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/05/22 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/05/22 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/22 22:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/22 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Google
[2013/05/22 22:52:17 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Deployment
[2013/05/22 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/05/22 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Apps
[2013/05/22 21:18:14 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Intel
[2013/05/22 21:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013/05/22 21:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/05/22 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/05/22 20:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/05/22 20:55:11 | 000,000,000 | ---D | C] -- C:\Intel
[2013/05/22 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/05/22 20:37:36 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Diagnostics
[2013/05/22 20:34:40 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Toshiba
[2013/05/22 20:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2013/05/22 20:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2013/05/22 20:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
[2013/05/22 20:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013/05/22 20:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/22 18:05:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/05/22 16:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013/05/22 16:47:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/05/22 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/05/22 16:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/05/22 16:46:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/05/22 16:46:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/05/22 16:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/05/22 16:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\WinBatch
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Searches
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/22 09:14:18 | 000,000,000 | -H-D | C] -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/22 09:14:08 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Identities
[2013/05/22 09:14:05 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Contacts
[2013/05/22 09:14:04 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\VirtualStore
[2013/05/22 09:13:54 | 000,000,000 | --SD | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Videos
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Saved Games
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Pictures
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Music
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Links
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Favorites
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Downloads
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Documents
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Desktop
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\Temporary Internet Files
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Templates
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Start Menu
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\SendTo
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Recent
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\PrintHood
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\NetHood
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Videos
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Pictures
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Music
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\My Documents
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Local Settings
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\History
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Cookies
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Application Data
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\Application Data
[2013/05/22 09:13:54 | 000,000,000 | -H-D | C] -- C:\Users\Bearbear\AppData
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Temp
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Microsoft
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Media Center Programs
[2013/05/22 09:05:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/05/22 08:47:49 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/05/22 08:08:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/22 08:06:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/05/22 04:27:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/05/22 04:13:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/05/23 07:53:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/23 07:53:51 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/23 07:53:51 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/23 07:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
[2013/05/23 07:11:52 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 04:21:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 03:17:09 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 03:17:05 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 03:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 03:08:47 | 3148,689,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 01:47:02 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/05/23 00:35:49 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/05/22 23:52:33 | 000,447,822 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/22 23:39:39 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/22 23:06:57 | 000,002,279 | ---- | M] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/22 22:57:29 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 22:57:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 22:53:43 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/22 22:44:24 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/22 21:22:09 | 000,002,495 | ---- | M] () -- C:\Users\Bearbear\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/05/22 21:13:49 | 044,953,528 | ---- | M] () -- C:\Users\Bearbear\Documents\TC00333600D.exe
[2013/05/22 20:54:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/05/22 08:09:14 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/05/22 08:09:14 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/05/23 01:47:02 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/05/23 01:47:01 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/05/23 00:35:49 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/05/22 23:39:39 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/22 23:39:39 | 000,001,379 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/22 22:57:29 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 22:57:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 22:53:43 | 000,002,279 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/22 22:53:43 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/22 22:52:42 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 22:52:38 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 22:14:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/22 22:00:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/22 21:22:09 | 000,002,495 | ---- | C] () -- C:\Users\Bearbear\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/05/22 21:13:59 | 044,953,528 | ---- | C] () -- C:\Users\Bearbear\Documents\TC00333600D.exe
[2013/05/22 20:55:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013/05/22 20:54:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/05/22 16:46:53 | 000,000,852 | ---- | C] () -- C:\Windows\SysNative\drivers\RTKHDRC.dat
[2013/05/22 16:46:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2013/05/22 16:46:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2013/05/22 09:13:54 | 000,000,290 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/22 09:13:54 | 000,000,272 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/22 08:09:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/05/22 08:09:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/05/22 04:13:06 | 3148,689,408 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/23 01:48:38 | 000,000,000 | ---D | M] -- C:\Users\Bearbear\AppData\Roaming\IObit
[2013/05/22 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Bearbear\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello Neinei :welcome:

My name is Nutloaf, and I will be helping you with your malware issues.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

Please take time to read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference. Also, some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally
Removing malware is a complicated multiple step process, please stay with me until I have declared your system clean.



I now have a program on my computer named Advanced SystemCare Pro

I take it that you installed Advanced SystemCare 6 and it didn't just appear from nowhere? If installed did you pay for it?

You have too much protection I think. Windows Defender, Spybot and IObit are running and each is fighting for attention. IObit has a built in registry cleaner, these cleaners can over clean which is disastrous for your system.

Please Follow in the order given:


1. Uninstall
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Spybot - Search & Destroy 2

2. Run OTL Fix

Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found

:FILES
ipconfig /flushdns /c

:COMMANDS
[RESETHOSTS]
[EMPTYTEMP]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.

3. OTL Custom Scan
  • Open OTL and select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into Custom Scans\Fixes box without the word Quote.

  • dir C:\ /S /A:L /C

  • Now Click Run Scan
  • Copy and Paste the 2 logs produced in your next reply. OTL.txt and Extras.txt

Things I want to see in your next post.
  • OTL Fix Log
  • OTL.txt
  • Extras.txt
  • How is the computer running after performing the above?

  • 1

#3
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Oh thank you so much for your response, Nutloaf, and I really hope your training is a success :).
My computer isn't very slow at the moment, it's actually responding nicely- but it has its moments when it looks cured, when it may be not, so I will update you on its status most definitely!
Alright. Now for the logs. I read your instructions carefully, and ... as a good sign, I'm actually posting this from my computer right now :).
I did not pay for Advanced SystemCare Pro, I used to have iolo System Mechanic which worked nicely, but what do you suggest? As you said, too much/certain registry cleaning could harm the computer, so I'll take that into account.

OTL Fix Log:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bearbear\Desktop\cmd.bat deleted successfully.
C:\Users\Bearbear\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Bearbear
->Temp folder emptied: 30805884 bytes
->Temporary Internet Files folder emptied: 430610 bytes
->Google Chrome cache emptied: 6665347 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127572933 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42303946 bytes
RecycleBin emptied: 36271144 bytes

Total Files Cleaned = 233.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05252013_081425

Files\Folders moved on Reboot...
C:\Users\Bearbear\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL.txt:

OTL logfile created on: 5/25/2013 8:18:22 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bearbear\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 70.45% Memory free
7.82 Gb Paging File | 6.51 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 572.01 Gb Free Space | 95.96% Space Free | Partition Type: NTFS

Computer Name: BEARBEAR-PC | User Name: Bearbear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 07:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
PRC - [2013/05/23 02:16:04 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/05/17 16:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013/04/10 10:36:26 | 000,547,648 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe
PRC - [2013/04/08 19:02:16 | 000,720,192 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/02/20 14:37:48 | 001,611,584 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/12/25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 02:16:04 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/05/17 16:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dll
MOD - [2013/05/17 16:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
MOD - [2013/05/17 16:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dll
MOD - [2013/05/17 16:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dll
MOD - [2013/05/17 16:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/10/19 14:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 14:31:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/10/19 14:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/26 08:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/05 03:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 08:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2013/04/03 16:22:42 | 000,039,504 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 53 C0 C3 68 57 CE 01 [binary data]
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Wolf and the Ice Planet = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck\1_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

O1 HOSTS File: ([2013/05/25 08:14:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3713297176-944618025-1417552208-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3713297176-944618025-1417552208-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3713297176-944618025-1417552208-1000..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D22093CA-E336-4018-A821-01CC23D08FDF}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/25 08:14:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/23 21:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2013/05/23 13:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2013/05/23 13:35:31 | 000,000,000 | --SD | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mabinogi
[2013/05/23 13:35:28 | 000,000,000 | ---D | C] -- C:\Nexon
[2013/05/23 12:37:01 | 000,000,000 | --SD | C] -- C:\Users\Bearbear\Documents\Mabinogi
[2013/05/23 07:52:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
[2013/05/23 02:16:19 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\PMB Files
[2013/05/23 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/05/23 02:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/05/23 02:15:53 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\.swt
[2013/05/23 02:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[2013/05/23 01:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2013/05/23 01:54:10 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/05/23 01:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/05/23 01:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/05/23 01:37:43 | 000,026,432 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/05/23 00:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/05/23 00:35:53 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Apple Computer
[2013/05/23 00:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/05/23 00:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/05/23 00:35:15 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\IObit
[2013/05/23 00:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/05/23 00:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/05/22 23:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/22 23:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/05/22 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Programs
[2013/05/22 23:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Adobe
[2013/05/22 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/05/22 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/05/22 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/22 22:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/22 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Google
[2013/05/22 22:52:17 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Deployment
[2013/05/22 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/05/22 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Apps
[2013/05/22 21:18:14 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Intel
[2013/05/22 21:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013/05/22 21:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/05/22 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/05/22 20:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/05/22 20:55:11 | 000,000,000 | ---D | C] -- C:\Intel
[2013/05/22 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/05/22 20:37:36 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Diagnostics
[2013/05/22 20:34:40 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Toshiba
[2013/05/22 20:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2013/05/22 20:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2013/05/22 20:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
[2013/05/22 20:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013/05/22 20:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/22 18:05:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/05/22 16:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013/05/22 16:47:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/05/22 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/05/22 16:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/05/22 16:46:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/05/22 16:46:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/05/22 16:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/05/22 16:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\WinBatch
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Searches
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/22 09:14:18 | 000,000,000 | -H-D | C] -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/22 09:14:08 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Identities
[2013/05/22 09:14:05 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Contacts
[2013/05/22 09:14:04 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\VirtualStore
[2013/05/22 09:13:54 | 000,000,000 | --SD | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Videos
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Saved Games
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Pictures
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Music
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Links
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Favorites
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Downloads
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Documents
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Desktop
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\Temporary Internet Files
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Templates
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Start Menu
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\SendTo
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Recent
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\PrintHood
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\NetHood
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Videos
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Pictures
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Music
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\My Documents
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Local Settings
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\History
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Cookies
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Application Data
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\Application Data
[2013/05/22 09:13:54 | 000,000,000 | -H-D | C] -- C:\Users\Bearbear\AppData
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Temp
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Microsoft
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Media Center Programs
[2013/05/22 09:05:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/05/22 08:47:49 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/05/22 08:08:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/22 08:06:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/05/22 04:27:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/05/22 04:13:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/05/25 08:15:40 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/25 08:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/25 08:15:27 | 3148,689,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 08:14:58 | 000,018,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 08:14:58 | 000,018,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 08:14:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/05/24 00:57:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 21:49:30 | 000,001,182 | ---- | M] () -- C:\Users\Bearbear\Desktop\ Mabinogi .lnk
[2013/05/23 12:17:44 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/23 12:17:44 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/23 12:17:44 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/23 12:05:34 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/23 07:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
[2013/05/23 01:47:02 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/05/23 00:35:49 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/05/22 23:06:57 | 000,002,279 | ---- | M] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/22 22:57:29 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 22:57:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 22:53:43 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/22 22:44:24 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/22 21:22:09 | 000,002,495 | ---- | M] () -- C:\Users\Bearbear\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/05/22 21:13:49 | 044,953,528 | ---- | M] () -- C:\Users\Bearbear\Documents\TC00333600D.exe
[2013/05/22 20:54:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/05/22 08:09:14 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/05/22 08:09:14 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/05/23 13:35:31 | 000,001,182 | ---- | C] () -- C:\Users\Bearbear\Desktop\ Mabinogi .lnk
[2013/05/23 12:05:31 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/23 01:47:02 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/05/23 01:47:01 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/05/23 00:35:49 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/05/22 22:57:29 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 22:57:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 22:53:43 | 000,002,279 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/22 22:53:43 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/22 22:52:42 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 22:52:38 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 22:14:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/22 22:00:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/22 21:22:09 | 000,002,495 | ---- | C] () -- C:\Users\Bearbear\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/05/22 21:13:59 | 044,953,528 | ---- | C] () -- C:\Users\Bearbear\Documents\TC00333600D.exe
[2013/05/22 20:55:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013/05/22 20:54:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/05/22 16:46:53 | 000,000,852 | ---- | C] () -- C:\Windows\SysNative\drivers\RTKHDRC.dat
[2013/05/22 16:46:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2013/05/22 16:46:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2013/05/22 09:13:54 | 000,000,290 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/22 09:13:54 | 000,000,272 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/22 08:09:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/05/22 08:09:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/05/22 04:13:06 | 3148,689,408 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/23 01:48:38 | 000,000,000 | ---D | M] -- C:\Users\Bearbear\AppData\Roaming\IObit
[2013/05/22 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Bearbear\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is B88C-9ACE
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bearbear
05/22/2013 09:13 AM <JUNCTION> Application Data [C:\Users\Bearbear\AppData\Roaming]
05/22/2013 09:13 AM <JUNCTION> Cookies [C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Cookies]
05/22/2013 09:13 AM <JUNCTION> Local Settings [C:\Users\Bearbear\AppData\Local]
05/22/2013 09:13 AM <JUNCTION> My Documents [C:\Users\Bearbear\Documents]
05/22/2013 09:13 AM <JUNCTION> NetHood [C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/22/2013 09:13 AM <JUNCTION> PrintHood [C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/22/2013 09:13 AM <JUNCTION> Recent [C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Recent]
05/22/2013 09:13 AM <JUNCTION> SendTo [C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\SendTo]
05/22/2013 09:13 AM <JUNCTION> Start Menu [C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu]
05/22/2013 09:13 AM <JUNCTION> Templates [C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bearbear\AppData\Local
05/22/2013 09:13 AM <JUNCTION> Application Data [C:\Users\Bearbear\AppData\Local]
05/22/2013 09:13 AM <JUNCTION> History [C:\Users\Bearbear\AppData\Local\Microsoft\Windows\History]
05/22/2013 09:13 AM <JUNCTION> Temporary Internet Files [C:\Users\Bearbear\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Bearbear\Documents
05/22/2013 09:13 AM <JUNCTION> My Music [C:\Users\Bearbear\Music]
05/22/2013 09:13 AM <JUNCTION> My Pictures [C:\Users\Bearbear\Pictures]
05/22/2013 09:13 AM <JUNCTION> My Videos [C:\Users\Bearbear\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 614,128,041,984 bytes free

< End of report >

Extras.txt:

OTL Extras logfile created on: 5/25/2013 8:18:22 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bearbear\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 70.45% Memory free
7.82 Gb Paging File | 6.51 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 572.01 Gb Free Space | 95.96% Space Free | Partition Type: NTFS

Computer Name: BEARBEAR-PC | User Name: Bearbear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3713297176-944618025-1417552208-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F835D09-AD29-4403-B134-EAB34D9CF325}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2346D129-2C24-42B4-AEC7-C34DF13CD87F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{691A6F4C-934E-4B80-A263-614B56496344}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8011E6A4-C51C-46D5-949A-5727DACEEA00}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BB4518FB-8EEF-4D93-BFCD-419D9386F3FD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D611631D-14E3-425A-889C-A6545F849040}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DE94B6D0-8A6D-449D-9FFE-AAB574813B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E85E1A0E-64A9-4B6A-A615-F87978A96511}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel® PROSet/Wireless WiFi Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Mabinogi" = Mabinogi
"Protected Folder_is1" = Protected Folder
"Smart Defrag 2_is1" = Smart Defrag 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2013 1:11:37 PM | Computer Name = Bearbear-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 5/23/2013 1:11:37 PM | Computer Name = Bearbear-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 5/23/2013 1:11:37 PM | Computer Name = Bearbear-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 5/23/2013 1:11:39 PM | Computer Name = Bearbear-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/23/2013 1:14:35 PM | Computer Name = Bearbear-PC | Source = ESENT | ID = 481
Description = wuaueng.dll (936) SUS20ClientDataStore: An attempt to read from the
file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 163840
(0x0000000000028000) for 32768 (0x00008000) bytes failed after 58 seconds with
system error 1117 (0x0000045d): "The request could not be performed because of an
I/O device error. ". The read operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 5/23/2013 3:48:44 PM | Computer Name = Bearbear-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/23/2013 10:43:41 PM | Computer Name = Bearbear-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/23/2013 11:01:37 PM | Computer Name = Bearbear-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2013 9:11:11 AM | Computer Name = Bearbear-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/25/2013 9:15:47 AM | Computer Name = Bearbear-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/23/2013 11:01:10 PM | Computer Name = Bearbear-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:59:29 PM on ?5/?23/?2013 was unexpected.

Error - 5/23/2013 11:29:32 PM | Computer Name = Bearbear-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 5/23/2013 11:29:32 PM | Computer Name = Bearbear-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 5/23/2013 11:30:50 PM | Computer Name = Bearbear-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 5/23/2013 11:34:28 PM | Computer Name = Bearbear-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 5/23/2013 11:34:28 PM | Computer Name = Bearbear-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 5/23/2013 11:34:28 PM | Computer Name = Bearbear-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 5/23/2013 11:34:28 PM | Computer Name = Bearbear-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 5/23/2013 11:34:28 PM | Computer Name = Bearbear-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 5/25/2013 9:14:25 AM | Computer Name = Bearbear-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 6 service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for those. I have just posted to my adviser and will get back to you shortly Posted Image
  • 0

#5
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hmmm....
I had to reboot just now, and I noticed that account my password is gone. It takes me straight into my desktop without me having to input my password.
Now I have two grayed out "Desktop.ini" .txts on my desktop when they weren't there a few minutes ago. I won't execute them because of that.
Edit:
Oh good. :) Thanks for all your help. I think I posted when you did. Lol

Edited by Neinei, 25 May 2013 - 08:42 AM.

  • 0

#6
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
O.K do not touch those Desktop files they are meant to be hidden. I will sort this out for you after my next post.
  • 0

#7
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Neinei, thanks for the logs and info :)

Advanced SystemCare Pro, I used to have iolo System Mechanic which worked nicely, but what do you suggest?

I don't like IObit software it's too intrusive and there are much better programs out there. I would suggest something light on resources and simple to use for now, too see how things run. We will do that in this post. But First a warning :)

P2P WARNING
The following programs are installed on your machine:
  • Pando Media Booster - This is a horrible program that runs constantly. It comes bundled with some Games. The games will still work after you uninstall, so get rid!
Cease all P2P programs and downloads until declared clean. Although the programs themselves are legal, many of the torrent files infringe copyright laws, contain spyware and viruses which can have a detromental effect on your system. We strongly advise that you uninstall all P2P programs.

1. Uninstall
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Pando Media Booster
  • Advanced SystemCare 6
  • IObit Malware Fighter
  • Smart Defrag 2

2. Install MSE
I want you to install MSE as it is light on resource and works well alongside Windows Firewall and Defender. I will give you another Antivirus option later

3. Error Checking
  • Click Start and in the search box type CMD - You should see CMD under programs, right click and Run as Administrator.
  • CMD window will open, at the prompt copy and paste the following: CHKDSK C: /F /R and press Enter
  • Choose Yes (y) at the next prompt to schedule disk check and press enter.
  • Exit CMD by typing exit
  • Restart computer. This will check your hard drive for errors. I dont need to see a log just inform me if errors were found and fixed.

  • 0

#8
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Done.
70729 items were scanned in MSE, no threats were detected. I had a feeling Pando was useless. Never again...
I am going to a movie, and am going out to eat. I won't respond for a while. CHKDSK is running and 10% done.
I'll be back later, thanks again for your help.
  • 0

#9
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Looking good at the moment then.

Enjoy the movie speak soon Posted Image
  • 0

#10
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The CHKDSK has been on 10 percent complete (3937 out of 152034 files processed) since I left. Is this normal? If so, what is the estimated time it would take for this to finish?
  • 0

Advertisements


#11
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
I would leave it for a while it can stay on 10% for a long time. Give it a couple of hours it can take longer depending on the amount and size of files.
  • 0

#12
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Are you still having problems with Check Disk?
  • 0

#13
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Well, it's just processing slowly. ^^"
Just an hour ago, the percent hit 11. Now it's 12%. (3063136 out of 149816041 free clusters processed)
I'm not quite sure if this will take another 2 days or not.
What is the CHKDSK doing by the way? Is this another way my computer could be cured from what is slowing it?
(It just hit 13) I assume it will flow now since it's past 10%?

---

36% complete :).

Edited by Neinei, 26 May 2013 - 07:17 PM.

  • 0

#14
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
To put it simply ChkDsk will inspect your hard drive for any errors, it will also try and repair the errors. I would like to see the log once complete (I will tell you how to do this later), as it will also tell me if your hard drive is failing, giving you a chance to retrieve your data. I thought your Hard Drive had been through a lot lately and needed to be checked.

The fact that it has taken so long could be down to any number of reasons a failing drive or a badly fragmented drive and many other things. So don't worry its better to let the process finish rather than power off, well done for not powering off Posted Image We have some work to do in the next post to tackle these issues. :)
  • 0

#15
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Yes, I am indeed a patient person. :) Anyway, Thanks for telling me! I Suppose the CHKDSK is done now, and I am back in my desktop, currently. Ready for the next instructions.

Edit: I'm not sure what time zone you're in, but seeing as that you're offline for now, goodnight, sweet dreams.
I hope you get some good rest. ^^

(UTC 6:00)

Edited by Neinei, 27 May 2013 - 12:35 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP