Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus Removal Help Appreciated - Babylon/Delta?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus Removal Help Appreciated - Babylon/Delta?

Unread postby DHCrazyFoo » September 8th, 2013, 4:15 am

Hello,

I believe my business partner mistakenly installed a program without scanning the downloaded folder first and my machine has been compromised. The first symptom I noticed, was a browser tab that opens automatically with content asking me to scan my pc for viruses. I ran MalwareBytes Anti-Malware and it produced the following:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.07.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
360Tactics :: 360TACTICS-MOB1 [administrator]

9/7/2013 10:35:48 PM
mbam-log-2013-09-07 (22-35-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238610
Time elapsed: 26 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\360Tactics\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\360Tactics\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\360Tactics\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\360Tactics\AppData\Local\Temp\LyriXtmp.exe (PUP.Optional.LyricXeeker.A) -> Quarantined and deleted successfully.
C:\Users\360Tactics\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\360Tactics\Local Settings\Temporary Internet Files\Content.IE5\PW000N5P\LyriXeeker_1060-2028_v122[1] (PUP.Optional.LyricXeeker.A) -> Quarantined and deleted successfully.

(end)


----------------------------------------------
DDS - Below
----------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by 360Tactics at 1:02:58 on 2013-09-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.855 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\UTILIT~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\Utilities\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Utilities\AVG\AVG2013\avgidsagent.exe
C:\Program Files\Utilities\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Utilities\AVG\AVG2013\avgnsx.exe
C:\Program Files\Utilities\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\LENOVO\HOTKEY\shtctky.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Utilities\AVG\AVG2013\avgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Utilities\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\360Tactics\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k HsfXAudioService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://lenovo.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -
uRun: [LenovoWelcomeRegistration] c:\program files\lenovo\lenovo welcome\contentproviders\registrationcontentprovider\registrationengine\registrationengine.exe "/inif=c:\users\360tactics\RegData.txt"
uRun: [Google Update] "c:\users\360tactics\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ROC_ROC_APR2013_AV] c:\users\360tactics\appdata\roaming\avg april 2013 campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 704401089db747d38e91d16d383b898c-9ae9fb985bc8e4f8601ffddd3075d04d6d726ef4 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [AVG_UI] "c:\program files\utilities\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [tsnp2uvc] c:\windows\tsnp2uvc.exe
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Launch Backup Service Once] c:\program files\lenovo\rescue and recovery\rrstrigger.exe -start
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{3EF9F4A1-2D82-421C-8F8B-C6446233D5EC} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{3EF9F4A1-2D82-421C-8F8B-C6446233D5EC}\05163696669636023507F6274737023456E64756270213 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3EF9F4A1-2D82-421C-8F8B-C6446233D5EC}\3456E647572797C496E6B603233343 : DHCPNameServer = 192.168.0.1 205.171.2.65
TCP: Interfaces\{3EF9F4A1-2D82-421C-8F8B-C6446233D5EC}\84166756278496C6C6 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{845520A3-F653-462C-B17E-2D86F1492A27} : DHCPNameServer = 172.16.1.1 172.16.1.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\360tactics\appdata\roaming\mozilla\firefox\profiles\jrg0sju5.default\
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\360tactics\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-09-05 14:58; {8850f748-e69b-42ff-a449-7ad3cf153bcc}; c:\users\360tactics\appdata\roaming\mozilla\firefox\profiles\jrg0sju5.default\extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc}
FF - ExtSQL: 2013-09-05 14:58; {74fa6b20-2ae6-4584-a4fd-4ac734f8d210}; c:\users\360tactics\appdata\roaming\mozilla\firefox\profiles\jrg0sju5.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 10b42558000000000000904ce5da16dd
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15931
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.017:16:01
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tt=110813_Dmntr&tsp=4974
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-7-10 39224]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2013-4-22 25416]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2012-9-6 20328]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2013-4-22 13680]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-9-1 1692920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\utilities\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\utilities\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-9-1 98304]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-6-28 1440080]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2013-4-23 44024]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2013-4-23 62456]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2013-4-22 116368]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2013-4-22 125504]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-1 485376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-6 29472]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2010-2-6 88832]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-7 40776]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-2-6 1665832]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2013-4-22 127072]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-9-1 106496]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2013-4-22 280640]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2013-4-22 1664296]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-4 1124848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-4-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-23 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 ApRunSvc;Alps Application Launcher Service;c:\program files\apoint2k\aprunsvc.exe --> c:\program files\apoint2k\ApRunSvc.exe [?]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-09-08 05:32:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-29 18:16:27 -------- d-----w- c:\program files\Belarc
2013-08-17 05:28:02 92056 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-08-17 05:28:02 272792 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-08-17 05:28:02 20616088 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-08-17 05:28:02 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-08-17 05:28:01 869656 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-08-17 05:28:01 152984 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2013-08-17 05:28:00 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-08-17 05:28:00 17304 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2013-08-17 04:33:07 -------- d-----w- c:\windows\system32\appmgmt
2013-08-15 17:45:10 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-15 17:45:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-08-15 17:45:00 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-08-15 17:45:00 108032 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2013-08-15 17:43:00 -------- d-----w- c:\windows\system32\searchplugins
2013-08-15 17:43:00 -------- d-----w- c:\windows\system32\Extensions
2013-08-14 00:16:23 -------- d-----w- c:\users\360tactics\appdata\roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 00:15:21 -------- d-----w- c:\users\360tactics\appdata\roaming\DSite
2013-08-14 00:15:19 -------- d-----w- c:\programdata\Babylon
2013-08-13 23:52:23 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-13 23:52:21 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-13 23:52:21 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-13 23:52:20 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-13 23:52:20 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-13 23:52:16 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-13 23:52:16 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 23:52:14 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-13 23:52:13 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-13 23:52:13 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-13 23:52:02 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-13 23:51:56 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
==================== Find3M ====================
.
2013-08-18 20:29:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-18 20:29:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-20 08:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 08:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 08:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 08:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 08:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-09 05:19:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-09 05:19:51 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-09 05:19:51 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 1:04:07.27 ===============


-------------------------------------
Attach Below
-------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/22/2013 1:44:44 PM
System Uptime: 9/7/2013 7:43:34 PM (6 hours ago)
.
Motherboard: LENOVO | | 2714CTO
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | None | 2508/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 155.742 GiB free.
F: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 3.112 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 8/15/2013 10:43:48 AM - Windows Update
RP51: 8/30/2013 2:33:47 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Registry Patch to arrange icons in Device and Printers folder of Windows 7
2007 Microsoft Office system
7-Zip 9.20
Access Help
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader XI (11.0.02)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Software Update
AT&T Service Activation
AVG 2013
Belarc Advisor 8.3
Business Contact Manager for Outlook 2007 SP2
Conexant 20561 SmartAudio HD
Connect
Create Recovery Media
DirectX 9 Runtime
FileZilla Client 3.5.3
Google Chrome
Google Drive
Google Update Helper
IETester v0.5.2 (remove only)
Integrated Camera
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD 8
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
KeePass Password Safe 2.22
kuler
Lenovo Fingerprint Software
Lenovo Patch Utility
Lenovo Power Management Driver
Lenovo System Interface Driver
Lenovo System Update
Lenovo ThinkVantage Toolbox
Lenovo Welcome
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Research AutoCollage Touch 2009
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Broadband Connect
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
On Screen Display
Opera 12.15
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Power Manager
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
RICOH R5U8xx Media Driver ver.3.64.02
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Suite Shared Configuration CS4
System Migration Assistant
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
UltraVnc
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Wireless Mobile Broadband Self Activation
VLC media player 2.0.6
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
Windows Driver Package - Sonix (SNP2UVC) Image (08/03/2009 5.8.53003.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WOW Slider
Zip Opener Packages
.
==== Event Viewer Messages From Past Week ========
.
9/7/2013 7:31:16 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/7/2013 7:29:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
9/7/2013 7:24:34 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/7/2013 7:22:54 PM, Error: Service Control Manager [7016] - The Data Transfer Service service has reported an invalid current state 0.
9/5/2013 3:36:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JORDAN-DESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DA5FBBDD-186C-48DD-B786-536. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================



Thank you in advance for your help.

- Jordan
DHCrazyFoo
Active Member
 
Posts: 7
Joined: September 8th, 2013, 2:53 am
Advertisement
Register to Remove

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby Cypher » September 10th, 2013, 11:52 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

I believe my business partner mistakenly installed a program without scanning the downloaded folder first and my machine has been compromised.

Do you use this computer for business purposes? let me know in your next reply.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Logs/Information to Post in your Next Reply

  • Is this computer used for business?
  • CKFiles.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby DHCrazyFoo » September 11th, 2013, 12:38 am

Thanks for your help Cypher.

1. I don't generally use this laptop for business but loaned it to my partner one day as his was broken.

2. CKFiles Report below:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.MGNABZ
----- EOF -----
DHCrazyFoo
Active Member
 
Posts: 7
Joined: September 8th, 2013, 2:53 am

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby Cypher » September 11th, 2013, 5:37 am

Hi,
Thanks for your help Cypher.

My pleasure.
Ok continue with the instructions below and post the requested logs.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner[S1].txt
  • JRT.txt.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby DHCrazyFoo » September 11th, 2013, 4:28 pm

Please note, I re-enabled windows firewall after running the scans.

AdwCleaner:

# AdwCleaner v3.003 - Report created 11/09/2013 at 12:12:50
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : 360Tactics - 360TACTICS-MOB1
# Running from : C:\Users\360Tactics\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\360Tactics\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\360Tactics\AppData\Roaming\DSite
File Deleted : C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\\invalidprefs.js
File Deleted : C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\searchplugins\Babylon.xml
File Deleted : C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\user.js
File Deleted : C:\Users\360Tactics\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D7C7974-308F-4BBC-A922-4EE2B5EAB061}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D7C7974-308F-4BBC-A922-4EE2B5EAB061}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\5a68cddb639e949
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "10b42558000000000000904ce5da16dd");
Line Deleted : user_pref("extensions.delta.instlDay", "15931");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.017:16:01");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=110813_Dmntr&tsp=4974");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v

[ File : C:\Users\360Tactics\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4084 octets] - [11/09/2013 12:09:40]
AdwCleaner[S0].txt - [4185 octets] - [11/09/2013 12:12:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4245 octets] ##########


JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x86
Ran by 360Tactics on Wed 09/11/2013 at 12:31:19.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4168590997-1770708987-3627910188-1003\Software\SweetIM



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\360Tactics\AppData\Roaming\mozilla\firefox\profiles\jrg0sju5.default\invalidprefs.js
Emptied folder: C:\Users\360Tactics\AppData\Roaming\mozilla\firefox\profiles\jrg0sju5.default\minidumps [3 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\360Tactics\appdata\local\Google\Chrome\User Data\Default\Extensions\epojlgbehpaeekopencdagbdamnkppci



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/11/2013 at 12:34:51.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL:

OTL logfile created on: 9/11/2013 12:57:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\360Tactics\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.66% Memory free
5.92 Gb Paging File | 4.33 Gb Available in Paging File | 73.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 156.27 Gb Free Space | 70.41% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.11 Gb Free Space | 31.86% Space Free | Partition Type: NTFS

Computer Name: 360TACTICS-MOB1 | User Name: 360Tactics | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/11 12:55:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\360Tactics\Desktop\OTL.exe
PRC - [2013/08/18 13:29:50 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/08/16 22:28:23 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Utilities\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Utilities\AVG\AVG2013\avgui.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2013/03/18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe
PRC - [2013/03/18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2013/03/18 17:07:58 | 000,602,112 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2013/02/26 10:01:24 | 000,062,456 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013/02/26 10:01:22 | 000,060,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013/02/26 10:01:08 | 000,044,024 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Utilities\AVG\AVG2013\avgcfgex.exe
PRC - [2013/01/10 06:45:00 | 000,127,784 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2012/12/18 21:15:46 | 000,331,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2012/12/18 12:31:06 | 000,116,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 16:57:12 | 000,085,648 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\shtctky.exe
PRC - [2012/12/04 14:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2012/11/29 19:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/07/12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/09/01 00:32:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/09/01 00:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/07/01 19:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 12:16:08 | 000,128,512 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\_elementtree.pyd
MOD - [2013/09/11 12:16:07 | 000,557,056 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\pysqlite2._sqlite.pyd
MOD - [2013/09/11 12:16:07 | 000,098,816 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32api.pyd
MOD - [2013/09/11 12:16:07 | 000,044,032 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\_socket.pyd
MOD - [2013/09/11 12:16:07 | 000,026,624 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\_multiprocessing.pyd
MOD - [2013/09/11 12:16:07 | 000,022,528 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32ts.pyd
MOD - [2013/09/11 12:16:06 | 000,805,888 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\wx._gdi_.pyd
MOD - [2013/09/11 12:16:06 | 000,504,832 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\windows._cacheinvalidation.pyd
MOD - [2013/09/11 12:16:06 | 000,320,512 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32com.shell.shell.pyd
MOD - [2013/09/11 12:16:06 | 000,070,656 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\wx._html2.pyd
MOD - [2013/09/11 12:16:06 | 000,011,264 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32crypt.pyd
MOD - [2013/09/11 12:16:05 | 000,735,232 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\wx._misc_.pyd
MOD - [2013/09/11 12:16:05 | 000,364,544 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\pythoncom27.dll
MOD - [2013/09/11 12:16:05 | 000,087,040 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\_ctypes.pyd
MOD - [2013/09/11 12:16:05 | 000,017,408 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32profile.pyd
MOD - [2013/09/11 12:16:04 | 001,175,040 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\wx._core_.pyd
MOD - [2013/09/11 12:16:04 | 001,153,024 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\_ssl.pyd
MOD - [2013/09/11 12:16:04 | 000,110,080 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\PyWinTypes27.dll
MOD - [2013/09/11 12:16:04 | 000,108,544 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32security.pyd
MOD - [2013/09/11 12:16:04 | 000,025,600 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32pdh.pyd
MOD - [2013/09/11 12:16:03 | 001,062,400 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\wx._controls_.pyd
MOD - [2013/09/11 12:16:03 | 000,811,008 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\wx._windows_.pyd
MOD - [2013/09/11 12:16:03 | 000,711,680 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\_hashlib.pyd
MOD - [2013/09/11 12:16:03 | 000,686,080 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\unicodedata.pyd
MOD - [2013/09/11 12:16:03 | 000,127,488 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\pyexpat.pyd
MOD - [2013/09/11 12:16:03 | 000,122,368 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\wx._wizard.pyd
MOD - [2013/09/11 12:16:03 | 000,119,808 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32file.pyd
MOD - [2013/09/11 12:16:03 | 000,038,912 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32inet.pyd
MOD - [2013/09/11 12:16:03 | 000,035,840 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32process.pyd
MOD - [2013/09/11 12:16:03 | 000,018,432 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\win32event.pyd
MOD - [2013/09/11 12:16:03 | 000,010,240 | ---- | M] () -- C:\Users\360Tactics\AppData\Local\Temp\_MEI49202\select.pyd
MOD - [2013/08/18 13:29:50 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/08/16 22:28:21 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/08/28 15:27:20 | 000,247,096 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2009/07/01 19:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Apoint2K\ApRunSvc.exe -- (ApRunSvc)
SRV - [2013/08/18 13:29:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/16 22:28:22 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Utilities\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\Utilities\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/26 15:57:38 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/23 18:05:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/04/23 10:42:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/03/18 17:26:10 | 000,272,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2013/03/18 17:26:00 | 000,133,416 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2013/02/26 10:01:24 | 000,062,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2013/02/26 10:01:08 | 000,044,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2013/01/10 06:45:00 | 001,665,832 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2013/01/10 06:45:00 | 001,664,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2013/01/10 06:45:00 | 000,280,640 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2012/12/18 12:31:06 | 000,116,368 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/04 14:04:40 | 000,125,504 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2012/08/24 18:33:26 | 000,127,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/09/01 00:32:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/09/01 00:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/09/01 00:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/04 22:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/28 19:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/01/10 06:45:00 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2013/01/10 06:45:00 | 000,018,280 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2012/09/06 10:49:06 | 000,020,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2012/07/23 11:11:44 | 000,129,384 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/02/06 12:55:51 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/12/09 14:54:46 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/10/05 17:56:06 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/09/15 13:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/14 21:30:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/14 20:36:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/07 02:00:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/09/01 02:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 16:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/02 11:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/06/22 20:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/06/11 01:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/05/10 19:33:48 | 000,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2009/04/28 19:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8B5E8588-3DE6-4EA2-8A5E-97C8C435505B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{BBD37C66-AFE1-44C0-8692-1B11177A834F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B8850f748-e69b-42ff-a449-7ad3cf153bcc%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B74fa6b20-2ae6-4584-a4fd-4ac734f8d210%7D:3.3
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.41
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\360Tactics\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\360Tactics\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/04/23 11:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\360Tactics\AppData\Roaming\Mozilla\Extensions
[2013/09/10 20:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\extensions
[2013/09/10 20:45:18 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/09/05 14:58:30 | 000,000,000 | ---D | M] (BargainJoy) -- C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}
[2013/09/05 14:58:25 | 000,000,000 | ---D | M] (Coupons Malibu) -- C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc}
[2013/08/16 19:48:34 | 000,000,000 | ---D | M] (LyricXeeker) -- C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\extensions\128
[2013/05/09 13:10:02 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/08/16 22:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2013/08/16 22:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 22:28:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - Extension: No name found = C:\Users\360Tactics\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\360Tactics\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\360Tactics\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\360Tactics\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\360Tactics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.31.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\Utilities\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\360Tactics\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 704401089db747d38e91d16d383b898c-9ae9fb985bc8e4f8601ffddd3075d04d6d726ef4 --CMPID 0913a File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [LenovoWelcomeRegistration] C:\Program Files\Lenovo\Lenovo Welcome\ContentProviders\RegistrationContentProvider\RegistrationEngine\RegistrationEngine.exe ()
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\360Tactics\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 704401089db747d38e91d16d383b898c-9ae9fb985bc8e4f8601ffddd3075d04d6d726ef4 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EF9F4A1-2D82-421C-8F8B-C6446233D5EC}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{845520A3-F653-462C-B17E-2D86F1492A27}: DhcpNameServer = 172.16.1.1 172.16.1.2
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 09:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{11fd42a4-acb0-11e2-b5b9-00247edf607f}\Shell - "" = AutoRun
O33 - MountPoints2\{11fd42a4-acb0-11e2-b5b9-00247edf607f}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{11fd42b8-acb0-11e2-b5b9-00247edf607f}\Shell - "" = AutoRun
O33 - MountPoints2\{11fd42b8-acb0-11e2-b5b9-00247edf607f}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{c25534a0-1355-11df-bb19-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c25534a0-1355-11df-bb19-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 14:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{e7a3a2ec-efff-11e2-ad0d-904ce5da16dd}\Shell - "" = AutoRun
O33 - MountPoints2\{e7a3a2ec-efff-11e2-ad0d-904ce5da16dd}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/11 12:55:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\360Tactics\Desktop\OTL.exe
[2013/09/11 12:31:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/11 12:24:29 | 001,029,490 | ---- | C] (Thisisu) -- C:\Users\360Tactics\Desktop\JRT.exe
[2013/09/11 12:09:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/29 11:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2013/08/16 22:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/16 21:33:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013/08/15 10:43:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013/08/15 10:43:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions

========== Files - Modified Within 30 Days ==========

[2013/09/11 12:55:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\360Tactics\Desktop\OTL.exe
[2013/09/11 12:53:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/11 12:53:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/11 12:29:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168590997-1770708987-3627910188-1003UA.job
[2013/09/11 12:29:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4168590997-1770708987-3627910188-1003Core.job
[2013/09/11 12:24:29 | 001,029,490 | ---- | M] (Thisisu) -- C:\Users\360Tactics\Desktop\JRT.exe
[2013/09/11 12:23:04 | 000,021,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 12:23:04 | 000,021,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 12:21:46 | 000,670,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/11 12:21:46 | 000,124,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/11 12:15:53 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/11 12:15:13 | 2384,486,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 12:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/11 12:06:21 | 001,037,278 | ---- | M] () -- C:\Users\360Tactics\Desktop\adwcleaner.exe
[2013/09/10 21:23:05 | 000,468,480 | ---- | M] () -- C:\Users\360Tactics\Desktop\CKScanner.exe
[2013/09/10 00:26:14 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/09/07 20:15:09 | 000,000,073 | ---- | M] () -- C:\Users\360Tactics\AppData\Roaming\WB.CFG
[2013/09/07 20:15:09 | 000,000,005 | ---- | M] () -- C:\Users\360Tactics\AppData\Roaming\WBPU-TTL.DAT
[2013/09/06 16:09:33 | 000,002,414 | ---- | M] () -- C:\Users\360Tactics\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/29 11:16:29 | 000,002,105 | ---- | M] () -- C:\Users\360Tactics\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/08/29 11:16:29 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/08/18 13:06:04 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/08/18 13:06:04 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2040.DAT
[2013/08/16 19:47:17 | 002,394,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/15 18:33:13 | 040,957,778 | ---- | M] () -- C:\Users\360Tactics\Desktop\GMWB_1.psd

========== Files Created - No Company Name ==========

[2013/09/11 12:06:21 | 001,037,278 | ---- | C] () -- C:\Users\360Tactics\Desktop\adwcleaner.exe
[2013/09/10 21:23:04 | 000,468,480 | ---- | C] () -- C:\Users\360Tactics\Desktop\CKScanner.exe
[2013/08/29 11:16:29 | 000,002,105 | ---- | C] () -- C:\Users\360Tactics\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2013/08/29 11:16:29 | 000,002,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2013/08/29 11:16:29 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013/08/13 20:52:24 | 040,957,778 | ---- | C] () -- C:\Users\360Tactics\Desktop\GMWB_1.psd
[2013/08/13 18:15:04 | 000,000,073 | ---- | C] () -- C:\Users\360Tactics\AppData\Roaming\WB.CFG
[2013/08/13 18:15:04 | 000,000,005 | ---- | C] () -- C:\Users\360Tactics\AppData\Roaming\WBPU-TTL.DAT
[2013/05/13 19:26:20 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/05/13 19:26:20 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2040.DAT
[2013/04/23 12:05:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/04/22 23:36:12 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2013/04/22 23:36:12 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2013/04/22 23:36:12 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/04/22 23:36:11 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2013/04/22 23:36:11 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/04/22 14:00:01 | 000,000,507 | ---- | C] () -- C:\Users\360Tactics\Desktop.lnk

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/22 17:39:00 | 000,000,000 | ---D | M] -- C:\Users\360Tactics\AppData\Roaming\AVG2013
[2013/04/23 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\360Tactics\AppData\Roaming\FireShot
[2013/08/30 13:46:40 | 000,000,000 | ---D | M] -- C:\Users\360Tactics\AppData\Roaming\KeePass
[2013/04/24 19:10:07 | 000,000,000 | ---D | M] -- C:\Users\360Tactics\AppData\Roaming\Notepad++
[2013/04/23 02:03:49 | 000,000,000 | ---D | M] -- C:\Users\360Tactics\AppData\Roaming\Opera
[2013/04/23 00:46:33 | 000,000,000 | ---D | M] -- C:\Users\360Tactics\AppData\Roaming\PwrMgr
[2013/04/22 17:37:23 | 000,000,000 | ---D | M] -- C:\Users\360Tactics\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >


Extras:


OTL Extras logfile created on: 9/11/2013 12:57:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\360Tactics\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.66% Memory free
5.92 Gb Paging File | 4.33 Gb Available in Paging File | 73.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 156.27 Gb Free Space | 70.41% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.11 Gb Free Space | 31.86% Space Free | Partition Type: NTFS

Computer Name: 360TACTICS-MOB1 | User Name: 360Tactics | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09D16451-5B0E-4D74-9F2B-F9FA2B554A60}" = rport=139 | protocol=6 | dir=out | app=system |
"{17AC5ED1-58C7-4600-AD72-782CFF7BCBB5}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{196C37E0-BFC3-450C-A4B9-B8CB79AF8F3A}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F70BA0C-5E6E-4EF2-B79E-3349DC0232FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{4DBEB49D-7530-438D-8478-A317FF76F077}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54FBD6F2-989B-489A-AB5D-E3B721E48140}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59A4CD85-2EEF-41BE-A86E-517BA20502AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F10B655-A946-4C98-A19E-405D0E63051D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{686C8B2C-F075-4CAB-986C-78C0BB6CC2D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{6AC2E781-4714-48FB-AA9A-05ABBA5C3262}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E75C076-F523-4CFD-8204-169D0C8CAE3F}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{76F4A54D-41D4-47DB-B54E-17C5A4A40260}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82787432-A4AB-498C-BB31-CFA6D637EBE8}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{8590CDC7-B45F-45F5-A93D-0AF274555560}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85A597B3-E48F-4BB4-AFAB-09FA81F70C51}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87B1999F-87E6-4178-8A52-5F5C82FB26DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91E48944-3905-45F5-B8B5-FB5EE13EE4DB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96E6F5D2-0002-4579-B7AB-9B3B9E8DEC0D}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{97E0BE5E-EF4F-436B-9FF0-A916299A49E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A075D3F-B9BC-4DB0-9540-EF9E76FC759F}" = rport=137 | protocol=17 | dir=out | app=system |
"{A83F31C5-FE32-4A59-B832-38301E13A549}" = lport=3389 | protocol=6 | dir=in | app=system |
"{AD6A09A2-B42B-4B9B-98E6-8D898682709B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B6FA47FF-CA6F-46E4-9940-EB175DB06946}" = lport=445 | protocol=6 | dir=in | app=system |
"{B9B9FD43-FBC1-460F-805D-EBA0D5192282}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{BB172897-A2AC-4A22-A02D-518C5C5BA0B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C30BACBD-626E-4F1B-80C5-8F1577D4ADB2}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{C49F73FA-0B84-4636-B79F-D224188A5C0F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D31B07CC-906A-44C7-9C09-23F1D16DE2E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA947500-9371-4322-9125-995AECBE4F2A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DAE4A652-76C2-4112-A755-460DBB3D3181}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E55CFD90-30C4-48D0-A5CC-DD3C1583E1DA}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{ED151F25-8D44-4616-9DB0-690CF1BBFFF0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBEB3E66-8F53-445A-B1F5-51B157E51707}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D6B77-2D8F-440B-9636-65BEBDE58DE4}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{00883772-632D-4F69-B7F0-C01B322D0DCC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09129A68-8A31-4C84-81E8-ECF6FA1FAF0E}" = protocol=17 | dir=in | app=c:\program files\utilities\avg\avg2013\avgdiagex.exe |
"{0B15330B-7A60-45F9-BA7A-04187BAD9409}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BF9FE6C-95E6-45BE-A991-38C5053B2752}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{155DD2FE-BFBA-4EDD-B2C0-B5D117D08BA1}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{15D01726-AAA5-4191-B0F0-1C140A39BEEF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1770D67C-53A9-4181-ABA2-B21FA7FAEDD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D10A2FC-A878-47F7-A3F3-5A66B6B5B230}" = protocol=6 | dir=in | app=c:\program files\utilities\avg\avg2013\avgemcx.exe |
"{22C91DBC-F520-49DA-B1A3-2CBDAB50291A}" = protocol=6 | dir=in | app=c:\program files\utilities\avg\avg2013\avgmfapx.exe |
"{2440618B-1DDB-4EAE-A726-C65519F9CC86}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2CCE277C-1652-4822-9A65-1C8C58B7D0BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2D9E067E-71ED-43E7-8C84-8576C2BFFBA6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{38D72C20-3EE4-4D3A-BD6C-12E57E7728A8}" = protocol=17 | dir=in | app=c:\program files\uvnc bvba\ultravnc\vncviewer.exe |
"{4106DE25-3A46-4420-8A3F-AD1A9A145EE6}" = protocol=17 | dir=in | app=c:\program files\utilities\avg\avg2013\avgnsx.exe |
"{41A48991-7633-4F10-B904-C067D4810D66}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4673FCB8-862E-4CDB-942B-BBD2838E7529}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B7E6A9F-409D-4C2C-93D6-CC224BAB8A84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57A11EFE-DD59-4AF5-992E-782E755AAFD3}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{5A4F920B-C344-43C2-B72F-908E75E365D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C57E6CD-461B-4EDD-A9BB-04B3B58049E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C72E6A9-1066-4927-AED3-E50C4C273AE1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{65844707-482C-4842-A192-AD563047C1FF}" = protocol=6 | dir=in | app=c:\program files\uvnc bvba\ultravnc\winvnc.exe |
"{65FEC920-E3D3-41D7-9E4F-20EE73A1419D}" = protocol=17 | dir=in | app=c:\program files\utilities\avg\avg2013\avgemcx.exe |
"{6DA5DC83-CE5E-4A0D-841D-C0A7D800DC65}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73D2AE5E-EF6B-4FAD-AB22-5B2F3B6B42AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7D0674AB-36DE-4AC6-A13F-3B2FD714A021}" = protocol=6 | dir=in | app=c:\program files\uvnc bvba\ultravnc\vncviewer.exe |
"{84CCA413-7D9F-4123-BA30-FB0E3C36F266}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{867C0E34-A831-4143-9FA4-7E709BC62E14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92739C66-AE04-4B37-89B1-F0718A593626}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98EE6007-0BBA-4C11-B74D-46D36B033FBD}" = protocol=17 | dir=in | app=c:\program files\uvnc bvba\ultravnc\winvnc.exe |
"{A01C3461-BDF3-49E4-AD7E-341F7793B9FD}" = protocol=6 | dir=in | app=c:\program files\utilities\avg\avg2013\avgdiagex.exe |
"{A430D184-C35B-491A-AD91-9B905DC8371D}" = protocol=6 | dir=in | app=c:\program files\utilities\avg\avg2013\avgnsx.exe |
"{A64EFC6D-A939-497A-9A15-FF875C83BF65}" = protocol=17 | dir=in | app=c:\program files\utilities\avg\avg2013\avgmfapx.exe |
"{B2F6CCCC-A961-423D-84EC-2F883067BD36}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B8E29568-AB50-43D4-A638-7FEBCEA8FF4C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{BC3E442C-E5E6-41B6-93DC-65535E2521B7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{CAD35177-7DA8-4557-8A0C-9B46921D0326}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D70A8897-C36F-4641-B6B6-DF2DDA13D077}" = protocol=6 | dir=out | app=system |
"{DC1A2C8A-0329-4CB4-BB72-A84F7485FCA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBE8E361-787E-45B1-9655-F11EFD71EB52}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EDE7EA81-CD44-4279-8F74-800B86AC3294}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FA4AC2CD-34D7-44B3-8FF6-B79356103BDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA555C5E-7F83-4797-B3BB-466BA9C48C25}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{FAA04625-C115-47BE-8F10-E0167DCCC5F0}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{6FED14F5-74CD-4A56-879E-7D25848084AA}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"UDP Query User{2501BE13-7770-409E-A3E2-C43E601157E2}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1D2FF661-4402-4D75-AA40-B23FCAF81D32}" = Lenovo Patch Utility
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}" = System Migration Assistant
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B7B957-0F45-4BDC-85BA-08F80D49B9BC}" = Mobile Broadband Connect
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
"1D1219CED4DAD562C114C845725DCA2DCB312803" = Windows Driver Package - Sonix (SNP2UVC) Image (08/03/2009 5.8.53003.0)
"1FBDB507F002A372EB195A0ACF6E2A2F9D34689E" = Windows Driver Package - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
"5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
"7-Zip" = 7-Zip 9.20
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AVG" = AVG 2013
"Belarc Advisor" = Belarc Advisor 8.3
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D50474ACAF488895A3CE5D30373288EA6AD46EAA" = Windows Driver Package - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FileZilla Client" = FileZilla Client 3.5.3
"HECI" = Intel(R) Management Engine Interface
"IETester" = IETester v0.5.2 (remove only)
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OnScreenDisplay" = On Screen Display
"Opera 12.15.1748" = Opera 12.15
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = Lenovo Power Management Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ULTIMATER" = Microsoft Office Ultimate 2007
"Ultravnc2_is1" = UltraVnc
"VLC media player" = VLC media player 2.0.6
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WOW Slider_is1" = WOW Slider

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Lenovo-Message Center Plus/Admin Events ]
Error - 6/6/2013 9:09:56 PM | Computer Name = 360Tactics-Mob1 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'expressCacheCheck': mSataDetection.exe

Error - 6/22/2013 8:18:10 PM | Computer Name = 360Tactics-Mob1 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 6/29/2013 7:07:33 AM | Computer Name = 360Tactics-Mob1 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The remote server returned an error: (403) Forbidden. -> Exception
message: The remote server returned an error: (403) Forbidden.

[ System Events ]
Error - 9/11/2013 3:52:56 PM | Computer Name = 360Tactics-Mob1 | Source = DCOM | ID = 10010
Description =


< End of report >
DHCrazyFoo
Active Member
 
Posts: 7
Joined: September 8th, 2013, 2:53 am

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby Cypher » September 12th, 2013, 5:44 am

Hi,
Good work so far, i need you to run another scan for me.

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :filefind
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *Delta*
    
    :folderfind
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *Delta*
    
    :Regfind
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    trolltech
    babylon
    Delta
    
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby DHCrazyFoo » September 12th, 2013, 6:15 am

SystemLook 04.09.10 by jpshortstuff
Log created at 02:53 on 12/09/2013 by 360Tactics
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Users\360Tactics\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [19:30 11/09/2013] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\AdwCleaner\Quarantine\C\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\searchplugins\Babylon.xml.vir --a---- 6549 bytes [00:15 14/08/2013] [00:15 14/08/2013] B908E6B0DC3A1F1D3AAAAF4F7E3FC0C9
C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\Babylon.dat --a---- 12384 bytes [00:15 14/08/2013] [12:17 19/02/2013] 825E5733974586A0A1229A53361ED13E

Searching for "*Delta*"
C:\Program Files\Adobe\Adobe Flash CS4\Common\First Run\Classes\mx\data\components\datasetclasses\Delta.as --a---- 3012 bytes [03:27 10/09/2008] [03:27 10/09/2008] BB5D9762741444706C4DBEA8E3B2A7CA
C:\Program Files\Adobe\Adobe Flash CS4\Common\First Run\Classes\mx\data\components\datasetclasses\DeltaImpl.as --a---- 5595 bytes [03:27 10/09/2008] [03:27 10/09/2008] 82DFCBDD8952934D2730D58B37DDEABA
C:\Program Files\Adobe\Adobe Flash CS4\Common\First Run\Classes\mx\data\components\datasetclasses\DeltaItem.as --a---- 4765 bytes [03:27 10/09/2008] [03:27 10/09/2008] CF593B4E6A785304836F751F96434626
C:\Program Files\Adobe\Adobe Flash CS4\Common\First Run\Classes\mx\data\components\datasetclasses\DeltaPacket.as --a---- 2872 bytes [03:27 10/09/2008] [03:27 10/09/2008] 88EDA7DD7EE687F0AF55336B0E630111
C:\Program Files\Adobe\Adobe Flash CS4\Common\First Run\Classes\mx\data\components\datasetclasses\DeltaPacketConsts.as --a---- 760 bytes [03:27 10/09/2008] [03:27 10/09/2008] E1EC7E36DBD146CAEC46CFA8522B795A
C:\Program Files\Adobe\Adobe Flash CS4\Common\First Run\Classes\mx\data\components\datasetclasses\DeltaPacketImpl.as --a---- 5785 bytes [03:27 10/09/2008] [03:27 10/09/2008] E50B6442840F0303AD1473B3295264D9
C:\Program Files\Adobe\Adobe Flash CS4\Common\First Run\Classes\mx\data\components\datasetclasses\DeltaTreeDataProvider.as --a---- 2362 bytes [03:27 10/09/2008] [03:27 10/09/2008] D6016221A375DE30494D912987A96516
C:\Program Files\Adobe\Adobe Flash CS4\Common\First Run\Classes\mx\data\encoders\DatasetDeltaToXUpdateDelta.as --a---- 14630 bytes [03:27 10/09/2008] [03:27 10/09/2008] 5E64B7600A42B8662B3E48197C2DD9B3
C:\Program Files\Adobe\Adobe Flash CS4\en\First Run\DataTypes\DeltaPacket.xml --a---- 739 bytes [03:29 10/09/2008] [03:29 10/09/2008] 25D8DA999BD85478674890EDD5BAE28C
C:\Program Files\Adobe\Adobe Flash CS4\en\First Run\Encoders\DatasetDeltaToXUpdateDelta.xml --a---- 545 bytes [03:29 10/09/2008] [03:29 10/09/2008] 3223F632D0F537ADA34731E44AB9D21B
C:\Program Files\Common Files\Adobe\Help\en_US\Photoshop\11.0\images\P_Delta_Sm_N.png --a---- 462 bytes [01:23 24/04/2013] [18:38 19/09/2008] 0ED5EEF9C7473AE5CC24F9275CF9EA80
C:\Users\360Tactics\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PW000N5P\bab138.deltatb_dmn[1].zpb --a---- 254 bytes [00:15 14/08/2013] [00:15 14/08/2013] 951FC8A77BE82D63DAEED0E03BBE7DFB
C:\Users\360Tactics\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PW000N5P\DeltaTB[1].zpb --a---- 1680349 bytes [00:15 14/08/2013] [00:15 14/08/2013] 631FADECC74645D819DF1DD876CB8F3C
C:\Users\360Tactics\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SF0EAK4X\DeltaChromeTB[1].zpb --a---- 79730 bytes [00:15 14/08/2013] [00:15 14/08/2013] 579079E15DA9E51CF71CE080D8171BF8
C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\bab138.deltatb_dmn.dat --a---- 223 bytes [11:00 18/04/2013] [11:00 18/04/2013] 36A34B46B83F95A7C32D5CFB57F9775C
C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\bab138.deltatb_dmn.zpb --a---- 254 bytes [00:15 14/08/2013] [00:15 14/08/2013] 951FC8A77BE82D63DAEED0E03BBE7DFB
C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\Delta.crx --a---- 16913 bytes [10:15 23/05/2013] [10:15 23/05/2013] 7732BEF52DEF6B441309A2B203CB62D0
C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\Delta.ico --a---- 5430 bytes [15:25 23/04/2013] [15:25 23/04/2013] 97EE720DD3678F23D02D166E522402AC
C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\DeltaChromeTB.zpb --a---- 79730 bytes [00:15 14/08/2013] [00:15 14/08/2013] 579079E15DA9E51CF71CE080D8171BF8
C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\DeltaTB.zpb --a---- 1680349 bytes [00:15 14/08/2013] [00:15 14/08/2013] 631FADECC74645D819DF1DD876CB8F3C
C:\Windows\System32\msdelta.dll --a---- 305152 bytes [23:12 13/07/2009] [01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\FileMaps\$$_media_delta_0f36d7d9b4f7293c.cdf-ms --a---- 2416 bytes [02:19 14/07/2009] [04:52 14/07/2009] 5EE5B381CD23388A5B123ADC3E9332A6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33.manifest --a---- 2886 bytes [02:03 14/07/2009] [01:54 14/07/2009] 110D843CC1C2B3A02A46D4AD962C04B6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc.manifest --a---- 2459 bytes [02:03 14/07/2009] [01:57 14/07/2009] 6A0B78A725C86457BCED783D682C9BB5
C:\Windows\winsxs\Manifests\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_6be6001a9349f456.manifest ------- 2459 bytes [18:51 23/04/2013] [12:10 20/11/2010] 771093D6028BE8C764993524B6392E70
C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_9fd944e3d3073382.manifest --a---- 27792 bytes [01:52 14/07/2009] [01:52 14/07/2009] 60DE5D074F5E512831C53306951E7157
C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33\msdelta.dll --a---- 305152 bytes [23:12 13/07/2009] [01:15 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\msdelta.dll --a---- 305152 bytes [02:10 14/07/2009] [02:10 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\msdelta.dll --a---- 305152 bytes [02:10 14/07/2009] [02:10 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\msdelta.dll --a---- 305152 bytes [02:10 14/07/2009] [02:10 14/07/2009] 739E51268B4BB79AB4F9E55F0018D0BC

========== folderfind ==========

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*Delta*"
C:\Windows\Media\Delta dr--s-- [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33 d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_6be6001a9349f456 d------ [19:19 23/04/2013]
C:\Windows\winsxs\x86_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_9fd944e3d3073382 d------ [04:50 14/07/2009]

========== Regfind ==========

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\Software\Trolltech]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Delta"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\.Default\Delta]
@="C:\Windows\Media\Delta\Windows Ding.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
@="C:\Windows\Media\Delta\Windows Print complete.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
@="C:\Windows\Media\Delta\Windows Error.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
@="C:\Windows\Media\Delta\Windows Balloon.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]
[HKEY_CURRENT_USER\AppEvents\Schemes\Names\Delta]
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\360Tactics\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\360Tactics\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.1.7600.16385_none_4002be3be712af33]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7600.16385_none_69b4ec52965b70bc]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_6be6001a9349f456]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_9fd944e3d3073382]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8\f256!msdelta.dll]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\x86_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_none_96b10e58b4e1e161]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\x86_microsoft-windows-servicingstack_31bf3856ad364e35_none_ee01dfbc727bc8e6\f256!msdelta.dll]
[HKEY_LOCAL_MACHINE\Schema\wcm://Microsoft-Windows-SMBServer?version=6.1.7601.17514&language=neutral&processorArchitecture=x86&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\elements\AnnDelta]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0354F99D-8BE0-4B79-A5A6-455D573E9786}]
@="IGrooveDeltaProcessingStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B690558-1451-443E-A22C-8108704CFB61}]
@="IGrooveDeltaProgressListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28995BB1-7BE1-427C-A37C-89C335651F45}]
@="IGrooveExplicitDeltaMethodInvoker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{632CFD20-794A-4B34-9AC5-89972BDF7D93}]
@="DGrooveAggregatedDeltaProcessingStatusListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71F7E96D-CCC3-4206-9964-BF0E87641EAB}]
@="IGrooveDeltaExecutionContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78F8CF92-8132-11D1-9350-0080C7DE32C6}]
@="IGrooveDelta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78F8CFA2-8132-11D1-9350-0080C7DE32C6}]
@="IGrooveAdvancedDelta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EB88474-D2B6-4F39-BCDA-A9640C2014D8}]
@="IGrooveAggregatedDeltaProcessingStatusListener"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80E23CA9-AE74-4E4E-8E93-8E2BC3D0B86B}]
@="IGrooveSupportsDeltas"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A120ECA3-4ED2-4368-ADD8-9D44CDC7ECCE}]
@="IGrooveDeltaMethodInvoker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A621B292-B02C-4400-90FE-457E218F89C6}]
@="IGrooveAdvancedDelta2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9897767-FFB6-48A1-A869-E27FAE1CE7C6}]
@="IGrooveAdvancedDelta3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF505815-EDE4-48A6-AEEF-F16344F2E008}]
@="IGrooveDeltaExecutionEndSubscriber"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Document]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Email]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Music]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Music]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Picture]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Picture]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Video]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kind.Video]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Appointment]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Appointment]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Contact]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Contact]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Schedule.Meeting]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Schedule.Meeting]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.msg]
"ContentViewModeLayoutPatternForBrowse"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.msg]
"ContentViewModeLayoutPatternForSearch"="delta"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_none_3edebb7079c428f8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_none_ae0206df82bc1377]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_none_96b10e58b4e1e161]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\Half SD]
"WinSAT_CPU Delta"="-1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\HD Default]
"WinSAT_CPU Delta"="2.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MP4]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-ISO]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD AVC-MPG-TTS]
"WinSAT_CPU Delta"="0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD Default]
"WinSAT_CPU Delta"="0.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Input Formats\SD WMV]
"WinSAT_CPU Delta"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\.Default\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\.Default\Delta]
@="C:\Windows\Media\Delta\Windows Ding.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
@="C:\Windows\Media\Delta\Windows Print complete.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
@="C:\Windows\Media\Delta\Windows Error.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
@="C:\Windows\Media\Delta\Windows Balloon.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Names\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\.Default\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\.Default\Delta]
@="C:\Windows\Media\Delta\Windows Ding.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
@="C:\Windows\Media\Delta\Windows Print complete.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
@="C:\Windows\Media\Delta\Windows Error.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
@="C:\Windows\Media\Delta\Windows Balloon.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Names\Delta]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\.Default\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\.Default\Delta]
@="C:\Windows\Media\Delta\Windows Ding.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\ChangeTheme\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Critical.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\DeviceConnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Insert.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Remove.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\DeviceFail\Delta]
@="C:\Windows\Media\Delta\Windows Hardware Fail.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\FaxBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\Delta]
@="C:\Windows\Media\Delta\Windows Battery Low.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\MailBeep\Delta]
@="C:\Windows\Media\Delta\Windows Notify.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\PrintComplete\Delta]
@="C:\Windows\Media\Delta\Windows Print complete.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemAsterisk\Delta]
@="C:\Windows\Media\Delta\Windows Error.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemExclamation\Delta]
@="C:\Windows\Media\Delta\Windows Exclamation.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemExit\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemHand\Delta]
@="C:\Windows\Media\Delta\Windows Critical Stop.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\SystemNotification\Delta]
@="C:\Windows\Media\Delta\Windows Balloon.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\WindowsLogoff\Delta]
@="C:\Windows\Media\Delta\Windows Logoff Sound.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\WindowsLogon\Delta]
@="C:\Windows\Media\Delta\Windows Logon Sound.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\.Default\WindowsUAC\Delta]
@="C:\Windows\Media\Delta\Windows User Account Control.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\BlockedPopup\Delta]
@="C:\Windows\Media\Delta\Windows Pop-up Blocked.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\FaxError\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\FaxLineRings\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\FaxSent\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\Delta]
@="C:\Windows\Media\Delta\Windows Feed Discovered.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\Navigating\Delta]
@="C:\Windows\Media\Delta\Windows Navigation Start.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\Explorer\SecurityBand\Delta]
@="C:\Windows\Media\Delta\Windows Information Bar.wav"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\sapisvr\DisNumbersSound\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\sapisvr\HubOffSound\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\sapisvr\HubOnSound\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\sapisvr\HubSleepSound\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\sapisvr\MisrecoSound\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Apps\sapisvr\PanelSound\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\AppEvents\Schemes\Names\Delta]
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalDelta"="C:\Users\360Tactics\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML"
[HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\Software\Microsoft\Windows Media\WMSDK\Namespace]
"RemoteDelta"="C:\Users\360Tactics\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSR.XML"

-= EOF =-
DHCrazyFoo
Active Member
 
Posts: 7
Joined: September 8th, 2013, 2:53 am

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby Cypher » September 12th, 2013, 6:27 am

Hi,
Do the following then let me know how your computer is running.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\360Tactics\AppData\Roaming\Mozilla\Firefox\Profiles\jrg0sju5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.31.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{11fd42a4-acb0-11e2-b5b9-00247edf607f}\Shell - "" = AutoRun
    O33 - MountPoints2\{11fd42a4-acb0-11e2-b5b9-00247edf607f}\Shell\AutoRun\command - "" = D:\setup.exe -a
    O33 - MountPoints2\{11fd42b8-acb0-11e2-b5b9-00247edf607f}\Shell - "" = AutoRun
    O33 - MountPoints2\{11fd42b8-acb0-11e2-b5b9-00247edf607f}\Shell\AutoRun\command - "" = D:\setup.exe -a
    O33 - MountPoints2\{c25534a0-1355-11df-bb19-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{c25534a0-1355-11df-bb19-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 14:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
    O33 - MountPoints2\{e7a3a2ec-efff-11e2-ad0d-904ce5da16dd}\Shell - "" = AutoRun
    O33 - MountPoints2\{e7a3a2ec-efff-11e2-ad0d-904ce5da16dd}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    
    :reg
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\Software\Trolltech]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    
    :files
    C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\Babylon.dat 
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby DHCrazyFoo » September 12th, 2013, 6:46 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11fd42a4-acb0-11e2-b5b9-00247edf607f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11fd42a4-acb0-11e2-b5b9-00247edf607f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11fd42a4-acb0-11e2-b5b9-00247edf607f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11fd42a4-acb0-11e2-b5b9-00247edf607f}\ not found.
File D:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11fd42b8-acb0-11e2-b5b9-00247edf607f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11fd42b8-acb0-11e2-b5b9-00247edf607f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11fd42b8-acb0-11e2-b5b9-00247edf607f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11fd42b8-acb0-11e2-b5b9-00247edf607f}\ not found.
File D:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c25534a0-1355-11df-bb19-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c25534a0-1355-11df-bb19-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c25534a0-1355-11df-bb19-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c25534a0-1355-11df-bb19-806e6f6e6963}\ not found.
Q:\LenovoQDrive.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a3a2ec-efff-11e2-ad0d-904ce5da16dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7a3a2ec-efff-11e2-ad0d-904ce5da16dd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a3a2ec-efff-11e2-ad0d-904ce5da16dd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7a3a2ec-efff-11e2-ad0d-904ce5da16dd}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4168590997-1770708987-3627910188-1003\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
========== FILES ==========
C:\Users\360Tactics\AppData\Local\Temp\745AC57D-BAB0-7891-8A65-41F854AC0200\Latest\Babylon.dat moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\360Tactics\Desktop\cmd.bat deleted successfully.
C:\Users\360Tactics\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 360Tactics
->Temp folder emptied: 1957668688 bytes
->Temporary Internet Files folder emptied: 44961897 bytes
->Java cache emptied: 28211 bytes
->FireFox cache emptied: 28308550 bytes
->Google Chrome cache emptied: 163248052 bytes
->Apple Safari cache emptied: 16384 bytes
->Opera cache emptied: 1154188 bytes
->Flash cache emptied: 3669 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138775319 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 618759409 bytes

Total Files Cleaned = 2,816.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09122013_032955

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




-----------------------------------------------------------------------------------------------------------

It's running a tad sluggish but a lot is going on so I'm not too surpised...
-AVG Updating
-Windows Updates Downloading
-Windows Sync in progress

Otherwise everything seems to be working fine.
DHCrazyFoo
Active Member
 
Posts: 7
Joined: September 8th, 2013, 2:53 am

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby Cypher » September 12th, 2013, 10:02 am

Hi,
Otherwise everything seems to be working fine.

Excellent, if you're having no further problems you should be good to go.
Lets clean up and remove the tools we used.

Clean up with OTL

  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Next.

  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Uninstall.
  • Confirm with yes.

You can now delete any tools/logs we used if they remain on your Desktop.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby DHCrazyFoo » September 12th, 2013, 2:15 pm

Thank you for your help! Everything is working fine.
DHCrazyFoo
Active Member
 
Posts: 7
Joined: September 8th, 2013, 2:53 am

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby Cypher » September 13th, 2013, 5:09 am

Hi,
Thank you for your help!

You're most welcome, glad we could help.
Good luck and stay safe.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Virus Removal Help Appreciated - Babylon/Delta?

Unread postby Cypher » September 13th, 2013, 5:10 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware