Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with removing malware.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help with removing malware.

Unread postby Nismogsxr » January 13th, 2015, 9:33 pm

A:
No Problems
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm
Advertisement
Register to Remove

Re: Help with removing malware.

Unread postby Nismogsxr » January 13th, 2015, 9:35 pm

B:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Program Files (x86)\IObit\Driver Booster\IObitDownloader.exe moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Freeware\IObitDownloader.exe moved successfully.
C:\ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe moved successfully.
C:\ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe.dat moved successfully.
File\Folder C:\Users\All Users\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe not found.
File\Folder C:\Users\All Users\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe.dat not found.
C:\Users\Gail\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forums.iobit.com_0.localstorage moved successfully.
C:\Users\Gail\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit moved successfully.
C:\Users\Gail\Desktop\Performance Utilities\IObit Uninstaller.lnk moved successfully.
C:\Windows\Prefetch\IOBITUNINSTALER.EXE-77233D01.pf moved successfully.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit moved successfully.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit moved successfully.
File\Folder C:\Windows\System32\IObitSmartDefragExtension.dll not found.
File\Folder C:\Windows\System32\config\COMPONENTS.iobit not found.
File\Folder C:\Windows\System32\config\DEFAULT.iobit not found.
File\Folder C:\Windows\System32\config\SAM.iobit not found.
File\Folder C:\Windows\System32\config\SECURITY.iobit not found.
File\Folder C:\Windows\System32\config\SOFTWARE.iobit not found.
File\Folder C:\Windows\System32\IObitSmartDefragExtension.dll not found.
File\Folder C:\Windows\System32\SmartDefragBootTime.exe not found.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\Temp folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3 folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update\Surfing Protection\Database folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update\Surfing Protection folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Update folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Skin folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\ScanData folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\LocalData folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Language folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Icons folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\HWiNFO folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Freeware folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\DrvInstall folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\DpInst\x86 folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\DpInst\x64 folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\DpInst folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Download folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Database\Games folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Database folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster\Backups folder moved successfully.
C:\Program Files (x86)\IObit\Driver Booster folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8 folder moved successfully.
C:\Program Files (x86)\Common Files\IObit folder moved successfully.
File\Folder C:\Program Files (x86)\IObit\IObit Uninstaller not found.
C:\ProgramData\IObit\IObit Uninstaller folder moved successfully.
C:\ProgramData\IObit\Driver Booster\License folder moved successfully.
C:\ProgramData\IObit\Driver Booster\Download folder moved successfully.
C:\ProgramData\IObit\Driver Booster folder moved successfully.
C:\ProgramData\IObit\ASCDownloader\DB2 folder moved successfully.
C:\ProgramData\IObit\ASCDownloader\ASC8 folder moved successfully.
C:\ProgramData\IObit\ASCDownloader folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V8\Startup Manager folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V8\Homepage Protection folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V8 folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
File\Folder C:\ProgramData\IObit\IObit Uninstaller not found.
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_IObitUninstaler._2d678b232f4373185efd204728893c64ed5f2_14355428 folder moved successfully.
File\Folder C:\Users\All Users\IObit not found.
File\Folder C:\Users\All Users\IObit\IObit Uninstaller not found.
File\Folder C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_IObitUninstaler._2d678b232f4373185efd204728893c64ed5f2_14355428 not found.
C:\Users\Gail\AppData\LocalLow\IObit\SafeBrowse folder moved successfully.
C:\Users\Gail\AppData\LocalLow\IObit\Advanced SystemCare V8 folder moved successfully.
C:\Users\Gail\AppData\LocalLow\IObit folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V8\ProgramDeactivator folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V8 folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\IObit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_21_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_21_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_38_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_44_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_45_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_58_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_59_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_76_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2923545_SP1~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2965788_SP1~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984976_SP1~31bf3856ad364e35~amd64~~6.1.1.3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984981_SP1~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2994023_SP1~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\\oldPath deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\MyComputer\DefragPath\\oldPath not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\\Inno Setup: App Path deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\\InstallLocation deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\\DisplayIcon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\\UninstallString deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\\QuietUninstallString deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\\Publisher deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe not found.
Registry value HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMARTDEFRAGDRIVER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SMARTDEFRAGDRIVER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMARTDEFRAGDRIVER\ scheduled to be deleted on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\TopResultURLFallback deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\\AppPath deleted successfully.
Registry value HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\TopResultURLFallback not found.
HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\@|"" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Atexcid deleted successfully.
Registry value HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Atexcid not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gail
->Temp folder emptied: 7627 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Google Chrome cache emptied: 174488836 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5242 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 166.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01132015_184615

Files\Folders moved on Reboot...
C:\Users\Gail\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gail\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMARTDEFRAGDRIVER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SMARTDEFRAGDRIVER\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMARTDEFRAGDRIVER\ scheduled to be deleted on reboot.
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 13th, 2015, 9:36 pm

C:
SystemLook 30.07.11 by jpshortstuff
Log created at 18:53 on 13/01/2015 by Gail
Administrator - Elevation successful

========== filefind ==========

Searching for "*IObit*"
C:\Windows\System32\IObitSmartDefragExtension.dll --a---- 128288 bytes [02:38 02/01/2015] [20:17 04/06/2014] 84E8B979BBBDD23AD84E88FD12236306
C:\Windows\System32\config\COMPONENTS.iobit --a---- 43917312 bytes [04:22 02/01/2015] [04:22 02/01/2015] EA810EAB24C75EC4BD662E6F4FE68457
C:\Windows\System32\config\DEFAULT.iobit --a---- 278528 bytes [01:48 02/01/2015] [01:48 02/01/2015] 29169D8C45F58646C7756DFAFCE73428
C:\Windows\System32\config\SAM.iobit --a---- 61440 bytes [01:48 02/01/2015] [01:48 02/01/2015] 91AB3C2C0E9B45F8DE4CC0465199D5D2
C:\Windows\System32\config\SECURITY.iobit --a---- 24576 bytes [01:48 02/01/2015] [01:48 02/01/2015] C08EFD23AF10110239CC52B6DF0BC62D
C:\Windows\System32\config\SOFTWARE.iobit --a---- 68485120 bytes [01:47 02/01/2015] [01:48 02/01/2015] C00B96B327FF80CE2A95482DE962C7C4
C:\_OTL\MovedFiles\01132015_184615\C_Program Files (x86)\IObit\Driver Booster\IObitDownloader.exe --a---- 2158400 bytes [01:32 02/01/2015] [20:00 09/12/2014] A74D25AB28EC8268EC8C67F46DE594A2
C:\_OTL\MovedFiles\01132015_184615\C_Program Files (x86)\IObit\Driver Booster\Freeware\IObitDownloader.exe --a---- 2158400 bytes [01:32 02/01/2015] [20:00 09/12/2014] A74D25AB28EC8268EC8C67F46DE594A2
C:\_OTL\MovedFiles\01132015_184615\C_ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe --a---- 24505912 bytes [02:35 02/01/2015] [02:35 02/01/2015] 157F5AAEF238A93DAA188A56B7705AF0
C:\_OTL\MovedFiles\01132015_184615\C_ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe.dat --a---- 756 bytes [02:36 02/01/2015] [02:36 02/01/2015] 57EF33C19EDC7CD26142D13D3E289E76
C:\_OTL\MovedFiles\01132015_184615\C_Users\Gail\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forums.iobit.com_0.localstorage --a---- 43008 bytes [00:32 04/01/2015] [00:32 04/01/2015] C996AF8F6D546F7BC5585761C3B4BD71
C:\_OTL\MovedFiles\01132015_184615\C_Users\Gail\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 2170880 bytes [01:48 02/01/2015] [02:32 03/01/2015] 9ED4455D4697107120FF019D9179B27D
C:\_OTL\MovedFiles\01132015_184615\C_Users\Gail\Desktop\Performance Utilities\IObit Uninstaller.lnk --a---- 1188 bytes [01:33 02/01/2015] [01:33 02/01/2015] E59DEFCDF121A7A3DA3B8FF4E195C401
C:\_OTL\MovedFiles\01132015_184615\C_Windows\Prefetch\IOBITUNINSTALER.EXE-77233D01.pf --a---- 170314 bytes [19:16 11/01/2015] [19:16 11/01/2015] 3F112C6486B4EBB5213AA17B160139E7
C:\_OTL\MovedFiles\01132015_184615\C_Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit --a---- 249856 bytes [01:48 02/01/2015] [02:32 03/01/2015] FC214F5AC9CF36A5FC44983792BB8BC5
C:\_OTL\MovedFiles\01132015_184615\C_Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit --a---- 253952 bytes [01:48 02/01/2015] [02:32 03/01/2015] D981243E8509FFA6A9116798F81026D1

Searching for "*SmartDefrag*"
C:\Windows\System32\IObitSmartDefragExtension.dll --a---- 128288 bytes [02:38 02/01/2015] [20:17 04/06/2014] 84E8B979BBBDD23AD84E88FD12236306
C:\Windows\System32\SmartDefragBootTime.exe --a---- 34080 bytes [02:39 02/01/2015] [20:17 04/06/2014] 4D5D8058F17C873B4F0792678BAA6534

========== folderfind ==========

Searching for "*IObit*"
C:\_OTL\MovedFiles\01122015_213020\C_Users\Gail\AppData\Roaming\IObit d------ [01:32 02/01/2015]
C:\_OTL\MovedFiles\01122015_213020\C_Users\Gail\AppData\Roaming\IObit\IObit Uninstaller d------ [01:33 02/01/2015]
C:\_OTL\MovedFiles\01132015_184615\C_Program Files (x86)\IObit d------ [01:32 02/01/2015]
C:\_OTL\MovedFiles\01132015_184615\C_Program Files (x86)\Common Files\IObit d------ [01:33 02/01/2015]
C:\_OTL\MovedFiles\01132015_184615\C_Program Files (x86)\IObit\IObit Uninstaller d------ [01:33 02/01/2015]
C:\_OTL\MovedFiles\01132015_184615\C_ProgramData\IObit d------ [01:32 02/01/2015]
C:\_OTL\MovedFiles\01132015_184615\C_ProgramData\IObit\IObit Uninstaller d------ [03:15 02/01/2015]
C:\_OTL\MovedFiles\01132015_184615\C_ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_IObitUninstaler._2d678b232f4373185efd204728893c64ed5f2_14355428 d----c- [02:30 04/01/2015]
C:\_OTL\MovedFiles\01132015_184615\C_Users\Gail\AppData\LocalLow\IObit d------ [01:32 02/01/2015]
C:\_OTL\MovedFiles\01132015_184615\C_Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [03:05 02/01/2015]

Searching for "*SmartDefrag*"
No folders found.

========== Regfind ==========

Searching for "IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
@="IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
@=""C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" control_statistics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8"
[HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984981.cab_Temp\373E1BFB-FDBB-420E-B85C-8D5703FFDC61\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2994023.cab_Temp\1793B1AC-BAB4-4829-A082-62F59DFC5E95\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_21_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_21_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984981.cab_Temp\373E1BFB-FDBB-420E-B85C-8D5703FFDC61\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2994023.cab_Temp\1793B1AC-BAB4-4829-A082-62F59DFC5E95\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_38_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_44_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_45_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_58_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_59_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_76_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2923545_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2965788_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984976_SP1~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984981_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984981.cab_Temp\373E1BFB-FDBB-420E-B85C-8D5703FFDC61\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984981.cab_Temp\373E1BFB-FDBB-420E-B85C-8D5703FFDC61\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2994023_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2994023.cab_Temp\1793B1AC-BAB4-4829-A082-62F59DFC5E95\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2994023.cab_Temp\1793B1AC-BAB4-4829-A082-62F59DFC5E95\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath]
"oldPath"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\DiskDefrag.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect]
@="C:\Program Files (x86)\IObit\Surfing Protection\NativeMsg.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8"

Searching for "SmartDefrag"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]

Searching for "Vosteran"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Vosteran"
[HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Vosteran"

Searching for "Zumipi"
No data found.

-= EOF =-
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 13th, 2015, 9:38 pm

D:
C:\Users\Gail\Downloads\FileOpenerSetup.exe a variant of Win32/InstallCore.UF potentially unwanted application
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 13th, 2015, 9:39 pm

E:
I haven't noticed anything or difference
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby pgmigg » January 14th, 2015, 7:45 pm

Hello Nismogsxr,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Windows\System32\IObitSmartDefragExtension.dll
    C:\Windows\System32\config\COMPONENTS.iobit
    C:\Windows\System32\config\DEFAULT.iobit
    C:\Windows\System32\config\SAM.iobit
    C:\Windows\System32\config\SECURITY.iobit
    C:\Windows\System32\config\SOFTWARE.iobit
    C:\Windows\System32\SmartDefragBootTime.exe
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    @=""
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Processes > All <- Important
    • Extra Registry > Use SafeList
    • LOP check
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Step 3.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value in blue, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 4.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Users\Gail\Downloads\FileOpenerSetup.exe

Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of a OTL.txt log file after OTL fresh scan
  4. The resulting web links after online file scan by Virus Total or Jotti.
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help with removing malware.

Unread postby Nismogsxr » January 14th, 2015, 9:56 pm

A:
No problems
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 14th, 2015, 9:57 pm

B:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Windows\System32\IObitSmartDefragExtension.dll not found.
File\Folder C:\Windows\System32\config\COMPONENTS.iobit not found.
File\Folder C:\Windows\System32\config\DEFAULT.iobit not found.
File\Folder C:\Windows\System32\config\SAM.iobit not found.
File\Folder C:\Windows\System32\config\SECURITY.iobit not found.
File\Folder C:\Windows\System32\config\SOFTWARE.iobit not found.
File\Folder C:\Windows\System32\SmartDefragBootTime.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\IObit\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\@|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gail
->Temp folder emptied: 8436 bytes
->Temporary Internet Files folder emptied: 99570803 bytes
->Google Chrome cache emptied: 63851958 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5229 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 156.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01142015_202213

Files\Folders moved on Reboot...
C:\Users\Gail\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gail\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 14th, 2015, 9:58 pm

C:
OTL logfile created on: 1/14/2015 8:30:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gail\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 61.49% Memory free
6.96 Gb Paging File | 5.48 Gb Available in Paging File | 78.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.66 Gb Total Space | 368.78 Gb Free Space | 82.01% Space Free | Partition Type: NTFS

