I'm a new member here, but have looked around this site from time to time, and I can say I'm really impressed. I have a severe problem with my laptop that started just 3 and a half weeks ago. I'm currently on my mothers computer because my computer has been slowed dramatically after something got into my computer.
The story: Not too long ago, I was helping a friend with her computer. Nothing was wrong at all with my laptop, it would have minimal lag, and the overall health was satisfactory. I logged into her computer using LogMeIn Rescue so I could remotely help out. Big mistake, because her computer symptoms became mine. Her computer was slow, it would stop responding or freeze on her, and had many errors. It came to a point she took her computer to my house, and I really did help her. Me, being computer literate, knew I'd be able to help her out.
I shouldn't have done it remotely, though!! We both noticed how my cursor wasn't responding correctly on her screen (I would be moving it but she wouldn't see, it was frozen to her). That's when my computer started to slow down gradually. By the end of the night, programs weren't responding, it would take 30 minutes or more for the computer to reboot, 15 to get into the desktop, and my cursor would be moving fine, but when it clicks a program, it'd take maybe 6 minutes or more to actually execute. I performed a factory reset which did indeed wipe the computer. BUT, just when Toshiba services were installing themselves for the first time use of the computer, I got a blue screen and an error message which reboot and continued installing Toshiba services. Then I get the error again... now it wouldn't get past "Starting Windows"! So I got it taken to OfficeMax to be repaired for $50 and got it back in the state it was in right before something got into my computer.
Still didn't help.
The problem: I got the all too familiar "Lag" a little after I activated windows when I took it home with the SAME product key my windows was activated with, the SAME Wifi, and most of the SAME programs I had before, that I used the SAME USB flash drive to transfer over those same programs to the newly installed Windows. This has slowed my computer down at least by 60%, and I'm truly at a loss with what I can do now. If I power off during it's unresponsiveness, it will take 40 minutes to boot back into windows. This has never happened. I bought this computer at a closing OfficeMax for $412. The original price was $800 something.
The specs: I have a satellite p755-s5184 Toshiba, Intel Core i5 processor with 4 gigs of ram (2.50GHz) Windows 7 Home Premium- (Genuine) Service Pk1- 64bit PC.
What I did to aid this: I have run SpyBot, Avg scans that aren't able to complete anymore because of the performance issue, I installed Kapersky, but uninstalled it since its AV registry key conflicted with AVG, I looked around on the internet for a solution, and have asked on Yahoo Answers about it. When my computer was first like this, I read around and saw that some viruses hide in system restore, so I disabled it and boot into safe mode to run the scans. I format my computer 3 times. OfficeMax had to wipe the Hard Drive, making it 4 times. I used CMD to do the Clean All command just last night and reinstalled windows. I now have a program on my computer named Advanced SystemCare Pro. The lag is still unbearable, hence me having to use my mothers computer right now to do this. Note: When reading Geeks2Go instructions on what to do before posting, I switched to my laptop to download OTL. SpyBot had all of your links locked, saying "Host name can't be resolved". I had to use my mothers external hard drive to transfer OTL to my desktop, and I did the scan. Now I need to transfer the .txt over to this computer.
My Suspicions: I don't know whether this is a virus, or something else. It is unbearably hard to deal with, for I've tried so much to get this out of my computer. I have had a few thoughts of this being something attached to my Product key, or a Wifi-wide code... except no one else has this.... I used the same programs that I had on my computer before (Ccleaner, AVG, iolo sysMechanic (free), steam, ect. Maybe this thing in my computer is tracking what I do just in case I happen to format my computer completely, and still finds me? Is it my IP address? Hasn't that changed with the Hard Drive? Has this thing in my computer nestled itself into a deep root of my computer that can't be touched? I've read some of the successes on Geeks2Go, and I'm sold. I truly hope this isn't a giant wall of text, I want to be as thorough as possible for a thorough solution to end this haunting I have in my computer.... Thank you so much to the person who can shed some light on this all.
The OTL Log: (God forbid I'm transferring something to my mothers computer by using her Hard Drive like this....)
OTL logfile created on: 5/23/2013 7:53:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bearbear\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.91 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.96% Memory free
7.82 Gb Paging File | 6.02 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 575.19 Gb Free Space | 96.50% Space Free | Partition Type: NTFS
Computer Name: BEARBEAR-PC | User Name: Bearbear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/05/23 07:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
PRC - [2013/05/23 02:16:04 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/05/17 16:35:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:58:42 | 003,881,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/04/22 18:45:32 | 004,080,960 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
PRC - [2013/04/18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013/04/08 19:02:16 | 000,720,192 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/23 02:16:04 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/05/17 16:35:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppgooglenaclpluginchrome.dll
MOD - [2013/05/17 16:35:41 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
MOD - [2013/05/17 16:35:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
MOD - [2013/05/17 16:34:47 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libglesv2.dll
MOD - [2013/05/17 16:34:47 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\libegl.dll
MOD - [2013/05/17 16:34:45 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ffmpegsumo.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/04/15 18:49:00 | 001,232,704 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Scan.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2013/01/15 18:47:50 | 000,517,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010/10/19 14:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 14:31:40 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/10/19 14:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/26 08:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/05 03:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 08:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2013/04/03 16:22:42 | 000,039,504 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 53 C0 C3 68 57 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.93\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Wolf and the Ice Planet = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck\1_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
O1 HOSTS File: ([2013/05/22 23:52:33 | 000,447,822 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15376 more lines...
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D22093CA-E336-4018-A821-01CC23D08FDF}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/23 07:52:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
[2013/05/23 02:16:19 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\PMB Files
[2013/05/23 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/05/23 02:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/05/23 02:15:53 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\.swt
[2013/05/23 02:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[2013/05/23 01:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2013/05/23 01:54:10 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/05/23 01:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/05/23 01:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/05/23 01:37:43 | 000,026,432 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/05/23 00:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/05/23 00:35:53 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Apple Computer
[2013/05/23 00:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/05/23 00:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/05/23 00:35:15 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\IObit
[2013/05/23 00:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/05/23 00:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/05/22 23:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/22 23:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/22 23:38:56 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/05/22 23:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/05/22 23:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/05/22 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Programs
[2013/05/22 23:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Adobe
[2013/05/22 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/05/22 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/05/22 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/22 22:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/22 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Google
[2013/05/22 22:52:17 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Deployment
[2013/05/22 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/05/22 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Apps
[2013/05/22 21:18:14 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Intel
[2013/05/22 21:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013/05/22 21:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/05/22 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/05/22 20:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/05/22 20:55:11 | 000,000,000 | ---D | C] -- C:\Intel
[2013/05/22 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/05/22 20:37:36 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Diagnostics
[2013/05/22 20:34:40 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Toshiba
[2013/05/22 20:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2013/05/22 20:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2013/05/22 20:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
[2013/05/22 20:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013/05/22 20:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/22 18:05:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/05/22 16:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013/05/22 16:47:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/05/22 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/05/22 16:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/05/22 16:46:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/05/22 16:46:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/05/22 16:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/05/22 16:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\WinBatch
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Searches
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/22 09:14:18 | 000,000,000 | -H-D | C] -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/22 09:14:08 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Identities
[2013/05/22 09:14:05 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Contacts
[2013/05/22 09:14:04 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\VirtualStore
[2013/05/22 09:13:54 | 000,000,000 | --SD | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Videos
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Saved Games
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Pictures
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Music
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Links
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Favorites
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Downloads
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Documents
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Desktop
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\Temporary Internet Files
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Templates
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Start Menu
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\SendTo
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Recent
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\PrintHood
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\NetHood
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Videos
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Pictures
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Music
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\My Documents
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Local Settings
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\History
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Cookies
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Application Data
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\Application Data
[2013/05/22 09:13:54 | 000,000,000 | -H-D | C] -- C:\Users\Bearbear\AppData
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Temp
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Microsoft
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Media Center Programs
[2013/05/22 09:05:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/05/22 08:47:49 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/05/22 08:08:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/22 08:06:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/05/22 04:27:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/05/22 04:13:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2013/05/23 07:53:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/23 07:53:51 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/23 07:53:51 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/23 07:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
[2013/05/23 07:11:52 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 04:21:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 03:17:09 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 03:17:05 | 000,018,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 03:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 03:08:47 | 3148,689,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 01:47:02 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/05/23 00:35:49 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/05/22 23:52:33 | 000,447,822 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/22 23:39:39 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/22 23:06:57 | 000,002,279 | ---- | M] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/22 22:57:29 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 22:57:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 22:53:43 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/22 22:44:24 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/22 21:22:09 | 000,002,495 | ---- | M] () -- C:\Users\Bearbear\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/05/22 21:13:49 | 044,953,528 | ---- | M] () -- C:\Users\Bearbear\Documents\TC00333600D.exe
[2013/05/22 20:54:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/05/22 08:09:14 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/05/22 08:09:14 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
========== Files Created - No Company Name ==========
[2013/05/23 01:47:02 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/05/23 01:47:01 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/05/23 00:35:49 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/05/22 23:39:39 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/22 23:39:39 | 000,001,379 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/22 22:57:29 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 22:57:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 22:53:43 | 000,002,279 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/22 22:53:43 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/22 22:52:42 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 22:52:38 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 22:14:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/22 22:00:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/22 21:22:09 | 000,002,495 | ---- | C] () -- C:\Users\Bearbear\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/05/22 21:13:59 | 044,953,528 | ---- | C] () -- C:\Users\Bearbear\Documents\TC00333600D.exe
[2013/05/22 20:55:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013/05/22 20:54:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/05/22 16:46:53 | 000,000,852 | ---- | C] () -- C:\Windows\SysNative\drivers\RTKHDRC.dat
[2013/05/22 16:46:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2013/05/22 16:46:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2013/05/22 09:13:54 | 000,000,290 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/22 09:13:54 | 000,000,272 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/22 08:09:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/05/22 08:09:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/05/22 04:13:06 | 3148,689,408 | -HS- | C] () -- C:\hiberfil.sys
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/05/23 01:48:38 | 000,000,000 | ---D | M] -- C:\Users\Bearbear\AppData\Roaming\IObit
[2013/05/22 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Bearbear\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >