[mrpooh3]

Hi,I was scanning my PC with hitman pro and it came up with a suspicious file called OneWay.dll located in C:\windows\SysWOW64 folder.
I quarantined it but was wondering if this is malware or just a false positive as I had my pc cleaned of malware not long ago?

[Advertisements]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello


Let's get a look at your system and see what's going on. One thing that we definitely need to remove is Hitman Pro. That particular program does more harm than good and has been known to leave computers unbootable at times.

Please follow the instructions below:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: OTL Scan


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

• Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  rpcss.dll
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: Scan with aswMBR

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post:

OTL Log

Extras.txt Log

aswMBR Log

[pystryker]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello


Let's get a look at your system and see what's going on. One thing that we definitely need to remove is Hitman Pro. That particular program does more harm than good and has been known to leave computers unbootable at times.

Please follow the instructions below:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: OTL Scan


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

• Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  rpcss.dll
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: Scan with aswMBR

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post:

OTL Log

Extras.txt Log

aswMBR Log

[mrpooh3]

Hi Pystryker....thanks for the quick reply.
here are my logs:

OTL logfile created on: 22/02/2014 02:24:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allybongo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 70.93% Memory free
7.80 Gb Paging File | 6.56 Gb Available in Paging File | 84.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 188.88 Gb Free Space | 81.14% Space Free | Partition Type: NTFS

Computer Name: ALLYBONGO-PC | User Name: Allybongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/02/22 02:21:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
PRC - [2014/01/14 14:50:06 | 000,881,952 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2011/09/20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 10:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/02 07:02:28 | 000,244,328 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2013/10/10 22:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/18 08:50:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/21 10:51:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 01:31:23 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/02 06:42:46 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/01/24 04:30:14 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2014/01/14 14:50:06 | 000,881,952 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/19 18:44:11 | 009,082,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2014/02/18 09:23:29 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/02/18 09:23:29 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/02/18 09:23:29 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/02/02 07:04:44 | 000,462,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2014/02/02 07:04:34 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/02/02 07:02:28 | 000,084,712 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/01/24 04:30:12 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014/01/24 04:30:12 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/01/24 04:30:12 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/01/24 04:30:12 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/12/24 10:40:32 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/10/15 11:38:24 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/10/02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/11 17:46:56 | 000,772,864 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6TPortGX64.sys -- (L6TPortGX)
DRV:64bit: - [2013/05/14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/04/29 08:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/27 11:58:36 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/01/31 16:05:26 | 000,023,040 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipmidi.sys -- (ipMIDI)
DRV:64bit: - [2012/12/13 15:41:10 | 000,028,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/21 11:54:04 | 000,068,208 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2012/05/10 16:35:26 | 000,221,184 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2012/05/10 16:35:26 | 000,104,448 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/22 12:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/18 08:50:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/01/03 13:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?o...U219DHP&pc=U219
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C AD 7E 7B 15 C0 CE 01 [binary data]
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.6.0.1
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:14.0.0.4880
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/15 09:30:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/15 09:30:56 | 000,000,000 | ---D | M]

[2014/02/13 21:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Extensions
[2014/02/18 07:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions
[2014/02/16 19:47:06 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions\[email protected]
[2014/02/14 01:59:17 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/14 01:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 01:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/17 17:20:33 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2014/02/18 09:23:32 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\[email protected]

O1 HOSTS File: ([2014/02/17 15:28:13 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..Trusted Domains: hola.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F105BFF-611A-45EE-B4A5-EC05C0AEF371}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 02:21:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
[2014/02/21 19:22:50 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/21 17:09:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/21 09:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2014/02/19 18:41:35 | 000,000,000 | ---D | C] -- C:\DrvInstall
[2014/02/18 08:15:31 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Boilsoft
[2014/02/18 08:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boilsoft
[2014/02/18 08:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boilsoft
[2014/02/18 07:43:09 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\dwhelper
[2014/02/18 00:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2014/02/18 00:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2014/02/17 17:20:37 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Free Download Manager
[2014/02/17 17:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2014/02/17 17:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2014/02/17 15:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/17 14:57:38 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\WinZip
[2014/02/17 14:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/02/17 14:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/02/17 14:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/02/16 21:28:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/16 21:26:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/16 21:20:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/16 21:20:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/16 21:20:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/16 21:20:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/16 18:25:30 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/16 16:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2014/02/16 16:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2014/02/16 16:26:43 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/02/16 04:48:36 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\PDAppFlex
[2014/02/16 04:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/02/16 03:57:44 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\abelhadigital.com
[2014/02/16 03:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2014/02/15 22:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/02/15 22:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/02/15 22:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/15 21:40:39 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Secunia PSI
[2014/02/15 11:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2014/02/15 11:48:44 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\klfphc.dll
[2014/02/15 11:47:58 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2014/02/15 11:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/02/15 11:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014/02/15 11:47:42 | 000,624,224 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/02/15 11:47:42 | 000,115,296 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2014/02/15 09:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2014/02/15 09:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014/02/15 09:22:50 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2014/02/15 06:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/02/15 06:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/02/14 12:38:32 | 000,000,000 | R--D | C] -- C:\Users\Allybongo\Documents\Antispy
[2014/02/14 12:38:20 | 000,000,000 | R--D | C] -- C:\Users\Allybongo\Documents\Tools
[2014/02/14 11:15:45 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Opera Software
[2014/02/14 11:15:44 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Opera Software
[2014/02/14 11:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/02/14 09:33:01 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Zoner
[2014/02/14 09:33:01 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Zoner
[2014/02/14 09:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner
[2014/02/14 08:49:29 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\MetroSidebar
[2014/02/14 08:41:42 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Stardock
[2014/02/14 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Stardock
[2014/02/14 08:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014/02/14 08:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/02/14 03:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Languages
[2014/02/14 03:50:10 | 001,593,776 | ---- | C] (Emsisoft GmbH) -- C:\Program Files (x86)\start.exe
[2014/02/14 03:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Run
[2014/02/14 03:35:56 | 000,000,000 | R--D | C] -- C:\Users\Allybongo\Documents\Anti-Malware
[2014/02/14 01:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/14 01:08:16 | 000,000,000 | RH-D | C] -- C:\Users\Allybongo\Documents\Hand History
[2014/02/13 23:09:33 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\17059
[2014/02/13 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/02/13 21:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/02/13 21:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/02/13 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\DoNotTrackPlus
[2014/02/13 21:35:46 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Mozilla
[2014/02/13 21:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/02/13 21:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/02/13 17:13:45 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Frameworkx.com
[2014/02/13 17:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frameworkx
[2014/02/13 17:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Frameworkx
[2014/02/13 15:13:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/02/13 13:21:46 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Citrix
[2014/02/13 12:08:36 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/02/13 12:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/02/13 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\redist
[2014/02/13 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\licenses
[2014/02/12 18:30:38 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\desksware
[2014/02/12 16:21:18 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\J River
[2014/02/11 13:21:37 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
[2014/02/11 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Amazon Cloud Player
[2014/02/11 02:53:41 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\LibrariIcon
[2014/02/11 01:26:40 | 000,361,256 | ---- | C] (Namtuk.com) -- C:\Windows\SysWow64\MyCommandButton.ocx
[2014/02/11 01:26:40 | 000,349,968 | ---- | C] (Infragistics, Inc.) -- C:\Windows\SysWow64\IGThreed40.ocx
[2014/02/11 01:26:40 | 000,246,304 | ---- | C] (Namtuk.com) -- C:\Windows\SysWow64\MyFramePanel.ocx
[2014/02/11 01:26:40 | 000,061,440 | ---- | C] (Alon Gal) -- C:\Windows\SysWow64\TreeFolder.ocx
[2014/02/11 01:26:39 | 001,213,568 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\ImgX61.dll
[2014/02/11 01:26:39 | 001,131,600 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\AtalaImaging.dll
[2014/02/11 01:26:39 | 000,597,834 | ---- | C] (Cyotek) -- C:\Windows\SysWow64\AS-IFce1.ocx
[2014/02/11 01:26:39 | 000,418,944 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\ImgX61.ocx
[2014/02/11 01:26:39 | 000,233,472 | ---- | C] (VBSmart) -- C:\Windows\SysWow64\SmartMenuXP.ocx
[2014/02/11 01:26:39 | 000,182,032 | ---- | C] (Infragistics, Inc.) -- C:\Windows\SysWow64\IGSplitter40.ocx
[2014/02/11 01:26:39 | 000,173,136 | ---- | C] (Atalasoft) -- C:\Windows\SysWow64\ImgXDialog61.dll
[2014/02/11 01:26:39 | 000,137,920 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\ImgXTwain61.dll
[2014/02/11 01:26:39 | 000,132,232 | ---- | C] (Atalasoft) -- C:\Windows\SysWow64\ImgXPrint61.dll
[2014/02/11 01:26:39 | 000,066,640 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\ImgXCapture61.dll
[2014/02/11 01:26:39 | 000,028,672 | ---- | C] (VBSmart) -- C:\Windows\SysWow64\SmartMenuXP.dll
[2014/02/11 01:26:39 | 000,024,576 | ---- | C] (VBSmart) -- C:\Windows\SysWow64\SmartSubClass.dll
[2014/02/10 14:21:00 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\IrfanView
[2014/02/10 03:00:03 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\FastStone
[2014/02/10 01:28:32 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Mp3tag
[2014/02/10 01:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2014/02/10 01:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2014/02/10 00:01:08 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Apple Computer
[2014/02/10 00:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/02/10 00:00:13 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Apple
[2014/02/10 00:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/02/10 00:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/02/09 23:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/02/09 23:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/02/09 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\MPC-HC
[2014/02/09 23:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2014/02/09 23:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2014/02/09 23:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Madvr
[2014/02/09 22:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2014/02/09 22:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2014/02/09 22:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2014/02/09 22:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2014/02/09 01:24:34 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Corel
[2014/02/08 23:43:18 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\FrameShots
[2014/02/08 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Greenshot
[2014/02/08 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Greenshot
[2014/02/08 19:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
[2014/02/08 19:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot
[2014/02/08 06:06:19 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2014/02/08 01:23:55 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\IsolatedStorage
[2014/02/08 01:23:52 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Mike_Ward
[2014/02/07 23:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2014/02/07 23:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2014/02/07 23:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2014/02/07 23:16:41 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Xilisoft
[2014/02/07 16:30:43 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\AnvSoft
[2014/02/07 15:45:30 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Foxit Software
[2014/02/07 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Mediatronic
[2014/02/07 14:46:09 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Adobe
[2014/02/07 12:38:28 | 000,000,000 | ---D | C] -- C:\ERDNT
[2014/02/07 12:38:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/07 05:56:17 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\FreeFixer
[2014/02/07 05:56:17 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\FreeFixer
[2014/02/07 05:48:42 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\DivX
[2014/02/07 04:27:06 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2014/02/07 01:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
[2014/02/07 01:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DFX
[2014/02/07 01:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DFX
[2014/02/06 14:38:15 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\XnView
[2014/02/06 14:09:57 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\.thumbnails
[2014/02/06 14:09:16 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\gtk-2.0
[2014/02/06 14:04:24 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\fontconfig
[2014/02/06 14:04:23 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\gegl-0.2
[2014/02/05 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Apple Computer
[2014/02/04 22:21:53 | 000,088,984 | ---- | C] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys
[2014/02/04 19:57:15 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2014/02/03 21:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
[2014/02/03 19:59:21 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\.idlerc
[2014/02/03 19:32:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/03 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Google
[2014/02/03 08:08:49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/03 02:24:10 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\OpenOffice
[2014/02/02 23:09:28 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Macromedia
[2014/02/02 23:09:28 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Macromedia
[2014/02/02 23:01:21 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\VirtualStore
[2014/02/02 21:01:10 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2014/02/02 21:00:50 | 000,121,856 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2014/02/02 21:00:45 | 000,021,184 | ---- | C] (IObit) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2014/02/02 21:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
[2014/02/02 07:07:52 | 000,000,000 | ---D | C] -- C:\Windows\devcon
[2014/02/02 07:02:28 | 000,244,328 | ---- | C] (O2Micro International) -- C:\Windows\SysNative\o2flash.exe
[2014/02/02 07:02:28 | 000,084,712 | ---- | C] (O2Micro ) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys
[2014/02/02 06:44:31 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Paint.NET
[2014/02/02 06:42:54 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\ProductData
[2014/02/02 06:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/02/02 06:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/02 06:24:13 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\GlarySoft
[2014/02/02 05:41:42 | 000,022,128 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys
[2014/02/02 05:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2014/02/02 05:41:31 | 000,068,208 | ---- | C] (STMicroelectronics) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys
[2014/02/02 05:41:31 | 000,065,136 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\stdcfltnco02.dll
[2014/02/02 05:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ST Microelectronics
[2014/02/02 04:38:52 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\QuickScan
[2014/02/01 20:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2014/02/01 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\ElevatedDiagnostics
[2014/02/01 02:35:43 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\DFX
[2014/01/31 18:00:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/01/24 04:30:12 | 000,458,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014/01/24 04:30:12 | 000,178,272 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2014/01/24 04:30:12 | 000,029,792 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2014/01/24 04:30:12 | 000,029,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2014/01/24 04:30:12 | 000,029,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013/10/14 02:44:12 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2013/10/03 11:44:43 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Allybongo\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/02/22 02:21:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
[2014/02/22 01:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/21 19:22:50 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/21 19:21:50 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/21 17:31:36 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 17:31:36 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 17:24:30 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/02/21 17:24:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/21 17:23:11 | 000,000,147 | ---- | M] () -- C:\Windows\wininit.ini
[2014/02/21 16:44:40 | 000,000,346 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/02/21 13:17:07 | 000,219,566 | ---- | M] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2014/02/21 09:59:57 | 000,001,887 | ---- | M] () -- C:\Users\Allybongo\Desktop\ImgBurn.lnk
[2014/02/21 09:57:47 | 000,000,839 | ---- | M] () -- C:\Users\Allybongo\Desktop\µTorrent.lnk
[2014/02/21 09:54:37 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2014/02/20 14:19:10 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/02/20 07:17:07 | 000,781,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/20 07:17:07 | 000,666,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/20 07:17:07 | 000,126,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/19 18:44:32 | 000,892,356 | ---- | M] () -- C:\Windows\SysNative\oem37.inf
[2014/02/18 09:23:29 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/02/18 09:23:29 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/02/18 09:23:29 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2014/02/18 08:15:31 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Video Joiner.lnk
[2014/02/18 08:03:49 | 000,000,839 | ---- | M] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/02/18 00:32:03 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2014/02/17 18:06:06 | 000,001,133 | ---- | M] () -- C:\Users\Allybongo\Desktop\Opera.lnk
[2014/02/17 17:20:34 | 000,001,071 | ---- | M] () -- C:\Users\Allybongo\Desktop\FDM.lnk
[2014/02/17 15:28:13 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/02/17 05:28:54 | 000,000,842 | ---- | M] () -- C:\Users\Allybongo\Desktop\Greenshot.lnk
[2014/02/17 05:26:09 | 000,053,812 | ---- | M] () -- C:\Windows\uninst-vj.exe
[2014/02/17 03:52:01 | 004,927,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/17 03:33:30 | 000,001,394 | ---- | M] () -- C:\Users\Allybongo\Desktop\iTunes.lnk
[2014/02/17 03:32:21 | 000,001,278 | ---- | M] () -- C:\Users\Allybongo\Desktop\Xilisoft.lnk
[2014/02/17 03:32:12 | 000,002,124 | ---- | M] () -- C:\Users\Allybongo\Desktop\ConvertX.lnk
[2014/02/17 03:31:44 | 000,001,103 | ---- | M] () -- C:\Users\Allybongo\Desktop\MPC-HC.lnk
[2014/02/17 03:31:32 | 000,001,001 | ---- | M] () -- C:\Users\Allybongo\Desktop\Mp3tag.lnk
[2014/02/17 03:30:43 | 000,001,728 | ---- | M] () -- C:\Users\Allybongo\Desktop\DFX.lnk
[2014/02/17 03:30:35 | 000,001,236 | ---- | M] () -- C:\Users\Allybongo\Desktop\Cloud.lnk
[2014/02/17 03:30:25 | 000,002,275 | ---- | M] () -- C:\Users\Allybongo\Desktop\Kindle.lnk
[2014/02/17 03:30:10 | 000,001,071 | ---- | M] () -- C:\Users\Allybongo\Desktop\PokerStars.lnk
[2014/02/17 03:29:47 | 000,001,759 | ---- | M] () -- C:\Users\Allybongo\Desktop\Tools.lnk
[2014/02/17 03:29:20 | 000,001,135 | ---- | M] () -- C:\Users\Allybongo\Desktop\Videos.lnk
[2014/02/17 03:29:05 | 000,001,789 | ---- | M] () -- C:\Users\Allybongo\Desktop\Antispy.lnk
[2014/02/17 03:28:14 | 000,001,100 | ---- | M] () -- C:\Users\Allybongo\Desktop\My Music.lnk
[2014/02/17 03:28:08 | 000,001,100 | ---- | M] () -- C:\Users\Allybongo\Desktop\Pictures.lnk
[2014/02/17 03:27:59 | 000,001,103 | ---- | M] () -- C:\Users\Allybongo\Desktop\Documents.lnk
[2014/02/17 03:26:21 | 000,001,856 | ---- | M] () -- C:\Users\Allybongo\Desktop\Downloads.lnk
[2014/02/17 03:24:46 | 000,001,163 | ---- | M] () -- C:\Users\Allybongo\Desktop\Firefox.lnk
[2014/02/16 18:26:04 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ALLYBONGO-PC-Microsoft-Windows-7-Professional-(64-bit).dat
[2014/02/16 00:36:04 | 000,009,018 | ---- | M] () -- C:\Users\Allybongo\AppData\Local\recently-used.xbel
[2014/02/15 09:22:42 | 000,026,329 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2014/02/14 00:15:10 | 000,000,060 | ---- | M] () -- C:\Program Files (x86)\CommandlineScanner.bat
[2014/02/14 00:15:02 | 001,593,776 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\start.exe
[2014/02/14 00:14:52 | 000,000,056 | ---- | M] () -- C:\Program Files (x86)\EmergencyKitScanner.bat
[2014/02/12 22:30:19 | 000,766,280 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/10 13:06:31 | 000,000,628 | RHS- | M] () -- C:\Users\Allybongo\ntuser.pol
[2014/02/07 23:17:44 | 000,002,206 | ---- | M] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate.lnk
[2014/02/04 22:21:53 | 000,088,984 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys
[2014/02/03 01:27:31 | 000,000,047 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\WB.CFG
[2014/02/02 10:02:02 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Allybongo\AppData\Roaming\pcouffin.sys
[2014/02/02 10:02:02 | 000,007,859 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.cat
[2014/02/02 10:02:02 | 000,001,167 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.inf
[2014/02/02 10:02:00 | 000,001,224 | ---- | M] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/02 07:04:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/02/02 07:02:28 | 000,244,328 | ---- | M] (O2Micro International) -- C:\Windows\SysNative\o2flash.exe
[2014/02/02 07:02:28 | 000,084,712 | ---- | M] (O2Micro ) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys
[2014/02/02 05:41:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ST_ACCEL_01009.Wdf
[2014/01/29 23:02:42 | 000,017,058 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/24 04:30:12 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014/01/24 04:30:12 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2014/01/24 04:30:12 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2014/01/24 04:30:12 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klmouflt.sys

========== Files Created - No Company Name ==========

[2014/02/21 17:23:11 | 000,000,147 | ---- | C] () -- C:\Windows\wininit.ini
[2014/02/21 13:16:59 | 000,219,566 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2014/02/21 09:59:57 | 000,001,887 | ---- | C] () -- C:\Users\Allybongo\Desktop\ImgBurn.lnk
[2014/02/21 09:57:47 | 000,000,839 | ---- | C] () -- C:\Users\Allybongo\Desktop\µTorrent.lnk
[2014/02/21 09:54:37 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2014/02/21 09:54:37 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2014/02/20 14:19:10 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/02/19 18:44:42 | 000,892,356 | ---- | C] () -- C:\Windows\SysNative\oem37.inf
[2014/02/18 08:15:31 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Video Joiner.lnk
[2014/02/18 08:03:49 | 000,000,839 | ---- | C] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/02/18 00:32:03 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2014/02/17 18:06:06 | 000,001,133 | ---- | C] () -- C:\Users\Allybongo\Desktop\Opera.lnk
[2014/02/17 17:20:34 | 000,001,071 | ---- | C] () -- C:\Users\Allybongo\Desktop\FDM.lnk
[2014/02/17 05:28:54 | 000,000,842 | ---- | C] () -- C:\Users\Allybongo\Desktop\Greenshot.lnk
[2014/02/17 05:26:09 | 000,053,812 | ---- | C] () -- C:\Windows\uninst-vj.exe
[2014/02/17 03:33:30 | 000,001,394 | ---- | C] () -- C:\Users\Allybongo\Desktop\iTunes.lnk
[2014/02/17 03:32:21 | 000,001,278 | ---- | C] () -- C:\Users\Allybongo\Desktop\Xilisoft.lnk
[2014/02/17 03:32:12 | 000,002,124 | ---- | C] () -- C:\Users\Allybongo\Desktop\ConvertX.lnk
[2014/02/17 03:31:44 | 000,001,103 | ---- | C] () -- C:\Users\Allybongo\Desktop\MPC-HC.lnk
[2014/02/17 03:31:32 | 000,001,001 | ---- | C] () -- C:\Users\Allybongo\Desktop\Mp3tag.lnk
[2014/02/17 03:30:43 | 000,001,728 | ---- | C] () -- C:\Users\Allybongo\Desktop\DFX.lnk
[2014/02/17 03:30:35 | 000,001,236 | ---- | C] () -- C:\Users\Allybongo\Desktop\Cloud.lnk
[2014/02/17 03:30:25 | 000,002,275 | ---- | C] () -- C:\Users\Allybongo\Desktop\Kindle.lnk
[2014/02/17 03:30:10 | 000,001,071 | ---- | C] () -- C:\Users\Allybongo\Desktop\PokerStars.lnk
[2014/02/17 03:29:47 | 000,001,759 | ---- | C] () -- C:\Users\Allybongo\Desktop\Tools.lnk
[2014/02/17 03:29:20 | 000,001,135 | ---- | C] () -- C:\Users\Allybongo\Desktop\Videos.lnk
[2014/02/17 03:29:05 | 000,001,789 | ---- | C] () -- C:\Users\Allybongo\Desktop\Antispy.lnk
[2014/02/17 03:28:14 | 000,001,100 | ---- | C] () -- C:\Users\Allybongo\Desktop\My Music.lnk
[2014/02/17 03:28:08 | 000,001,100 | ---- | C] () -- C:\Users\Allybongo\Desktop\Pictures.lnk
[2014/02/17 03:27:59 | 000,001,103 | ---- | C] () -- C:\Users\Allybongo\Desktop\Documents.lnk
[2014/02/17 03:26:21 | 000,001,856 | ---- | C] () -- C:\Users\Allybongo\Desktop\Downloads.lnk
[2014/02/17 03:24:46 | 000,001,163 | ---- | C] () -- C:\Users\Allybongo\Desktop\Firefox.lnk
[2014/02/17 03:17:07 | 000,000,346 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/02/16 21:20:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/16 21:20:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/16 21:20:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/16 21:20:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/16 21:20:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/16 18:26:04 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ALLYBONGO-PC-Microsoft-Windows-7-Professional-(64-bit).dat
[2014/02/16 00:36:04 | 000,009,018 | ---- | C] () -- C:\Users\Allybongo\AppData\Local\recently-used.xbel
[2014/02/15 09:23:55 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/02/15 09:23:45 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/02/15 06:55:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/14 11:15:38 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2014/02/14 07:20:53 | 000,000,094 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2014/02/14 03:50:10 | 000,000,060 | ---- | C] () -- C:\Program Files (x86)\CommandlineScanner.bat
[2014/02/14 03:50:10 | 000,000,056 | ---- | C] () -- C:\Program Files (x86)\EmergencyKitScanner.bat
[2014/02/13 21:51:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/13 21:35:39 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/10 13:06:31 | 000,000,628 | RHS- | C] () -- C:\Users\Allybongo\ntuser.pol
[2014/02/10 00:00:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/02/07 23:17:44 | 000,002,206 | ---- | C] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate.lnk
[2014/02/03 21:03:29 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/02/03 01:27:31 | 000,000,047 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\WB.CFG
[2014/02/02 07:04:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/02/02 05:41:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ST_ACCEL_01009.Wdf
[2014/01/29 23:02:42 | 000,017,058 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/15 00:10:20 | 000,000,396 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/29 22:34:18 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2013/12/29 04:55:35 | 000,000,016 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\msregsvv.dll
[2013/12/29 04:55:35 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2013/12/10 14:07:46 | 000,000,250 | ---- | C] () -- C:\Users\Allybongo\.swfinfo
[2013/12/10 14:06:21 | 000,000,990 | ---- | C] () -- C:\Windows\SysWow64\amsiq19a.sys
[2013/11/29 06:18:24 | 000,766,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/06 20:57:30 | 000,152,576 | ---- | C] () -- C:\Windows\SysWow64\1Way.dll
[2013/11/05 21:27:32 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2013/11/05 21:27:25 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
[2013/10/03 11:44:43 | 000,007,859 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.cat
[2013/10/03 11:44:43 | 000,001,167 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.inf
[2013/10/03 09:14:59 | 000,026,329 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/10/03 08:13:24 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2013/10/03 08:13:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013/10/03 08:04:52 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/03 08:04:49 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/08/05 17:00:26 | 000,024,036 | ---- | C] () -- C:\Users\Allybongo\SDActivate.lng

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/13 17:04:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Allybongo-PC\AppData\Roaming\IObit
[2014/02/13 17:05:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Allybongo-PC\AppData\Roaming\ProductData
[2014/02/13 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\17059
[2014/02/16 03:57:44 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\abelhadigital.com
[2014/02/07 16:30:43 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\AnvSoft
[2014/02/18 08:15:31 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Boilsoft
[2014/02/12 18:30:38 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\desksware
[2014/02/15 06:49:28 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Foxit Software
[2014/02/19 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Free Download Manager
[2014/02/07 06:03:48 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\FreeFixer
[2014/02/08 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\GlarySoft
[2014/02/08 19:19:35 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Greenshot
[2013/10/26 19:39:16 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ImgBurn
[2014/02/16 19:47:06 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IObit
[2014/02/18 00:31:59 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IrfanView
[2014/02/12 16:21:18 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\J River
[2014/02/11 02:53:41 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\LibrariIcon
[2014/02/07 15:31:10 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Mediatronic
[2014/02/14 08:49:40 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\MetroSidebar
[2014/02/21 14:49:46 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Mp3tag
[2014/02/09 23:42:19 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\MPC-HC
[2014/02/03 02:24:10 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\OpenOffice
[2014/02/14 11:15:44 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Opera Software
[2014/02/16 04:48:36 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\PDAppFlex
[2014/02/16 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ProductData
[2014/02/13 15:04:39 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\QuickScan
[2013/10/07 21:30:25 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\SanDisk
[2014/02/14 08:41:42 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Stardock
[2014/02/18 08:06:51 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\uTorrent
[2014/02/02 10:02:02 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Vso
[2014/02/07 23:30:00 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Xilisoft
[2014/02/14 13:52:42 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\XnView
[2014/02/14 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Zoner
[2014/02/17 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/02/17 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: RPCSS.DLL >
[2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SERVICES >
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 06:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 08:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 08:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Allybongo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 08:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 08:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 08:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 08:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2013/09/17 04:56:16 | 000,186,248 | ---- | M] () MD5=3190DA6D96EAE3A354AE533BA0D35D5F -- C:\Program Files (x86)\OpenOffice 4\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 3A74-D2B2
Directory of C:\
14/07/2009 05:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 05:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 05:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Administrator.Allybongo-PC
13/02/2014 17:04 <JUNCTION> Application Data [C:\Users\Administrator.Allybongo-PC\AppData\Roaming]
13/02/2014 17:04 <JUNCTION> Cookies [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Cookies]
13/02/2014 17:04 <JUNCTION> Local Settings [C:\Users\Administrator.Allybongo-PC\AppData\Local]
13/02/2014 17:04 <JUNCTION> My Documents [C:\Users\Administrator.Allybongo-PC\Documents]
13/02/2014 17:04 <JUNCTION> NetHood [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/02/2014 17:04 <JUNCTION> PrintHood [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/02/2014 17:04 <JUNCTION> Recent [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Recent]
13/02/2014 17:04 <JUNCTION> SendTo [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\SendTo]
13/02/2014 17:04 <JUNCTION> Start Menu [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
13/02/2014 17:04 <JUNCTION> Templates [C:\Users\Administrator.Allybongo-PC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Administrator.Allybongo-PC\AppData\Local
13/02/2014 17:04 <JUNCTION> Application Data [C:\Users\Administrator.Allybongo-PC\AppData\Local]
13/02/2014 17:04 <JUNCTION> History [C:\Users\Administrator.Allybongo-PC\AppData\Local\Microsoft\Windows\History]
13/02/2014 17:04 <JUNCTION> Temporary Internet Files [C:\Users\Administrator.Allybongo-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Administrator.Allybongo-PC\Documents
13/02/2014 17:04 <JUNCTION> My Music [C:\Users\Administrator.Allybongo-PC\Music]
13/02/2014 17:04 <JUNCTION> My Pictures [C:\Users\Administrator.Allybongo-PC\Pictures]
13/02/2014 17:04 <JUNCTION> My Videos [C:\Users\Administrator.Allybongo-PC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 05:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Allybongo
03/10/2013 07:40 <JUNCTION> Application Data [C:\Users\Allybongo\AppData\Roaming]
03/10/2013 07:40 <JUNCTION> Cookies [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Cookies]
03/10/2013 07:40 <JUNCTION> Local Settings [C:\Users\Allybongo\AppData\Local]
03/10/2013 07:40 <JUNCTION> My Documents [C:\Users\Allybongo\Documents]
03/10/2013 07:40 <JUNCTION> NetHood [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/10/2013 07:40 <JUNCTION> PrintHood [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/10/2013 07:40 <JUNCTION> Recent [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Recent]
03/10/2013 07:40 <JUNCTION> SendTo [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\SendTo]
03/10/2013 07:40 <JUNCTION> Start Menu [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu]
03/10/2013 07:40 <JUNCTION> Templates [C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Allybongo\AppData\Local
03/10/2013 07:40 <JUNCTION> Application Data [C:\Users\Allybongo\AppData\Local]
03/10/2013 07:40 <JUNCTION> History [C:\Users\Allybongo\AppData\Local\Microsoft\Windows\History]
03/10/2013 07:40 <JUNCTION> Temporary Internet Files [C:\Users\Allybongo\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Allybongo\Documents
03/10/2013 07:40 <JUNCTION> My Music [C:\Users\Allybongo\Music]
03/10/2013 07:40 <JUNCTION> My Pictures [C:\Users\Allybongo\Pictures]
03/10/2013 07:40 <JUNCTION> My Videos [C:\Users\Allybongo\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 05:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 05:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:08 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 05:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:08 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 05:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
65 Dir(s) 202,809,692,160 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >






OTL Extras logfile created on: 22/02/2014 02:24:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allybongo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 70.93% Memory free
7.80 Gb Paging File | 6.56 Gb Available in Paging File | 84.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 188.88 Gb Free Space | 81.14% Space Free | Partition Type: NTFS

Computer Name: ALLYBONGO-PC | User Name: Allybongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E725F28-2BE9-4EA5-9067-107A2B99561B}" = lport=137 | protocol=17 | dir=in | app=system |
"{0E974950-70EF-4F84-9D05-4CB447AE8093}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0EAFEA59-1E38-4303-9259-BBD39E73BF6D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3741423B-CCED-4AFF-98A4-EB44AC5EAA27}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E44624B-8FDE-434C-B4F4-591446CE2E4A}" = lport=445 | protocol=6 | dir=in | app=system |
"{790E0921-64B9-4704-B16F-5D78BB16B918}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2379466-D263-4CFE-8147-B75A9AB53667}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8B2B267-4C46-4A4E-8622-8D44A69ACB96}" = lport=138 | protocol=17 | dir=in | app=system |
"{D1367F9F-BC8B-4D8F-94A5-5ACCE4876F5C}" = rport=445 | protocol=6 | dir=out | app=system |
"{E262E776-A86E-4F55-9306-7EEE32EBF76A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E27D7320-1DCB-4B97-985C-7F31112DD58B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7F06D61-3CC3-4A20-AD5C-4A6580A1CFC6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061AA160-58A5-494D-ACED-50422A017AD8}" = protocol=58 | dir=in | [email protected],-28545 |
"{2D55A7CC-70B2-4670-967C-D45E00630718}" = protocol=1 | dir=in | [email protected],-28543 |
"{3A0BD021-BDBE-444B-8F8A-77F7F161D451}" = protocol=17 | dir=in | app=c:\users\allybongo\appdata\roaming\utorrent\utorrent.exe |
"{8AD36299-894B-43DB-BC88-0C2F3E430D84}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{993373CB-43D8-470E-8A5C-E780A7A41D14}" = protocol=6 | dir=in | app=c:\users\allybongo\appdata\roaming\utorrent\utorrent.exe |
"{AA7D0C60-AD7C-4570-8C6D-B09403F63434}" = protocol=1 | dir=out | [email protected],-28544 |
"{F0E96C56-59B6-406D-903D-2D332284FBF1}" = protocol=58 | dir=out | [email protected],-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C7311329-C491-427B-8880-133E84869B3A}" = Vista Shortcut Manager x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}" = WinZip 18.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"CCleaner" = CCleaner
"DW WLAN Card Utility" = DW WLAN Card Utility
"Greenshot_is1" = Greenshot 1.1.7.17
"HitmanPro37" = HitmanPro 3.7
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{24B89186-2A56-4D28-B930-6F4FCF224E2F}" = OpenOffice 4.0.1
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.3
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{459C13B0-DD46-11DF-BFE1-005056C00008}" = MSVCRT Redists
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F75616F-49C7-4EA2-8725-7E1A7AB1949C}" = Nero InfoTool 11 Help (CHM)
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}" = Nero 11 InfoTool
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{A90E924E-1B35-44B0-978E-3F6F89FBC960}" = Nero InfoTool 11
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.57
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"DFX" = DFX
"Driver Booster_is1" = Driver Booster
"Free Download Manager_is1" = Free Download Manager 3.9.3
"ImgBurn" = ImgBurn
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver
"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = Kaspersky Internet Security
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.58
"Opera 19.0.1326.63" = Opera Stable 19.0.1326.63
"PokerStars" = PokerStars
"Smart Defrag 3_is1" = Smart Defrag 3
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Tone2 Firebird_is1" = Firebird v2.0
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Amazon Kindle" = Amazon Kindle
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21/02/2014 12:46:12 | Computer Name = Allybongo-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 21/02/2014 12:46:12 | Computer Name = Allybongo-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 21/02/2014 12:46:16 | Computer Name = Allybongo-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 21/02/2014 12:46:16 | Computer Name = Allybongo-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 21/02/2014 12:46:16 | Computer Name = Allybongo-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 21/02/2014 12:46:16 | Computer Name = Allybongo-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 21/02/2014 12:47:33 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/02/2014 13:13:21 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/02/2014 13:16:44 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/02/2014 13:26:02 | Computer Name = Allybongo-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 16/02/2014 15:42:44 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 19:42:44, Sun, Feb 16, 14 Error - Unable to set enhanced country code


Error - 16/02/2014 17:28:14 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 21:28:14, Sun, Feb 16, 14 Error - Unable to set enhanced country code


Error - 16/02/2014 17:37:14 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 21:37:14, Sun, Feb 16, 14 Error - Unable to set enhanced country code


Error - 18/02/2014 13:07:46 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 17:07:46, Tue, Feb 18, 14 Error - Unable to set enhanced country code


Error - 18/02/2014 15:41:04 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 19:41:04, Tue, Feb 18, 14 Error - Unable to set enhanced country code


Error - 18/02/2014 17:09:57 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 21:09:57, Tue, Feb 18, 14 Error - Unable to set enhanced country code


Error - 19/02/2014 04:53:06 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 08:53:06, Wed, Feb 19, 14 Error - Unable to set enhanced country code


Error - 19/02/2014 12:49:51 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 16:49:51, Wed, Feb 19, 14 Error - Unable to set enhanced country code


Error - 19/02/2014 13:16:17 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 17:16:17, Wed, Feb 19, 14 Error - Unable to set enhanced country code


Error - 19/02/2014 14:43:33 | Computer Name = Allybongo-PC | Source = WLAN-Tray | ID = 0
Description = 18:43:33, Wed, Feb 19, 14 Error - Unable to set enhanced country code


[ System Events ]
Error - 21/02/2014 13:11:24 | Computer Name = Allybongo-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 21/02/2014 13:11:52 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ofvpmj tljkva

Error - 21/02/2014 13:12:41 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).

Error - 21/02/2014 13:14:21 | Computer Name = Allybongo-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Error - 21/02/2014 13:14:47 | Computer Name = Allybongo-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 21/02/2014 13:15:13 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ofvpmj tljkva

Error - 21/02/2014 13:16:04 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).

Error - 21/02/2014 13:24:05 | Computer Name = Allybongo-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 21/02/2014 13:24:29 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ofvpmj tljkva

Error - 21/02/2014 13:25:21 | Computer Name = Allybongo-PC | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).


< End of report >










aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-22 02:35:33
-----------------------------
02:35:33.549 OS Version: Windows x64 6.1.7601 Service Pack 1
02:35:33.549 Number of processors: 2 586 0x2A07
02:35:33.550 ComputerName: ALLYBONGO-PC UserName: Allybongo
02:35:34.389 Initialize success
02:36:26.472 AVAST engine defs: 14022101
02:36:37.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:36:37.423 Disk 0 Vendor: ST9250410AS D005SDM1 Size: 238475MB BusType: 11
02:36:37.501 Disk 0 MBR read successfully
02:36:37.501 Disk 0 MBR scan
02:36:37.517 Disk 0 Windows 7 default MBR code
02:36:37.517 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:36:37.532 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
02:36:37.564 Disk 0 scanning C:\Windows\system32\drivers
02:36:47.875 Service scanning
02:37:04.302 Modules scanning
02:37:04.302 Disk 0 trace - called modules:
02:37:04.333 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:37:04.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f7060]
02:37:04.848 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80045f6540]
02:37:04.848 5 stdcfltn.sys[fffff88001c5ad12] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043c51f0]
02:37:05.644 AVAST engine scan C:\Windows
02:37:07.328 AVAST engine scan C:\Windows\system32
02:39:22.113 AVAST engine scan C:\Windows\system32\drivers
02:39:32.409 AVAST engine scan C:\Users\Allybongo
02:42:05.211 AVAST engine scan C:\ProgramData
02:42:48.251 Scan finished successfully
02:43:03.446 Disk 0 MBR has been saved successfully to "C:\Users\Allybongo\Downloads\MBR.dat"
02:43:03.446 The log file has been saved successfully to "C:\Users\Allybongo\Downloads\aswMBR.txt"




just to let you know the oneway.dll is quarantined in hitmanpro still,is that ok?

[pystryker]

Hi Pystryker....thanks for the quick reply.

You're very welcome.

We have some work to do, so let's get started.


Step 1: Upload File to VirusTotal for Scanning

I'd like you to upload the oneway.dll file to VirusTotal for scanning. If you can unquarantine the file, please follow the instructions below. When you unquarantine it, it will return to it's original location.

• Please go to VirusTotal.org by clicking here
  
• Please click on Choose File
  
• When the window opens, navigate to the location listed in the box below and select file that is listed in that location.
  
  

  C:\windows\SysWOW64\oneway.dll

• Once you have selected the file, click the blue Scan It! button.
  
• VirusTotal will scan the file and produce a report for you. Please post the report in your next reply.

Step 2: Registry Cleaner Warning and Program Uninstalls


Registry Cleaner Warning

There were signs of multiple programs that are either currently or have been previously installed on your computer that contain registry cleaners.A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.

We also do not recommend programs that say they will automatically update your drivers for you. Programs such as those can download and install the wrong drivers and cause problems in that way. Drivers are best updated by downloading them from the manufacturers website.

Please Uninstall the following programs

• Advanced System Care 7
  
• HitmanPro 3.7
  
• IObit Uninstaller
  
• Smart Defrag 3
  
• Driver Booster

Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
[2014/02/16 19:47:06 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..Trusted Domains: hola.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3963455550-1951971532-3912676929-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
[2014/02/16 16:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2014/02/16 16:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2014/02/16 16:26:43 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/02/02 21:01:10 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2014/02/02 21:00:50 | 000,121,856 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2014/02/02 21:00:45 | 000,021,184 | ---- | C] (IObit) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2014/02/02 21:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
[2014/02/21 17:24:30 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/02/13 17:04:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Allybongo-PC\AppData\Roaming\IObit
[2014/02/13 17:05:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Allybongo-PC\AppData\Roaming\ProductData
[2014/02/16 19:47:06 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IObit
[2014/02/17 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/02/17 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34


:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[emptytemp]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 4: OTL Quick Scan

• Start OTL and this time click the Quick Scan button
  
• OTL will scan your system and produce one log when finished.
  
• Please post that log in your next reply.

Things I need to see in your next post:

VirusTotal Scan Results Log

OTL Fix Log

OTL Quick Scan Log

[mrpooh3]

Hi,I uninstalled the software you suggested....I was wondering if iobits advanced system care is safe as I purchased it for a year and could you tell me how to go about checking my drivers as driver booster updated around 9 drivers and even though the program says they are perfect how will i know if the correct drivers are installed?
I uploaded the oneway.dll to virustotal but it didn't give me a log it showed that the file is harmless though and all scans had a green tick next to them.
Here are my otl logs the fix 1st :



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: ascsurfingprotection%40iobit.com:1.0 removed from extensions.enabledAddons
C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions\[email protected] folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ not found.
File C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3963455550-1951971532-3912676929-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3963455550-1951971532-3912676929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\line6.net\ deleted successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\ not found.
C:\Windows\tasks\ImCleanDisabled folder moved successfully.
C:\Windows\SysNative\SmartDefragBootTime.exe moved successfully.
C:\Windows\SysNative\IObitSmartDefragExtension.dll moved successfully.
File C:\Windows\SysNative\drivers\SmartDefragDriver.sys not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\ not found.
File C:\Windows\tasks\Driver Booster Update.job not found.
C:\Users\Administrator.Allybongo-PC\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Administrator.Allybongo-PC\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Administrator.Allybongo-PC\AppData\Roaming\IObit\Advanced SystemCare V7\boottime folder moved successfully.
C:\Users\Administrator.Allybongo-PC\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Administrator.Allybongo-PC\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Administrator.Allybongo-PC\AppData\Roaming\IObit folder moved successfully.
C:\Users\Administrator.Allybongo-PC\AppData\Roaming\ProductData folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7\Temp folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7\Startup Manager folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V6\Temp folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Allybongo\AppData\Roaming\IObit folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\Allybongo\Desktop\cmd.bat deleted successfully.
C:\Users\Allybongo\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Allybongo\Desktop\cmd.bat deleted successfully.
C:\Users\Allybongo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.Allybongo-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Allybongo
->Temp folder emptied: 185763496 bytes
->Temporary Internet Files folder emptied: 144 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 369607197 bytes
->Flash cache emptied: 1115 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes

User: HomeGroupUser$
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109358 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 530.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02222014_145002

Files\Folders moved on Reboot...
C:\Users\Allybongo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Allybongo\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL logfile created on: 22/02/2014 14:55:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allybongo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 70.12% Memory free
7.80 Gb Paging File | 6.41 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 188.66 Gb Free Space | 81.04% Space Free | Partition Type: NTFS

Computer Name: ALLYBONGO-PC | User Name: Allybongo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/02/22 02:21:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
PRC - [2014/02/18 09:22:57 | 000,996,544 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2014/01/24 04:30:14 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2011/09/20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/13 16:05:47 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/02/13 16:05:09 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/13 15:58:36 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/13 15:58:31 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/12 22:33:12 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/12 22:33:00 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/12 22:32:56 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/12 22:32:47 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/12 22:32:47 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/12 22:32:45 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/12 22:32:43 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 22:32:42 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/12 22:32:41 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/12 22:32:35 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 10:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/02 07:02:28 | 000,244,328 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2013/10/10 22:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/18 08:50:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/21 10:51:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 01:31:23 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/02 06:42:46 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/01/24 04:30:14 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/19 18:44:11 | 009,082,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2014/02/18 09:23:29 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/02/18 09:23:29 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:64bit: - [2014/02/18 09:23:29 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2014/02/02 07:04:44 | 000,462,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2014/02/02 07:04:34 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/02/02 07:02:28 | 000,084,712 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/01/24 04:30:12 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014/01/24 04:30:12 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2014/01/24 04:30:12 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/01/24 04:30:12 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/10/15 11:38:24 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/10/02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/11 17:46:56 | 000,772,864 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6TPortGX64.sys -- (L6TPortGX)
DRV:64bit: - [2013/05/14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/04/29 08:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/27 11:58:36 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/01/31 16:05:26 | 000,023,040 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipmidi.sys -- (ipMIDI)
DRV:64bit: - [2012/12/13 15:41:10 | 000,028,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dfx11_1x64.sys -- (DFX11_1)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/21 11:54:04 | 000,068,208 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2012/05/10 16:35:26 | 000,221,184 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2012/05/10 16:35:26 | 000,104,448 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/22 12:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/18 08:50:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/01/03 13:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010/11/21 03:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?o...U219DHP&pc=U219
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C AD 7E 7B 15 C0 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.6.0.1
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:14.0.0.4880
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/02/18 09:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/15 09:30:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/15 09:30:56 | 000,000,000 | ---D | M]

[2014/02/13 21:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Extensions
[2014/02/18 07:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions
[2014/02/14 01:59:17 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Allybongo\AppData\Roaming\Mozilla\Firefox\Profiles\yo01l4ps.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/14 01:31:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 01:31:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/17 17:20:33 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2014/02/18 09:23:32 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\[email protected]

O1 HOSTS File: ([2014/02/17 15:28:13 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F105BFF-611A-45EE-B4A5-EC05C0AEF371}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 14:52:49 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\IObit
[2014/02/22 14:50:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/22 02:21:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
[2014/02/21 19:22:50 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/21 17:09:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/21 09:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2014/02/19 18:41:35 | 000,000,000 | ---D | C] -- C:\DrvInstall
[2014/02/18 08:15:31 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Boilsoft
[2014/02/18 08:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boilsoft
[2014/02/18 08:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Boilsoft
[2014/02/18 07:43:09 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\dwhelper
[2014/02/18 00:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2014/02/18 00:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2014/02/17 17:20:37 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Free Download Manager
[2014/02/17 17:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2014/02/17 17:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2014/02/17 15:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/17 14:57:38 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\WinZip
[2014/02/17 14:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/02/17 14:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/02/17 14:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/02/16 21:28:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/16 21:26:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/16 21:20:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/16 21:20:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/16 21:20:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/16 21:20:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/16 18:25:30 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/02/16 04:48:36 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\PDAppFlex
[2014/02/16 04:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/02/16 03:57:44 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\abelhadigital.com
[2014/02/16 03:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2014/02/15 22:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/02/15 21:40:39 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Secunia PSI
[2014/02/15 11:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2014/02/15 11:48:44 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\klfphc.dll
[2014/02/15 11:47:58 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2014/02/15 11:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/02/15 11:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014/02/15 11:47:42 | 000,624,224 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/02/15 11:47:42 | 000,115,296 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404
[2014/02/15 09:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401
[2014/02/15 09:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2014/02/15 09:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014/02/15 09:22:50 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2014/02/15 06:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/02/15 06:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/02/14 12:38:32 | 000,000,000 | R--D | C] -- C:\Users\Allybongo\Documents\Antispy
[2014/02/14 12:38:20 | 000,000,000 | R--D | C] -- C:\Users\Allybongo\Documents\Tools
[2014/02/14 11:15:45 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Opera Software
[2014/02/14 11:15:44 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Opera Software
[2014/02/14 11:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/02/14 09:33:01 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Zoner
[2014/02/14 09:33:01 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Zoner
[2014/02/14 09:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner
[2014/02/14 08:49:29 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\MetroSidebar
[2014/02/14 08:41:42 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Stardock
[2014/02/14 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Stardock
[2014/02/14 08:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2014/02/14 08:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/02/14 03:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Languages
[2014/02/14 03:50:10 | 001,593,776 | ---- | C] (Emsisoft GmbH) -- C:\Program Files (x86)\start.exe
[2014/02/14 03:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Run
[2014/02/14 03:35:56 | 000,000,000 | R--D | C] -- C:\Users\Allybongo\Documents\Anti-Malware
[2014/02/14 01:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/14 01:08:16 | 000,000,000 | RH-D | C] -- C:\Users\Allybongo\Documents\Hand History
[2014/02/13 23:09:33 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\17059
[2014/02/13 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/02/13 21:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/02/13 21:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/02/13 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\DoNotTrackPlus
[2014/02/13 21:35:46 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Mozilla
[2014/02/13 21:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/02/13 21:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/02/13 17:13:45 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Frameworkx.com
[2014/02/13 17:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frameworkx
[2014/02/13 17:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Frameworkx
[2014/02/13 15:13:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/02/13 13:21:46 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Citrix
[2014/02/13 12:08:36 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/02/13 12:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/02/13 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\redist
[2014/02/13 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\licenses
[2014/02/12 18:30:38 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\desksware
[2014/02/12 16:21:18 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\J River
[2014/02/11 13:21:37 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
[2014/02/11 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Amazon Cloud Player
[2014/02/11 02:53:41 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\LibrariIcon
[2014/02/11 01:26:40 | 000,361,256 | ---- | C] (Namtuk.com) -- C:\Windows\SysWow64\MyCommandButton.ocx
[2014/02/11 01:26:40 | 000,349,968 | ---- | C] (Infragistics, Inc.) -- C:\Windows\SysWow64\IGThreed40.ocx
[2014/02/11 01:26:40 | 000,246,304 | ---- | C] (Namtuk.com) -- C:\Windows\SysWow64\MyFramePanel.ocx
[2014/02/11 01:26:40 | 000,061,440 | ---- | C] (Alon Gal) -- C:\Windows\SysWow64\TreeFolder.ocx
[2014/02/11 01:26:39 | 001,213,568 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\ImgX61.dll
[2014/02/11 01:26:39 | 001,131,600 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\AtalaImaging.dll
[2014/02/11 01:26:39 | 000,597,834 | ---- | C] (Cyotek) -- C:\Windows\SysWow64\AS-IFce1.ocx
[2014/02/11 01:26:39 | 000,418,944 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\ImgX61.ocx
[2014/02/11 01:26:39 | 000,233,472 | ---- | C] (VBSmart) -- C:\Windows\SysWow64\SmartMenuXP.ocx
[2014/02/11 01:26:39 | 000,182,032 | ---- | C] (Infragistics, Inc.) -- C:\Windows\SysWow64\IGSplitter40.ocx
[2014/02/11 01:26:39 | 000,173,136 | ---- | C] (Atalasoft) -- C:\Windows\SysWow64\ImgXDialog61.dll
[2014/02/11 01:26:39 | 000,137,920 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\ImgXTwain61.dll
[2014/02/11 01:26:39 | 000,132,232 | ---- | C] (Atalasoft) -- C:\Windows\SysWow64\ImgXPrint61.dll
[2014/02/11 01:26:39 | 000,066,640 | ---- | C] (Atalasoft, Inc.) -- C:\Windows\SysWow64\ImgXCapture61.dll
[2014/02/11 01:26:39 | 000,028,672 | ---- | C] (VBSmart) -- C:\Windows\SysWow64\SmartMenuXP.dll
[2014/02/11 01:26:39 | 000,024,576 | ---- | C] (VBSmart) -- C:\Windows\SysWow64\SmartSubClass.dll
[2014/02/10 14:21:00 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\IrfanView
[2014/02/10 03:00:03 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\FastStone
[2014/02/10 01:28:32 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Mp3tag
[2014/02/10 01:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2014/02/10 01:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2014/02/10 00:01:08 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Apple Computer
[2014/02/10 00:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/02/10 00:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/02/10 00:00:13 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Apple
[2014/02/10 00:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/02/10 00:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/02/09 23:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/02/09 23:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/02/09 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\MPC-HC
[2014/02/09 23:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2014/02/09 23:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2014/02/09 23:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Madvr
[2014/02/09 22:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2014/02/09 22:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2014/02/09 22:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2014/02/09 22:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2014/02/09 01:24:34 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Corel
[2014/02/08 23:43:18 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\FrameShots
[2014/02/08 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Greenshot
[2014/02/08 19:19:35 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Greenshot
[2014/02/08 19:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
[2014/02/08 19:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Greenshot
[2014/02/08 06:06:19 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2014/02/08 01:23:55 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\IsolatedStorage
[2014/02/08 01:23:52 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Mike_Ward
[2014/02/07 23:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2014/02/07 23:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2014/02/07 23:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2014/02/07 23:16:41 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Xilisoft
[2014/02/07 16:30:43 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\AnvSoft
[2014/02/07 15:45:30 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Foxit Software
[2014/02/07 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Mediatronic
[2014/02/07 14:46:09 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Adobe
[2014/02/07 12:38:28 | 000,000,000 | ---D | C] -- C:\ERDNT
[2014/02/07 12:38:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/07 05:56:17 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\FreeFixer
[2014/02/07 05:56:17 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\FreeFixer
[2014/02/07 05:48:42 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\DivX
[2014/02/07 04:27:06 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2014/02/07 01:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
[2014/02/07 01:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DFX
[2014/02/07 01:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DFX
[2014/02/06 14:38:15 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\XnView
[2014/02/06 14:09:57 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\.thumbnails
[2014/02/06 14:09:16 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\gtk-2.0
[2014/02/06 14:04:24 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\fontconfig
[2014/02/06 14:04:23 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\gegl-0.2
[2014/02/05 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Apple Computer
[2014/02/04 22:21:53 | 000,088,984 | ---- | C] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys
[2014/02/04 19:57:15 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2014/02/03 19:59:21 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\.idlerc
[2014/02/03 19:32:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/03 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Google
[2014/02/03 08:08:49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/03 02:24:10 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\OpenOffice
[2014/02/02 23:09:28 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\Macromedia
[2014/02/02 23:09:28 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Macromedia
[2014/02/02 23:01:21 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\VirtualStore
[2014/02/02 07:07:52 | 000,000,000 | ---D | C] -- C:\Windows\devcon
[2014/02/02 07:02:28 | 000,244,328 | ---- | C] (O2Micro International) -- C:\Windows\SysNative\o2flash.exe
[2014/02/02 07:02:28 | 000,084,712 | ---- | C] (O2Micro ) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys
[2014/02/02 06:44:31 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\Paint.NET
[2014/02/02 06:42:54 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\ProductData
[2014/02/02 06:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/02/02 06:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/02 06:24:13 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\GlarySoft
[2014/02/02 05:41:42 | 000,022,128 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys
[2014/02/02 05:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2014/02/02 05:41:31 | 000,068,208 | ---- | C] (STMicroelectronics) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys
[2014/02/02 05:41:31 | 000,065,136 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\stdcfltnco02.dll
[2014/02/02 05:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ST Microelectronics
[2014/02/02 04:38:52 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Roaming\QuickScan
[2014/02/01 20:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2014/02/01 20:24:02 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\ElevatedDiagnostics
[2014/02/01 02:35:43 | 000,000,000 | ---D | C] -- C:\Users\Allybongo\AppData\Local\DFX
[2014/01/31 18:00:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/01/24 04:30:12 | 000,458,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014/01/24 04:30:12 | 000,178,272 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2014/01/24 04:30:12 | 000,029,792 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2014/01/24 04:30:12 | 000,029,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2014/01/24 04:30:12 | 000,029,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013/10/14 02:44:12 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2013/10/03 11:44:43 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Allybongo\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/02/22 14:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/22 14:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/22 14:39:53 | 000,078,848 | ---- | M] () -- C:\Windows\SysWow64\OneWay.dll
[2014/02/22 10:41:44 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 10:41:44 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 02:21:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allybongo\Desktop\OTL.exe
[2014/02/21 19:22:50 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/21 19:21:50 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/21 17:23:11 | 000,000,147 | ---- | M] () -- C:\Windows\wininit.ini
[2014/02/21 16:44:40 | 000,000,346 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/02/21 13:17:07 | 000,219,566 | ---- | M] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2014/02/21 09:59:57 | 000,001,887 | ---- | M] () -- C:\Users\Allybongo\Desktop\ImgBurn.lnk
[2014/02/21 09:57:47 | 000,000,839 | ---- | M] () -- C:\Users\Allybongo\Desktop\µTorrent.lnk
[2014/02/21 09:54:37 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2014/02/20 14:19:10 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/02/20 07:17:07 | 000,781,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/20 07:17:07 | 000,666,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/20 07:17:07 | 000,126,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/19 18:44:32 | 000,892,356 | ---- | M] () -- C:\Windows\SysNative\oem37.inf
[2014/02/18 09:23:29 | 000,624,224 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/02/18 09:23:29 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/02/18 09:23:29 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2014/02/18 08:15:31 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Video Joiner.lnk
[2014/02/18 08:03:49 | 000,000,839 | ---- | M] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/02/18 00:32:03 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2014/02/17 18:06:06 | 000,001,133 | ---- | M] () -- C:\Users\Allybongo\Desktop\Opera.lnk
[2014/02/17 17:20:34 | 000,001,071 | ---- | M] () -- C:\Users\Allybongo\Desktop\FDM.lnk
[2014/02/17 15:28:13 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/02/17 05:28:54 | 000,000,842 | ---- | M] () -- C:\Users\Allybongo\Desktop\Greenshot.lnk
[2014/02/17 05:26:09 | 000,053,812 | ---- | M] () -- C:\Windows\uninst-vj.exe
[2014/02/17 03:52:01 | 004,927,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/17 03:33:30 | 000,001,394 | ---- | M] () -- C:\Users\Allybongo\Desktop\iTunes.lnk
[2014/02/17 03:32:21 | 000,001,278 | ---- | M] () -- C:\Users\Allybongo\Desktop\Xilisoft.lnk
[2014/02/17 03:32:12 | 000,002,124 | ---- | M] () -- C:\Users\Allybongo\Desktop\ConvertX.lnk
[2014/02/17 03:31:44 | 000,001,103 | ---- | M] () -- C:\Users\Allybongo\Desktop\MPC-HC.lnk
[2014/02/17 03:31:32 | 000,001,001 | ---- | M] () -- C:\Users\Allybongo\Desktop\Mp3tag.lnk
[2014/02/17 03:30:43 | 000,001,728 | ---- | M] () -- C:\Users\Allybongo\Desktop\DFX.lnk
[2014/02/17 03:30:35 | 000,001,236 | ---- | M] () -- C:\Users\Allybongo\Desktop\Cloud.lnk
[2014/02/17 03:30:25 | 000,002,275 | ---- | M] () -- C:\Users\Allybongo\Desktop\Kindle.lnk
[2014/02/17 03:30:10 | 000,001,071 | ---- | M] () -- C:\Users\Allybongo\Desktop\PokerStars.lnk
[2014/02/17 03:29:47 | 000,001,759 | ---- | M] () -- C:\Users\Allybongo\Desktop\Tools.lnk
[2014/02/17 03:29:20 | 000,001,135 | ---- | M] () -- C:\Users\Allybongo\Desktop\Videos.lnk
[2014/02/17 03:29:05 | 000,001,789 | ---- | M] () -- C:\Users\Allybongo\Desktop\Antispy.lnk
[2014/02/17 03:28:14 | 000,001,100 | ---- | M] () -- C:\Users\Allybongo\Desktop\My Music.lnk
[2014/02/17 03:28:08 | 000,001,100 | ---- | M] () -- C:\Users\Allybongo\Desktop\Pictures.lnk
[2014/02/17 03:27:59 | 000,001,103 | ---- | M] () -- C:\Users\Allybongo\Desktop\Documents.lnk
[2014/02/17 03:26:21 | 000,001,856 | ---- | M] () -- C:\Users\Allybongo\Desktop\Downloads.lnk
[2014/02/17 03:24:46 | 000,001,163 | ---- | M] () -- C:\Users\Allybongo\Desktop\Firefox.lnk
[2014/02/16 18:26:04 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ALLYBONGO-PC-Microsoft-Windows-7-Professional-(64-bit).dat
[2014/02/16 00:36:04 | 000,009,018 | ---- | M] () -- C:\Users\Allybongo\AppData\Local\recently-used.xbel
[2014/02/15 09:22:42 | 000,026,329 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2014/02/14 00:15:10 | 000,000,060 | ---- | M] () -- C:\Program Files (x86)\CommandlineScanner.bat
[2014/02/14 00:15:02 | 001,593,776 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\start.exe
[2014/02/14 00:14:52 | 000,000,056 | ---- | M] () -- C:\Program Files (x86)\EmergencyKitScanner.bat
[2014/02/12 22:30:19 | 000,766,280 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/10 13:06:31 | 000,000,628 | RHS- | M] () -- C:\Users\Allybongo\ntuser.pol
[2014/02/07 23:17:44 | 000,002,206 | ---- | M] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate.lnk
[2014/02/04 22:21:53 | 000,088,984 | ---- | M] (Hola Networks Ltd.) -- C:\Windows\SysNative\drivers\hola_mon_drv.sys
[2014/02/03 01:27:31 | 000,000,047 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\WB.CFG
[2014/02/02 10:02:02 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Allybongo\AppData\Roaming\pcouffin.sys
[2014/02/02 10:02:02 | 000,007,859 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.cat
[2014/02/02 10:02:02 | 000,001,167 | ---- | M] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.inf
[2014/02/02 10:02:00 | 000,001,224 | ---- | M] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2014/02/02 07:04:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/02/02 07:02:28 | 000,244,328 | ---- | M] (O2Micro International) -- C:\Windows\SysNative\o2flash.exe
[2014/02/02 07:02:28 | 000,084,712 | ---- | M] (O2Micro ) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys
[2014/02/02 05:41:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ST_ACCEL_01009.Wdf
[2014/01/29 23:02:42 | 000,017,058 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/24 04:30:12 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014/01/24 04:30:12 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2014/01/24 04:30:12 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2014/01/24 04:30:12 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klmouflt.sys

========== Files Created - No Company Name ==========

[2014/02/22 14:39:53 | 000,078,848 | ---- | C] () -- C:\Windows\SysWow64\OneWay.dll
[2014/02/21 17:23:11 | 000,000,147 | ---- | C] () -- C:\Windows\wininit.ini
[2014/02/21 13:16:59 | 000,219,566 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2014/02/21 09:59:57 | 000,001,887 | ---- | C] () -- C:\Users\Allybongo\Desktop\ImgBurn.lnk
[2014/02/21 09:57:47 | 000,000,839 | ---- | C] () -- C:\Users\Allybongo\Desktop\µTorrent.lnk
[2014/02/21 09:54:37 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2014/02/21 09:54:37 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2014/02/20 14:19:10 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/02/19 18:44:42 | 000,892,356 | ---- | C] () -- C:\Windows\SysNative\oem37.inf
[2014/02/18 08:15:31 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Video Joiner.lnk
[2014/02/18 08:03:49 | 000,000,839 | ---- | C] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/02/18 00:32:03 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2014/02/17 18:06:06 | 000,001,133 | ---- | C] () -- C:\Users\Allybongo\Desktop\Opera.lnk
[2014/02/17 17:20:34 | 000,001,071 | ---- | C] () -- C:\Users\Allybongo\Desktop\FDM.lnk
[2014/02/17 05:28:54 | 000,000,842 | ---- | C] () -- C:\Users\Allybongo\Desktop\Greenshot.lnk
[2014/02/17 05:26:09 | 000,053,812 | ---- | C] () -- C:\Windows\uninst-vj.exe
[2014/02/17 03:33:30 | 000,001,394 | ---- | C] () -- C:\Users\Allybongo\Desktop\iTunes.lnk
[2014/02/17 03:32:21 | 000,001,278 | ---- | C] () -- C:\Users\Allybongo\Desktop\Xilisoft.lnk
[2014/02/17 03:32:12 | 000,002,124 | ---- | C] () -- C:\Users\Allybongo\Desktop\ConvertX.lnk
[2014/02/17 03:31:44 | 000,001,103 | ---- | C] () -- C:\Users\Allybongo\Desktop\MPC-HC.lnk
[2014/02/17 03:31:32 | 000,001,001 | ---- | C] () -- C:\Users\Allybongo\Desktop\Mp3tag.lnk
[2014/02/17 03:30:43 | 000,001,728 | ---- | C] () -- C:\Users\Allybongo\Desktop\DFX.lnk
[2014/02/17 03:30:35 | 000,001,236 | ---- | C] () -- C:\Users\Allybongo\Desktop\Cloud.lnk
[2014/02/17 03:30:25 | 000,002,275 | ---- | C] () -- C:\Users\Allybongo\Desktop\Kindle.lnk
[2014/02/17 03:30:10 | 000,001,071 | ---- | C] () -- C:\Users\Allybongo\Desktop\PokerStars.lnk
[2014/02/17 03:29:47 | 000,001,759 | ---- | C] () -- C:\Users\Allybongo\Desktop\Tools.lnk
[2014/02/17 03:29:20 | 000,001,135 | ---- | C] () -- C:\Users\Allybongo\Desktop\Videos.lnk
[2014/02/17 03:29:05 | 000,001,789 | ---- | C] () -- C:\Users\Allybongo\Desktop\Antispy.lnk
[2014/02/17 03:28:14 | 000,001,100 | ---- | C] () -- C:\Users\Allybongo\Desktop\My Music.lnk
[2014/02/17 03:28:08 | 000,001,100 | ---- | C] () -- C:\Users\Allybongo\Desktop\Pictures.lnk
[2014/02/17 03:27:59 | 000,001,103 | ---- | C] () -- C:\Users\Allybongo\Desktop\Documents.lnk
[2014/02/17 03:26:21 | 000,001,856 | ---- | C] () -- C:\Users\Allybongo\Desktop\Downloads.lnk
[2014/02/17 03:24:46 | 000,001,163 | ---- | C] () -- C:\Users\Allybongo\Desktop\Firefox.lnk
[2014/02/17 03:17:07 | 000,000,346 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/02/16 21:20:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/16 21:20:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/16 21:20:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/16 21:20:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/16 21:20:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/16 18:26:04 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ALLYBONGO-PC-Microsoft-Windows-7-Professional-(64-bit).dat
[2014/02/16 00:36:04 | 000,009,018 | ---- | C] () -- C:\Users\Allybongo\AppData\Local\recently-used.xbel
[2014/02/15 09:23:55 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/02/15 09:23:45 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/02/15 06:55:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/14 11:15:38 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2014/02/14 07:20:53 | 000,000,094 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2014/02/14 03:50:10 | 000,000,060 | ---- | C] () -- C:\Program Files (x86)\CommandlineScanner.bat
[2014/02/14 03:50:10 | 000,000,056 | ---- | C] () -- C:\Program Files (x86)\EmergencyKitScanner.bat
[2014/02/13 21:51:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/13 21:35:39 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/10 13:06:31 | 000,000,628 | RHS- | C] () -- C:\Users\Allybongo\ntuser.pol
[2014/02/10 00:00:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/02/07 23:17:44 | 000,002,206 | ---- | C] () -- C:\Users\Allybongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate.lnk
[2014/02/03 01:27:31 | 000,000,047 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\WB.CFG
[2014/02/02 07:04:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/02/02 05:41:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ST_ACCEL_01009.Wdf
[2014/01/29 23:02:42 | 000,017,058 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/01/29 23:02:38 | 000,009,728 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2014/01/29 23:02:22 | 000,098,304 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/15 00:10:20 | 000,000,396 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/29 22:34:18 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2013/12/29 04:55:35 | 000,000,016 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\msregsvv.dll
[2013/12/29 04:55:35 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2013/12/10 14:07:46 | 000,000,250 | ---- | C] () -- C:\Users\Allybongo\.swfinfo
[2013/12/10 14:06:21 | 000,000,990 | ---- | C] () -- C:\Windows\SysWow64\amsiq19a.sys
[2013/11/29 06:18:24 | 000,766,280 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/06 20:57:30 | 000,152,576 | ---- | C] () -- C:\Windows\SysWow64\1Way.dll
[2013/11/05 21:27:32 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2013/11/05 21:27:25 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
[2013/10/03 11:44:43 | 000,007,859 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.cat
[2013/10/03 11:44:43 | 000,001,167 | ---- | C] () -- C:\Users\Allybongo\AppData\Roaming\pcouffin.inf
[2013/10/03 09:14:59 | 000,026,329 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013/10/03 08:13:24 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2013/10/03 08:13:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013/10/03 08:04:52 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/03 08:04:49 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/08/05 17:00:26 | 000,024,036 | ---- | C] () -- C:\Users\Allybongo\SDActivate.lng

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/13 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\17059
[2014/02/16 03:57:44 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\abelhadigital.com
[2014/02/07 16:30:43 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\AnvSoft
[2014/02/18 08:15:31 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Boilsoft
[2014/02/12 18:30:38 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\desksware
[2014/02/15 06:49:28 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Foxit Software
[2014/02/19 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Free Download Manager
[2014/02/07 06:03:48 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\FreeFixer
[2014/02/08 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\GlarySoft
[2014/02/08 19:19:35 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Greenshot
[2013/10/26 19:39:16 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ImgBurn
[2014/02/22 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IObit
[2014/02/18 00:31:59 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\IrfanView
[2014/02/12 16:21:18 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\J River
[2014/02/11 02:53:41 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\LibrariIcon
[2014/02/07 15:31:10 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Mediatronic
[2014/02/14 08:49:40 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\MetroSidebar
[2014/02/22 12:54:10 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Mp3tag
[2014/02/09 23:42:19 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\MPC-HC
[2014/02/03 02:24:10 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\OpenOffice
[2014/02/14 11:15:44 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Opera Software
[2014/02/16 04:48:36 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\PDAppFlex
[2014/02/16 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\ProductData
[2014/02/13 15:04:39 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\QuickScan
[2013/10/07 21:30:25 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\SanDisk
[2014/02/14 08:41:42 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Stardock
[2014/02/18 08:06:51 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\uTorrent
[2014/02/02 10:02:02 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Vso
[2014/02/07 23:30:00 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Xilisoft
[2014/02/14 13:52:42 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\XnView
[2014/02/14 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\Allybongo\AppData\Roaming\Zoner

========== Purity Check ==========



< End of report >

[pystryker]

Hi,I uninstalled the software you suggested....I was wondering if iobits advanced system care is safe as I purchased it for a year and could you tell me how to go about checking my drivers as driver booster updated around 9 drivers and even though the program says they are perfect how will i know if the correct drivers are installed?

Hi

Any software that says it can download and install drivers for you machine can create a plethora of problems, such as downloading and installing the wrong driver. Also, Iobits software has been caught stealing and using Malwarebytes intellectual property. So, there are ethical concerns regarding that company.

If you wish, you can read about it here: https://forums.malwa...ic=29681&page=1

As for keeping your drivers updated, please follow this link to watch a video on Microsoft's website that will show you how to set your system to automatically do it for you.

http://windows.micro...r-your-hardware

I uploaded the oneway.dll to virustotal but it didn't give me a log it showed that the file is harmless though and all scans had a green tick next to them.

Good I figured it was a false positive, but I wanted to make absolutely sure.


Let's run a sweep for remnants and check for out of date programs on your machine.


Step 1: Scan with Malwarebytes Anti-Malware


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


I see you have Malwarebytes' Anti-Malware installed.

• Please open the program.
• Click on the Update tab then click Check for Updates
  
  
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, check the following settings:
  
  • On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
  
  
  
• On the Scanner tab, check Perform quick scan.
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
  
  
  
• Make sure that everything is checked, and click Remove Selected.
  
  
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked.
  
• Make sure that the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
  
• Now click on Start
  
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically. The scan may take several hours.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• Now click on Finish
  
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan


Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

• ESET Scan Log
  
• MBAM Log
  
• SecurityCheck Log

[mrpooh3]

Hi Pystryker,
After reading the link you provided I decided to uninstall iobits products from my pc,my mums and dads aswell....I didn't realise just how dodgy they were,seemingly they haven't just stole from mbytes but other companies too.
When I scanned with mbytes the 1st time I forgot to disable kaspersky but after running both eset and security check I reran it with the same settings with av disabled and it still picked up nothing.Eset has picked up 2 pups though.
BTW thank you for the video I didn't realise windows could do this for you.
I also should have known better as I have been told this before in the past but forgot,years ago I used a program called either driver sweeper or driver detective and it installed all the wrong drivers on my pc(silly me!)
I have just finished sorting the drivers out on my mums lenovo as she has software installed that is direct manufacturer drivers so it was reasonably easy to install the correct drivers.
I used driverbooster on my dads pc the which is an acer and don't know how I am going to make sure all the correct drivers are installed,anyway here are my logs:



Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Allybongo :: ALLYBONGO-PC [administrator]

Protection: Disabled

23/02/2014 13:49:13
mbam-log-2014-02-23 (13-49-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302930
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=728f03c183bcfb478b9d64b4a1b4977b
# engine=17189
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-23 02:38:15
# local_time=2014-02-23 02:38:15 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 77209 145631345 0 0
# scanned=122237
# found=2
# cleaned=0
# scan_time=2303
sh=E695E9496DA3201028DECDDA712AF74A1B3F1796 ft=1 fh=449a19d6fa236af7 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe"
sh=E695E9496DA3201028DECDDA712AF74A1B3F1796 ft=1 fh=449a19d6fa236af7 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe"




Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.70 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe
Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe
Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````




btw should my windows firewall be enabled even though kaspersky has its own firewall,will they conflict?

[pystryker]

After reading the link you provided I decided to uninstall iobits products from my pc,my mums and dads aswell....I didn't realise just how dodgy they were,seemingly they haven't just stole from mbytes but other companies too.

Indeed, I'll never use their products. People work way to long and hard only to have their work stolen by others.

When I scanned with mbytes the 1st time I forgot to disable kaspersky but after running both eset and security check I reran it with the same settings with av disabled and it still picked up nothing.Eset has picked up 2 pups though.

That's ok, we'll deal with those PUP's below that ESET found.

BTW thank you for the video I didn't realise windows could do this for you.
I also should have known better as I have been told this before in the past but forgot,years ago I used a program called either driver sweeper or driver detective and it installed all the wrong drivers on my pc(silly me!)

You're quite welcome, and no worries about those programs. They do a good job of making it sound like their software will take care of any problems. Years ago, I used to use them as well.

I used driverbooster on my dads pc the which is an acer and don't know how I am going to make sure all the correct drivers are installed

What version of Windows is on your dad's computer? It should be close to the same method to find drivers for that pc as it is for yours.

btw should my windows firewall be enabled even though kaspersky has its own firewall,will they conflict?

I would keep the Windows firewall disabled and keep the Kaspersky one in place.


Let's show those PUP's the door and get your Flash Player up to date.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:Files
C:\ProgramData\IObit
C:\Users\All Users\IObit
netsh advfirewall reset /c
netsh advfirewall set allprofiles state off /c

:Commands
[reboot]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. If it doesn't open upon reboot, a copy of the log can be found here: C:\_OTL\MovedFiles Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 2: Update Adobe Flash Player


Please click here to update Adobe Flash Player.

Note: Make sure you uncheck the box to install McAfee Security Scan Plus before you download the update.


Things I need to see in your next post:

OTL Fix Log

[mrpooh3]

Hi,my dads px is windows 7 pro aswell.
Here is my otl results :


========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\ProgramData\IObit\Driver Booster\License folder moved successfully.
C:\ProgramData\IObit\Driver Booster folder moved successfully.
C:\ProgramData\IObit\ASCDownloader folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7 folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V6 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
File\Folder C:\Users\All Users\IObit not found.
< netsh advfirewall reset /c >
Ok.
C:\Users\Allybongo\Desktop\cmd.bat deleted successfully.
C:\Users\Allybongo\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
Ok.
C:\Users\Allybongo\Desktop\cmd.bat deleted successfully.
C:\Users\Allybongo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02232014_203058

[pystryker]

Great news, your logs are CLEAN! But we still have a few things we need to address namely:

• I need to remove the tools we installed on your machine.
  
• We need to set a new clean restore point on your machine.
  
• I also have some information for you and protection against a new ransomware program called CryptoLocker

Step 1: Download and Run DelFix

• Download Delfix from here
• Ensure Remove disinfection tools is ticked
  Also tick:
  
  • Create registry backup
  • Purge system restore
  
  
• Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

You can uninstall ESET Online Scanner at this time.

I'd recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds PUP's, you can safely delete those. If it finds something more serious, come see us.


Step 2: Download and install FileHippo


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information, and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

• Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  
• Be careful of the websites you visit.
  
• When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.
  
• To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Are there any further issues I can assist you with?

[mrpooh3]

hi pystryker,
no that is everything.
Thanks for helping me to get my pc clean again,it's much appreciated!

here is my log :


# DelFix v10.6 - Logfile created 23/02/2014 at 22:11:01
# Updated 11/11/2013 by Xplode
# Username : Allybongo - ALLYBONGO-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Allybongo\Desktop\aswmbr.exe
Deleted : C:\Users\Allybongo\Desktop\MBR.dat
Deleted : C:\Users\Allybongo\Desktop\OTL.exe
Deleted : C:\Users\Allybongo\Desktop\SecurityCheck.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #165 [Driver Booster : Dell Wireless 375 Bluetooth Module | 02/19/2014 18:41:09]
Deleted : RP #167 [Paint.NET v3.5.11 | 02/21/2014 09:54:04]
Deleted : RP #168 [Windows Update | 02/21/2014 15:32:56]
Deleted : RP #169 [PC Decrapifier Restore Point | 02/21/2014 19:36:26]
Deleted : RP #170 [OTL Restore Point - 22/02/2014 14:50:12 | 02/22/2014 14:50:14]
Deleted : RP #171 [Removed Paint.NET v3.5.11 | 02/23/2014 00:32:07]
Deleted : RP #172 [Removed Nero 11 InfoTool. | 02/23/2014 00:33:04]
Deleted : RP #173 [OTL Restore Point - 23/02/2014 20:31:08 | 02/23/2014 20:31:10]

New restore point created !

########## - EOF - ##########

[pystryker]

hi pystryker,
no that is everything.
Thanks for helping me to get my pc clean again,it's much appreciated!

You're very much welcome I noticed you are in Geek U, and I wish you luck with your training. Do not give up, for as one of my teachers told me "Graduation comes to those who want it."

Safe surfing!

Pystryker

[mrpooh3]

Thank you Pysryker,
I know it won't be easy but I am looking forward to it!

[Dakeyras]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.