Computer Name: EVENSTAR | User Name: Gail | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2015/01/11 15:11:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.exe
PRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/13 16:22:51 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2013/06/28 01:28:50 | 000,084,616 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 21:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/06/30 21:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/12/09 00:20:22 | 007,618,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV:64bit: - [2014/12/09 00:20:04 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/10/11 22:58:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/02 14:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/01/13 20:52:23 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 01:28:50 | 000,084,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/12/15 18:09:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 15:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/01/01 22:28:58 | 000,272,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2015/01/01 22:27:10 | 000,128,200 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2015/01/01 22:25:27 | 000,083,176 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2015/01/01 22:25:27 | 000,043,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2015/01/01 22:23:14 | 010,434,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2014/12/09 00:20:34 | 000,020,184 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 18:08:08 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/12/15 18:08:08 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/12/15 18:08:08 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/10/11 23:40:10 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/11 22:20:38 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/20 05:02:55 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/09/20 05:02:55 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/08/17 03:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/04/05 06:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/03/30 01:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/01/01 20:32:22 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2014/07/01 12:37:56 | 000,020,872 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Gail\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2015/01/11 15:02:07 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-902369244-54897924-1017888222-1000..\RunOnce: [Adobe Speed Launcher] 1421285210 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/01/01 21:36:54 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell\AutoRun\command - "" = D:\RiskInstall.exe
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell\directx\command - "" = D:\Redist\directx7\dxsetup.exe
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell\setup\command - "" = D:\RiskInstall.exe
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell\zone\command - "" = D:\Redist\mszone\zoneA600.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/13 19:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2015/01/12 21:30:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/01/11 15:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space
[2015/01/11 15:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2015/01/11 15:18:29 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2015/01/11 15:11:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.exe
[2015/01/11 15:05:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2015/01/11 14:48:46 | 000,020,872 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2015/01/11 14:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Unchecky
[2015/01/11 14:35:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/09 09:06:07 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\003A5A98.sys
[2015/01/05 12:03:37 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2015/01/03 20:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2015/01/03 20:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2015/01/03 20:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2015/01/02 18:42:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2015/01/01 22:35:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2015/01/01 22:35:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2015/01/01 22:35:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2015/01/01 22:35:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2015/01/01 22:35:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2015/01/01 22:35:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2015/01/01 22:35:08 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2015/01/01 22:35:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2015/01/01 22:35:06 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2015/01/01 22:35:06 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2015/01/01 22:35:04 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2015/01/01 22:35:04 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2015/01/01 22:35:03 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2015/01/01 22:35:03 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2015/01/01 22:35:00 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2015/01/01 22:35:00 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2015/01/01 22:34:58 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2015/01/01 22:34:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2015/01/01 22:34:57 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2015/01/01 22:34:57 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2015/01/01 22:34:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2015/01/01 22:34:55 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2015/01/01 22:34:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2015/01/01 22:34:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2015/01/01 22:34:52 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2015/01/01 22:34:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2015/01/01 22:34:50 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2015/01/01 22:34:48 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2015/01/01 22:34:48 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2015/01/01 22:34:43 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2015/01/01 22:34:43 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2015/01/01 22:34:41 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2015/01/01 22:34:41 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2015/01/01 22:34:37 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2015/01/01 22:34:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2015/01/01 22:34:35 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2015/01/01 22:34:35 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2015/01/01 22:34:33 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2015/01/01 22:34:33 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2015/01/01 22:34:31 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2015/01/01 22:34:31 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2015/01/01 22:34:31 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2015/01/01 22:34:29 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2015/01/01 22:34:29 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2015/01/01 22:34:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2015/01/01 22:34:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2015/01/01 22:34:24 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2015/01/01 22:34:24 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2015/01/01 22:34:24 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2015/01/01 22:34:24 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2015/01/01 22:34:19 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2015/01/01 22:34:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2015/01/01 22:34:11 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2015/01/01 22:34:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2015/01/01 22:34:11 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2015/01/01 22:34:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2015/01/01 22:34:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2015/01/01 22:34:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2015/01/01 22:28:58 | 000,272,600 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2015/01/01 22:28:57 | 009,890,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2015/01/01 22:27:10 | 000,128,200 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/01 22:25:27 | 000,083,176 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_sata.sys
[2015/01/01 22:25:27 | 000,043,240 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_xata.sys
[2015/01/01 22:23:14 | 000,096,560 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2015/01/01 22:23:13 | 010,434,256 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2015/01/01 22:23:13 | 004,400,640 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2015/01/01 22:23:13 | 003,667,968 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2015/01/01 21:39:13 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2015/01/01 21:38:42 | 000,128,288 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2015/01/01 21:23:34 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/01/01 21:23:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015/01/01 21:22:01 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015/01/01 21:22:01 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015/01/01 21:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/01/01 20:48:55 | 000,000,000 | ---D | C] -- C:\Users\Gail\Desktop\Performance Utilities
[2015/01/01 20:35:02 | 000,000,000 | ---D | C] -- C:\Users\Gail\AppData\Roaming\ProductData
[2015/01/01 20:33:49 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2015/01/01 20:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
[2015/01/01 20:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2015/01/01 20:32:22 | 000,026,528 | ---- | C] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2015/01/01 20:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
[2015/01/01 16:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/01 16:22:32 | 000,000,000 | ---D | C] -- C:\Users\Gail\AppData\Local\Programs
[2015/01/01 15:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2015/01/01 15:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2015/01/01 15:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/01 15:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/01/01 15:05:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2015/01/01 15:05:19 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2015/01/01 15:05:19 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2015/01/01 15:05:19 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2015/01/01 15:05:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2015/01/01 15:05:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2015/01/01 15:05:18 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2015/01/01 15:05:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2015/01/01 15:05:18 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2015/01/01 15:05:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/01/01 15:05:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2015/01/01 15:05:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2015/01/01 15:05:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2015/01/01 15:05:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2015/01/01 15:05:17 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2015/01/01 15:05:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2015/01/01 15:01:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2015/01/01 15:01:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2015/01/01 15:01:40 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015/01/01 15:01:40 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2015/01/01 15:01:39 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2015/01/01 15:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2015/01/01 14:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2015/01/01 14:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/12/18 09:40:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/18 09:40:29 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/12/16 18:06:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser

========== Files - Modified Within 30 Days ==========

[2015/01/14 20:34:57 | 000,755,984 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2015/01/14 20:33:32 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/14 20:33:32 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/14 20:26:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/14 20:26:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfff887a6bd8ed.job
[2015/01/14 20:25:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/14 20:25:03 | 2801,979,392 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/13 23:09:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/13 22:52:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/13 20:52:21 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/01/13 20:52:21 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/12 21:37:59 | 000,165,376 | ---- | M] () -- C:\Users\Gail\Desktop\SystemLook_x64.exe
[2015/01/11 15:36:48 | 000,923,688 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/11 15:36:48 | 000,265,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/11 15:36:43 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
[2015/01/11 15:18:29 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2015/01/11 15:11:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.exe
[2015/01/11 15:02:07 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/01/11 14:46:28 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/10 09:54:46 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\003A5A98.sys
[2015/01/03 19:26:51 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/02 18:41:54 | 442,012,152 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/01/01 22:28:58 | 009,890,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2015/01/01 22:28:58 | 000,272,600 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2015/01/01 22:27:10 | 000,128,200 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/01 22:25:27 | 000,083,176 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_sata.sys
[2015/01/01 22:25:27 | 000,043,240 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_xata.sys
[2015/01/01 22:23:43 | 000,928,336 | ---- | M] () -- C:\Windows\SysNative\oem14.inf
[2015/01/01 22:23:14 | 010,434,256 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2015/01/01 22:23:14 | 000,096,560 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2015/01/01 22:23:13 | 004,400,640 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2015/01/01 22:23:13 | 003,667,968 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2015/01/01 21:36:54 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2015/01/01 21:23:34 | 003,178,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/01/01 21:23:34 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015/01/01 21:22:01 | 006,574,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015/01/01 21:22:01 | 005,694,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015/01/01 20:32:22 | 000,026,528 | ---- | M] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS

========== Files Created - No Company Name ==========

[2015/01/12 21:37:56 | 000,165,376 | ---- | C] () -- C:\Users\Gail\Desktop\SystemLook_x64.exe
[2015/01/11 15:36:43 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
[2015/01/11 15:36:38 | 000,755,984 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2015/01/03 20:02:40 | 2801,979,392 | -HS- | C] () -- C:\hiberfil.sys
[2015/01/02 18:41:54 | 442,012,152 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015/01/01 22:23:57 | 000,928,336 | ---- | C] () -- C:\Windows\SysNative\oem14.inf
[2015/01/01 21:36:54 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/11/15 21:15:18 | 000,000,520 | ---- | C] () -- C:\ProgramData\@system.temp
[2014/11/15 21:14:45 | 000,000,256 | -H-- | C] () -- C:\ProgramData\@system3.att
[2014/11/03 20:58:29 | 000,000,245 | ---- | C] () -- C:\Windows\PowerReg.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/01/02 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Barnes & Noble
[2014/11/24 19:06:40 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Canon
[2015/01/02 22:07:37 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\FrameworkUpdate
[2015/01/01 17:11:39 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\FrameworkUpdate7
[2012/05/01 15:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\GameMill Entertainment
[2012/02/18 16:16:25 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Mystery of Mortlake Mansion
[2013/03/01 17:01:47 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\MysteryStudio
[2015/01/01 20:35:02 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\ProductData
[2015/01/02 22:07:46 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\runic games
[2012/02/18 15:07:35 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Screensaver
[2014/11/13 16:54:16 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\WildTangent

========== Files - Unicode (All) ==========
[2014/11/15 21:14:45 | 000,000,480 | -H-- | M] ()(C:\Users\Gail\AppData\Roaming\????) -- C:\Users\Gail\AppData\Roaming\麽鎒駓覜
[2014/11/15 21:14:45 | 000,000,480 | -H-- | C] ()(C:\Users\Gail\AppData\Roaming\????) -- C:\Users\Gail\AppData\Roaming\麽鎒駓覜

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FlashPlayerApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\Gail\Desktop\SystemLook_x64.exe:$CmdTcID
@Alternate Data Stream - 26 bytes -> C:\Users\Gail\Desktop\SystemLook_x64.exe:$CmdZnID

< End of report >
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 14th, 2015, 9:59 pm

Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 14th, 2015, 10:00 pm

E:
Only thing I had seen different was that I got a prompt that came up and stated that powershell has stopped working
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby pgmigg » January 15th, 2015, 1:27 am

Hello Nismogsxr,

Only thing I had seen different was that I got a prompt that came up and stated that powershell has stopped working
I guess it is not related to any malware problems...

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
    
    :Files
    C:\Users\Gail\Downloads\FileOpenerSetup.exe 
    @C:\Windows\SysWow64\FlashPlayerApp.exe:$CmdTcID
    @C:\Users\Gail\Desktop\SystemLook_x64.exe:$CmdTcID
    @C:\Users\Gail\Desktop\SystemLook_x64.exe:$CmdZnID
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear. Please close it.

Step 2.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 4.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 5.
Please download delfix and save it to your desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help with removing malware.

Unread postby Cypher » January 19th, 2015, 1:10 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware