Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with removing malware.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with removing malware.

Unread postby Nismogsxr » January 10th, 2015, 4:56 pm

I received an Acer computer with Windows 7 SP1 from my mother in-law. First thing I did was install Avast on it for Antivirus protection. Now Avast is constantly popping up at the bottom saying a syswow64/dllhost has been blocked and I can not get it off. I have tried Malwarebytes and SpyHunter to no avail. Please help


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Gail at 15:48:52 on 2015-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1098 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {F0BC89B2-8937-0933-021B-B17D981F2A71}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Dolby PCEE4\pcee4.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files\COMODO\GeekBuddy\unit.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
uRunOnce: [Adobe Speed Launcher] 1420901442
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files\COMODO\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3FA550CF-FFED-4903-85BF-7DE20E6ED189} : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}\25163636F6F6E60235F6574786 : DHCPNameServer = 208.67.222.222 8.8.8.8 192.168.1.1
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}\7594E4F503734663 : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}\7594E4F503734663 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}\E4544574541425 : DHCPNameServer = 192.168.10.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: inbox - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: inbox - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2015-1-1 83176]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2015-1-1 43240]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2015-1-1 21184]
R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2014-6-26 37976]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-12-9 20184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-12-9 792648]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-12-9 45880]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-1-1 26528]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-12-15 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-12-15 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-12-15 62776]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2015-1-1 815392]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-31 204288]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-9-25 70864]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-11-27 2370240]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-17 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-12-15 872552]
R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-9-24 2327248]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2013-4-2 255376]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-1-1 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-1-1 969016]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-31 114704]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-10-17 142632]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2015-1-1 128200]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-1-1 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-1-1 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-1 63704]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2015-1-1 272600]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-15 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-1-1 2631456]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-12-9 2265304]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-11 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-1 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-1 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-1-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-10 18:01:54 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2015-01-09 14:06:07 129752 ----a-w- C:\Windows\System32\drivers\003A5A98.sys
2015-01-05 17:03:37 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-01-04 01:58:27 -------- d-----w- C:\ProgramData\Shared Space
2015-01-04 01:55:25 -------- d-----w- C:\Program Files\COMODO
2015-01-04 01:54:57 -------- d-----w- C:\Users\Gail\AppData\Local\Comodo
2015-01-04 01:54:53 57096 ----a-w- C:\Windows\System32\certsentry.dll
2015-01-04 01:54:53 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2015-01-04 01:54:36 -------- d-----w- C:\Program Files (x86)\Comodo
2015-01-04 01:54:25 -------- d-----w- C:\ProgramData\Comodo Downloader
2015-01-04 01:53:46 -------- d-----w- C:\ProgramData\Comodo
2015-01-02 23:52:04 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5DDE5E1-D0B5-4696-ABA3-69EEF34D5925}\mpengine.dll
2015-01-02 03:34:58 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2015-01-02 03:28:58 272600 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
2015-01-02 03:28:57 9890008 ----a-w- C:\Windows\SysWow64\RsCRIcon.dll
2015-01-02 03:27:10 128200 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2015-01-02 03:25:27 83176 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
2015-01-02 03:25:27 43240 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
2015-01-02 03:23:14 96560 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2015-01-02 03:23:13 4400640 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2015-01-02 03:23:13 3667968 ----a-w- C:\Windows\System32\bcmihvui64.dll
2015-01-02 03:23:13 10434256 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2015-01-02 02:39:13 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2015-01-02 02:38:42 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2015-01-02 02:38:24 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2015-01-02 02:23:34 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-01-02 02:23:34 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-02 02:22:01 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2015-01-02 02:22:01 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-01-02 02:17:55 -------- d-----w- C:\ProgramData\HitmanPro
2015-01-02 01:35:02 -------- d-----w- C:\Users\Gail\AppData\Roaming\ProductData
2015-01-02 01:33:49 -------- d-----w- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-02 01:33:41 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
2015-01-02 01:32:52 -------- d-----w- C:\ProgramData\ProductData
2015-01-02 01:32:25 -------- d-----w- C:\ProgramData\IObit
2015-01-02 01:32:22 26528 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2015-01-02 01:32:21 -------- d-----w- C:\Users\Gail\AppData\Roaming\IObit
2015-01-02 01:32:12 -------- d-----w- C:\Program Files (x86)\IObit
2015-01-01 21:29:23 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-01-01 21:23:21 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-01 21:22:51 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-01 21:22:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-01 21:22:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-01 21:22:50 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-01 21:22:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-01 21:22:32 -------- d-----w- C:\Users\Gail\AppData\Local\Programs
2015-01-01 20:24:58 -------- d-----w- C:\Windows\SysWow64\vbox
2015-01-01 20:24:58 -------- d-----w- C:\Windows\System32\vbox
2015-01-01 20:14:21 -------- d-----w- C:\Program Files\AVAST Software
2015-01-01 20:09:41 -------- d-----w- C:\ProgramData\AVAST Software
2015-01-01 20:01:44 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2015-01-01 20:01:44 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-01 20:01:40 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-01-01 20:01:40 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-01-01 20:01:39 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-12-18 14:42:21 -------- d-----w- C:\Users\Gail\AppData\Roaming\FoozKids
2014-12-18 14:40:29 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-18 14:40:29 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-16 23:06:03 -------- d-----w- C:\Windows\System32\appraiser
.
==================== Find3M ====================
.
2015-01-01 20:32:09 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-01 20:32:09 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-09 05:20:34 792648 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2014-12-09 05:20:34 45880 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2014-12-09 05:20:34 20184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2014-12-09 05:20:22 437792 ----a-w- C:\Windows\System32\guard64.dll
2014-12-09 05:20:22 40736 ----a-w- C:\Windows\System32\cmdcsr.dll
2014-12-09 05:20:22 352272 ----a-w- C:\Windows\SysWow64\guard32.dll
2014-12-09 05:20:18 354520 ----a-w- C:\Windows\System32\cmdvrt64.dll
2014-12-09 05:20:16 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2014-12-09 05:20:12 286424 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2014-12-09 05:20:10 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-24 19:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 02:05:21 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-18 01:33:13 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
.
============= FINISH: 15:52:08.97 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2012 3:04:34 PM
System Uptime: 1/10/2015 11:14:59 AM (4 hours ago)
.
Motherboard: Acer | | JE70-SB
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 377.704 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP64: 11/19/2014 11:09:05 PM - Windows Update
RP65: 11/25/2014 12:42:42 PM - Configured clear.fi
RP66: 12/8/2014 7:45:24 PM - Configured clear.fi
RP67: 12/10/2014 7:12:09 PM - Windows Update
RP68: 12/11/2014 4:56:52 AM - Windows Update
RP69: 12/11/2014 4:07:27 PM - Windows Update
RP70: 12/16/2014 6:10:32 PM - Windows Update
RP72: 12/17/2014 9:22:19 AM - Windows Modules Installer
RP73: 12/18/2014 9:47:01 AM - Windows Update
RP74: 1/1/2015 2:52:44 PM - Windows Update
RP75: 1/1/2015 3:13:14 PM - avast! antivirus system restore point
RP76: 1/1/2015 3:56:12 PM - Removed Fooz Kids
RP77: 1/1/2015 4:44:32 PM - Windows Update
RP78: 1/1/2015 9:19:28 PM - Windows Modules Installer
RP79: 1/1/2015 9:22:42 PM - Windows Modules Installer
RP80: 1/1/2015 9:27:12 PM - Checkpoint by HitmanPro
RP81: 1/1/2015 10:20:39 PM - Driver Booster : AMD SMBus
RP82: 1/1/2015 10:31:24 PM - Installed DirectX
RP83: 1/1/2015 11:40:26 PM - Removed newsXpresso
RP84: 1/3/2015 5:17:03 AM - Windows Update
RP85: 1/3/2015 8:56:16 PM - Installing COMODO Antivirus
RP86: 1/3/2015 8:58:53 PM - Device Driver Package Install: COMODO Network Service
RP87: 1/4/2015 5:17:16 AM - Windows Update
RP88: 1/5/2015 11:59:14 AM - avast! antivirus system restore point
RP89: 1/5/2015 12:14:43 PM - Windows Update
RP90: 1/6/2015 12:37:58 AM - Windows Update
RP91: 1/6/2015 12:14:36 PM - Windows Update
RP92: 1/7/2015 9:44:20 PM - Windows Update
RP93: 1/9/2015 11:45:08 AM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Reader X (10.1.13) MUI
Advanced SystemCare 8
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Backup Manager V3
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MX470 series MP Drivers
Canon MX470 series On-screen Manual
Canon MX470 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
Canon Speed Dial Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
clear.fi Client
COMODO Antivirus
Comodo Dragon
D3DX10
Dolby Advanced Audio v2
Driver Booster 2.1
ETDWare PS/2-X64 8.0.6.3_WHQL
Evernote v. 4.5.1
Fooz Kids
Fooz Kids Platform
Galerie de photos Windows Live
GeekBuddy
Google Chrome
Google Update Helper
Identity Card
Inbox Toolbar
IObit Uninstaller
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Norton Online Backup
NTI Media Maker 9
OpenAL
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Risk II
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Shared C Run-time for x64
Shredder
Silent Hunter Wolves of the Pacific
Smart Defrag 3
SpyHunter 4
Surfing Protection
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm
Advertisement
Register to Remove

Re: Help with removing malware.

Unread postby pgmigg » January 10th, 2015, 5:36 pm

Hello Nismogsxr,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help with removing malware.

Unread postby pgmigg » January 11th, 2015, 12:38 am

Hello Nismogsxr,

First thing I did was install Avast on it for Antivirus protection. Now Avast is constantly popping up at the bottom saying a syswow64/dllhost has been blocked and I can not get it off.
It looks like the Avast was uninstalled from your computer and the current antivirus software installed is COMODO Antivirus. Well... Let start...

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Click on 'Select all', then copy and paste the value below into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Locate the following program:
    Advanced SystemCare
    Fooz Kids
    Fooz Kids Platform
    GeekBuddy
    Inbox Toolbar
    IObit Uninstaller
    Smart Defrag 3
  4. Click on the Change/Remove button to uninstall it.
    Repeat steps 3 and 4 for each program listed.
  5. When the program(s) have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.

Step 3.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 4.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 5.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Sn].txt log file
  3. Contents of the JRT.txt log file
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help with removing malware.

Unread postby Nismogsxr » January 11th, 2015, 4:25 pm

A:
Only problem I had was trying to figure out how to disable the Comodo antivirus to run the scans. So I uninstalled the antivirus for the scans and then reinstalled it
Last edited by Nismogsxr on January 11th, 2015, 4:55 pm, edited 1 time in total.
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 11th, 2015, 4:26 pm

B:
# AdwCleaner v4.107 - Report created 11/01/2015 at 14:39:00
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gail - EVENSTAR
# Running from : C:\Users\Gail\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Gail\AppData\Local\Software
Folder Deleted : C:\Users\Gail\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
File Deleted : C:\Users\Gail\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95


-\\ Comodo Dragon v36.1.1.21


*************************

AdwCleaner[R0].txt - [2336 octets] - [11/01/2015 14:36:34]
AdwCleaner[S0].txt - [2061 octets] - [11/01/2015 14:39:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2121 octets] ##########
Last edited by Nismogsxr on January 11th, 2015, 4:49 pm, edited 2 times in total.
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 11th, 2015, 4:27 pm

C:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gail on Sun 01/11/2015 at 15:05:29.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gail\AppData\Roaming\WSE_Vosteran"
Successfully deleted: [Folder] "C:\Program Files (x86)\driverrestore"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverrestore"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/11/2015 at 15:09:48.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last edited by Nismogsxr on January 11th, 2015, 4:50 pm, edited 2 times in total.
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 11th, 2015, 4:28 pm

D:
OTL logfile created on: 1/11/2015 3:12:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gail\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.78% Memory free
6.96 Gb Paging File | 5.48 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.66 Gb Total Space | 374.73 Gb Free Space | 83.34% Space Free | Partition Type: NTFS

Computer Name: EVENSTAR | User Name: Gail | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/11 15:11:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/27 08:43:10 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2014/11/13 16:22:51 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2013/06/28 01:28:50 | 000,084,616 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 21:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/06/30 21:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe


========== Modules (No Company Name) ==========

MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/10/11 22:58:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/02 14:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/01/01 15:32:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/10 09:14:02 | 002,631,456 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/27 08:43:10 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 01:28:50 | 000,084,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/12/15 18:09:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 15:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/01/01 22:28:58 | 000,272,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2015/01/01 22:27:10 | 000,128,200 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2015/01/01 22:25:27 | 000,083,176 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2015/01/01 22:25:27 | 000,043,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2015/01/01 22:23:14 | 010,434,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 18:08:08 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/12/15 18:08:08 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/12/15 18:08:08 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/10/11 23:40:10 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/11 22:20:38 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/20 05:02:55 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/09/20 05:02:55 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/08/17 03:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/04/05 06:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/03/30 01:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/01/01 20:32:22 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2014/07/01 12:37:56 | 000,020,872 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0ByE0DyB0FzytByCtBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0DtBzztB0D0C0BtGtCyBzyyEtGyB0Fzz0DtGzz0D0FtBtGtB0DtDzz0AyEzytBtC0DtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0BtDyDyDzytBtCtGyDyByD0CtGyEtAyCyCtG0BtCyBtAtG0CtDyB0B0CyBzzzz0A0D0DyD2Q&cr=988815470&ir=
IE:64bit: - HKLM\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Gail\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2015/01/11 15:02:07 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DelTr333888] cmd.exe /c rd /s /q "C:\Users\Gail\AppData\Roaming\WSE_Vosteran" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{684A9D32-B882-4AD1-ACB0-3DA8A395DC8D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/01/01 21:36:54 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell\AutoRun\command - "" = D:\RiskInstall.exe
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell\directx\command - "" = D:\Redist\directx7\dxsetup.exe
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell\setup\command - "" = D:\RiskInstall.exe
O33 - MountPoints2\{bf4547fd-276e-11e1-8844-806e6f6e6963}\Shell\zone\command - "" = D:\Redist\mszone\zoneA600.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/11 15:11:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.exe
[2015/01/11 15:05:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2015/01/11 15:04:16 | 001,707,939 | ---- | C] (Thisisu) -- C:\Users\Gail\Desktop\JRT.exe
[2015/01/11 14:55:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/01/11 14:48:46 | 000,020,872 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2015/01/11 14:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Unchecky
[2015/01/11 14:47:44 | 000,000,000 | ---D | C] -- C:\Users\Gail\AppData\Roaming\DigitalSites
[2015/01/11 14:35:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/09 09:06:07 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\003A5A98.sys
[2015/01/05 12:03:37 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2015/01/03 20:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2015/01/03 20:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2015/01/03 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\Gail\AppData\Local\Comodo
[2015/01/03 20:54:53 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2015/01/03 20:54:53 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2015/01/03 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2015/01/03 20:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2015/01/02 18:42:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2015/01/01 22:35:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2015/01/01 22:35:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2015/01/01 22:35:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2015/01/01 22:35:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2015/01/01 22:35:10 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2015/01/01 22:35:10 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2015/01/01 22:35:08 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2015/01/01 22:35:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2015/01/01 22:35:06 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2015/01/01 22:35:06 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2015/01/01 22:35:04 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2015/01/01 22:35:04 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2015/01/01 22:35:03 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2015/01/01 22:35:03 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2015/01/01 22:35:00 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2015/01/01 22:35:00 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2015/01/01 22:34:58 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2015/01/01 22:34:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2015/01/01 22:34:57 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2015/01/01 22:34:57 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2015/01/01 22:34:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2015/01/01 22:34:55 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2015/01/01 22:34:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2015/01/01 22:34:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2015/01/01 22:34:52 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2015/01/01 22:34:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2015/01/01 22:34:50 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2015/01/01 22:34:48 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2015/01/01 22:34:48 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2015/01/01 22:34:43 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2015/01/01 22:34:43 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2015/01/01 22:34:41 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2015/01/01 22:34:41 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2015/01/01 22:34:37 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2015/01/01 22:34:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2015/01/01 22:34:35 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2015/01/01 22:34:35 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2015/01/01 22:34:33 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2015/01/01 22:34:33 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2015/01/01 22:34:31 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2015/01/01 22:34:31 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2015/01/01 22:34:31 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2015/01/01 22:34:29 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2015/01/01 22:34:29 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2015/01/01 22:34:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2015/01/01 22:34:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2015/01/01 22:34:24 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2015/01/01 22:34:24 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2015/01/01 22:34:24 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2015/01/01 22:34:24 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2015/01/01 22:34:19 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2015/01/01 22:34:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2015/01/01 22:34:11 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2015/01/01 22:34:11 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2015/01/01 22:34:11 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2015/01/01 22:34:11 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2015/01/01 22:34:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2015/01/01 22:34:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2015/01/01 22:28:58 | 000,272,600 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2015/01/01 22:28:57 | 009,890,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2015/01/01 22:27:10 | 000,128,200 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/01 22:25:27 | 000,083,176 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_sata.sys
[2015/01/01 22:25:27 | 000,043,240 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_xata.sys
[2015/01/01 22:23:14 | 000,096,560 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2015/01/01 22:23:13 | 010,434,256 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2015/01/01 22:23:13 | 004,400,640 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2015/01/01 22:23:13 | 003,667,968 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2015/01/01 21:39:13 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2015/01/01 21:38:42 | 000,128,288 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2015/01/01 21:23:34 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/01/01 21:23:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015/01/01 21:22:01 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015/01/01 21:22:01 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015/01/01 21:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/01/01 20:48:55 | 000,000,000 | ---D | C] -- C:\Users\Gail\Desktop\Performance Utilities
[2015/01/01 20:35:02 | 000,000,000 | ---D | C] -- C:\Users\Gail\AppData\Roaming\ProductData
[2015/01/01 20:33:49 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2015/01/01 20:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
[2015/01/01 20:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IObit
[2015/01/01 20:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2015/01/01 20:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2015/01/01 20:32:22 | 000,026,528 | ---- | C] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2015/01/01 20:32:21 | 000,000,000 | ---D | C] -- C:\Users\Gail\AppData\Roaming\IObit
[2015/01/01 20:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
[2015/01/01 20:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2015/01/01 16:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/01 16:22:32 | 000,000,000 | ---D | C] -- C:\Users\Gail\AppData\Local\Programs
[2015/01/01 15:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2015/01/01 15:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2015/01/01 15:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/01/01 15:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/01/01 15:05:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2015/01/01 15:05:19 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2015/01/01 15:05:19 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2015/01/01 15:05:19 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2015/01/01 15:05:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2015/01/01 15:05:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2015/01/01 15:05:18 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2015/01/01 15:05:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2015/01/01 15:05:18 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2015/01/01 15:05:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/01/01 15:05:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2015/01/01 15:05:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2015/01/01 15:05:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2015/01/01 15:05:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2015/01/01 15:05:17 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2015/01/01 15:05:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2015/01/01 15:01:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2015/01/01 15:01:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2015/01/01 15:01:40 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015/01/01 15:01:40 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2015/01/01 15:01:39 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2015/01/01 15:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2015/01/01 14:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2015/01/01 14:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/12/18 09:40:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/18 09:40:29 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/12/16 18:06:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/01/11 15:11:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gail\Desktop\OTL.exe
[2015/01/11 15:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/11 15:06:01 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/11 15:06:01 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/11 15:04:23 | 001,707,939 | ---- | M] (Thisisu) -- C:\Users\Gail\Desktop\JRT.exe
[2015/01/11 15:02:07 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/01/11 14:59:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/11 14:58:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfff887a6bd8ed.job
[2015/01/11 14:58:20 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2015/01/11 14:58:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/11 14:57:41 | 2801,979,392 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/11 14:55:19 | 000,836,670 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/11 14:55:19 | 000,216,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/11 14:52:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/11 14:46:28 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/11 14:34:12 | 002,191,360 | ---- | M] () -- C:\Users\Gail\Desktop\adwcleaner_4.107.exe
[2015/01/10 09:54:46 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\003A5A98.sys
[2015/01/03 20:55:08 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2015/01/03 20:54:53 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2015/01/03 20:54:53 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2015/01/03 19:26:51 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/02 18:41:54 | 442,012,152 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/01/01 22:28:58 | 009,890,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2015/01/01 22:28:58 | 000,272,600 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2015/01/01 22:27:10 | 000,128,200 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2015/01/01 22:25:27 | 000,083,176 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_sata.sys
[2015/01/01 22:25:27 | 000,043,240 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amd_xata.sys
[2015/01/01 22:23:43 | 000,928,336 | ---- | M] () -- C:\Windows\SysNative\oem14.inf
[2015/01/01 22:23:14 | 010,434,256 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2015/01/01 22:23:14 | 000,096,560 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2015/01/01 22:23:13 | 004,400,640 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2015/01/01 22:23:13 | 003,667,968 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2015/01/01 21:36:54 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2015/01/01 21:23:34 | 003,178,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/01/01 21:23:34 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015/01/01 21:22:01 | 006,574,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015/01/01 21:22:01 | 005,694,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015/01/01 20:32:22 | 000,026,528 | ---- | M] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2015/01/01 15:32:09 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/01/01 15:32:09 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/13 00:09:01 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/12 22:33:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/11 14:47:46 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2015/01/11 14:34:08 | 002,191,360 | ---- | C] () -- C:\Users\Gail\Desktop\adwcleaner_4.107.exe
[2015/01/03 20:55:08 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2015/01/03 20:02:40 | 2801,979,392 | -HS- | C] () -- C:\hiberfil.sys
[2015/01/02 18:41:54 | 442,012,152 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015/01/01 22:23:57 | 000,928,336 | ---- | C] () -- C:\Windows\SysNative\oem14.inf
[2015/01/01 21:36:54 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/11/15 21:15:18 | 000,000,520 | ---- | C] () -- C:\ProgramData\@system.temp
[2014/11/15 21:14:45 | 000,000,256 | -H-- | C] () -- C:\ProgramData\@system3.att
[2014/11/03 20:58:29 | 000,000,245 | ---- | C] () -- C:\Windows\PowerReg.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/01/02 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Barnes & Noble
[2014/11/24 19:06:40 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Canon
[2015/01/11 14:47:44 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\DigitalSites
[2015/01/02 22:07:37 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\FrameworkUpdate
[2015/01/01 17:11:39 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\FrameworkUpdate7
[2012/05/01 15:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\GameMill Entertainment
[2015/01/01 23:38:13 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\IObit
[2012/02/18 16:16:25 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Mystery of Mortlake Mansion
[2013/03/01 17:01:47 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\MysteryStudio
[2015/01/01 20:35:02 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\ProductData
[2015/01/02 22:07:46 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\runic games
[2012/02/18 15:07:35 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Screensaver
[2014/11/13 16:54:16 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\WildTangent
[2014/12/03 12:23:55 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Zumipi

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2014/11/15 21:14:45 | 000,000,480 | -H-- | M] ()(C:\Users\Gail\AppData\Roaming\????) -- C:\Users\Gail\AppData\Roaming\麽鎒駓覜
[2014/11/15 21:14:45 | 000,000,480 | -H-- | C] ()(C:\Users\Gail\AppData\Roaming\????) -- C:\Users\Gail\AppData\Roaming\麽鎒駓覜

< End of report >
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 11th, 2015, 4:52 pm

E:
OTL Extras logfile created on: 1/11/2015 3:12:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gail\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 63.78% Memory free
6.96 Gb Paging File | 5.48 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.66 Gb Total Space | 374.73 Gb Free Space | 83.34% Space Free | Partition Type: NTFS

Computer Name: EVENSTAR | User Name: Gail | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081E3B74-6854-4F27-9F8E-96E2B6DE0C29}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0BB0BE49-4AFD-4536-8B52-0C92EB3EC48A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{1906C76A-0FF1-44AF-8906-08C021F0BEF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{2DD99F65-E9F2-47A9-A497-97A4694B8C5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3CF6FE79-876C-457F-81DA-41EF2606E356}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E6A09C5-8364-4D8F-8ED1-64F93282386F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4CEB9BFD-CA3D-41C8-84B3-1210C029F12B}" = rport=137 | protocol=17 | dir=out | app=system |
"{4F6CA3B7-32C5-4D96-83DB-E7AA648FFC88}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DF6DED4-2DB8-40C6-8722-B2779835EC72}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A170D03-E095-45D0-9967-729BDC3B1D89}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{804C7037-3D89-43AE-B283-78BEA14E242A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88C14DB9-99B8-449C-9705-6F5ACD22097D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89B7FE96-6906-426C-86F4-71E2AD8E2259}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CBF03CD-23F5-4A19-ABE7-2449CF74EDDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BDC76B3-1279-41B3-B0A2-18F3B1284DD5}" = lport=138 | protocol=17 | dir=in | app=system |
"{B185FB8A-AACA-4BB8-9892-C24D9BD7BCB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B28D81F3-A64A-425B-90DD-AA1A0F961007}" = lport=445 | protocol=6 | dir=in | app=system |
"{C0ACAB89-21B8-4D8A-8904-EAC5694B17FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9F76D87-7AEA-4620-8253-ED55B9EE7BEA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CC873C95-D76B-4C90-AD83-658BC9EA50E5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{CEF97B6F-78B2-4C9C-B2E3-21CABA413728}" = lport=139 | protocol=6 | dir=in | app=system |
"{CF021E14-7923-402B-B4BE-65973572AD2B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D488543E-C4CC-4B6F-BB06-F4E9A6640DCB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA40FF59-6415-42A2-99D6-7190F90C5B5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E125DDCA-7A46-4037-BD14-33BC912528D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FBAD81E5-D971-4F45-96A4-D1DB6C5658D6}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD8F0DAA-2361-4D7A-B632-FF91FFD52478}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062E45AE-332F-4C95-AF41-70B558F83C15}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0A70EC39-A695-4339-9D6D-FAC73A87DADC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0AF47B2C-30A3-4B05-93CE-61FF57A44666}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{0E61AC4B-601E-49B7-9E4D-351B4AAA40C5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{163ED8E6-5CE7-440E-80C7-E7470D882D17}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A871EC2-76C5-4287-9666-98452E8CAB04}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{30A41344-6699-4A2A-8EC7-FE95D6EB201A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{44C40B34-F6CF-4946-8D50-DDAE76DAB866}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{465FCEA8-86FD-4508-BADA-ED2F2777FD75}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4DC6A113-DC87-4025-A318-4BF7BFA869E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53CEC0FB-FDEF-42E9-AC20-F1A2500BC00C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{63BE4024-7025-4153-AA8D-FA6825413281}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{715A0E5E-8332-4F82-B9B6-35C6D8382CE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77090098-3B8B-4069-8E1C-B5E9456BF8AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8292F449-4723-47C0-A50F-1293D7DD1752}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0CB8C72-B794-4754-8E65-C15A2AF6F9BB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B5CDC03E-AC21-4267-805D-D67F98E23AC1}" = protocol=6 | dir=out | app=system |
"{BCB3C51A-9216-492C-8617-7E4D87B69AD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5ED15B0-63A6-492A-8B5F-D8A8CE465F40}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CA210EDA-130D-4926-A597-FCF229CD7941}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4C14829-FC90-47BF-BEF6-987410ABF378}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{D5D565C0-6E29-481C-BC5B-70616B92B37E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E5B3CC20-C035-4F99-8A16-9A5A4700ADC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E873D2FD-19E3-4A7C-9B64-51FFAA6801EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F167F87A-D3A5-490A-A6E4-490BFCBE51DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE349BC4-D22D-4E21-BB8D-186FFEF590DD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{28A79E21-16C2-4C3E-ADAA-ADB3085A4673}C:\programdata\windows genuine advantage\{05766b67-85c1-4ebc-bbc4-78e2eeb2ee3d}\msiexec.exe" = protocol=6 | dir=in | app=c:\programdata\windows genuine advantage\{05766b67-85c1-4ebc-bbc4-78e2eeb2ee3d}\msiexec.exe |
"UDP Query User{3A7FFDB0-894E-4207-8F3C-4754A4B99D5C}C:\programdata\windows genuine advantage\{05766b67-85c1-4ebc-bbc4-78e2eeb2ee3d}\msiexec.exe" = protocol=17 | dir=in | app=c:\programdata\windows genuine advantage\{05766b67-85c1-4ebc-bbc4-78e2eeb2ee3d}\msiexec.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series" = Canon MX470 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995841E6-A7D8-2742-606C-98E350507317}" = AMD Catalyst Install Manager
"{B74F365F-CC7D-8B37-F0CE-9C934F370C87}" = ccc-utility64
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018469E1-1FF6-4680-A7A5-0E04E8DB4FFB}" = CCC Help Danish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{076457B0-2CCD-1775-53BE-10B2D80BBB11}" = CCC Help Greek
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter Wolves of the Pacific
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{13476808-986D-2ADC-878A-60DD241E344D}" = CCC Help Swedish
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A3C311D-F115-E44B-B9B8-DC09D549BDEB}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2792AA53-D556-9092-69BF-339B25BFDF14}" = CCC Help Turkish
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39E1A8AF-751D-4E6D-D55D-368B13A7913B}" = CCC Help Russian
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{54CDE4C0-9CDD-2DC5-2518-FFCAC0AB2443}" = CCC Help Spanish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6229FCC3-24D7-46BC-581F-C15A8EB9D477}" = Catalyst Control Center InstallProxy
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64AE97EB-B2C7-EE97-931C-E44C6584CEA0}" = CCC Help French
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{686DD43A-9C33-19C3-3EBA-28EB9D109791}" = CCC Help Italian
"{6A99D59B-2620-9104-E80A-F35BE16958FE}" = CCC Help Chinese Standard
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70C48A1D-40F1-44A2-CC3E-C0C75E11C7EC}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79A85B92-44F8-1F70-90C3-C48EEC9D64D7}" = CCC Help Dutch
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EA3BFEE-4546-0580-9DEA-4C6E6BD47605}" = CCC Help Japanese
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A27C7332-2211-BF1C-A11D-63F15855D693}" = CCC Help Finnish
"{A3AE9B69-9205-4472-2711-96292C9C3662}" = CCC Help German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.13) MUI
"{B1BC96B5-2064-21FC-F7BD-497A84C43ECD}" = CCC Help Norwegian
"{B6D184E1-B0E3-E76D-CCA5-E1C1F6979BE5}" = CCC Help Thai
"{B9E1BC15-AA94-A94E-C51F-7CA8598EAA0D}" = CCC Help Korean
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1B8B7BC-F89D-E4D1-B325-9387FD9700A4}" = Catalyst Control Center Localization All
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C5C52F9E-F728-D3F9-3C15-7597A3AB627A}" = CCC Help English
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6F3D04A-E9DD-3D17-BE77-08CB6A6F1F15}" = CCC Help Czech
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CC0AE06B-E4E5-D9CF-96CD-C5A2FBE1B79F}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF72CF42-FA17-1273-0325-4F32B64CAB43}" = AMD VISION Engine Control Center
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFC1993-99B8-560D-BFCE-AAD412710262}" = CCC Help Hungarian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E4BF50-279D-4C87-ED5A-E6850DA915AA}" = Catalyst Control Center Graphics Previews Common
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Canon MX470 series On-screen Manual" = Canon MX470 series On-screen Manual
"Canon MX470 series User Registration" = Canon MX470 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Comodo Dragon" = Comodo Dragon
"Driver Booster_is1" = Driver Booster 2.1
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"IObit Surfing Protection_is1" = Surfing Protection
"LManager" = Launch Manager
"OpenAL" = OpenAL
"Speed Dial Utility" = Canon Speed Dial Utility
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Digital Sites" = Extended Update

< End of report >
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 11th, 2015, 4:54 pm

F:
So far I havent seen the pop up messages anymore
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby pgmigg » January 12th, 2015, 2:19 am

Hello Nismogsxr,

So far I havent seen the pop up messages anymore
Good job! :D But we are not finish yet...

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Click on 'Select all', then copy and paste the value below into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Locate the following program:
    Surfing Protection
  4. Click on the Change/Remove button to uninstall it.
  5. When the program(s) have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Services
    LiveUpdateSvc
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://Vosteran.com/results.php?f=4&q= {searchTerms}&a=vst_ggfc_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0ByE0DyB0FzytByCtBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0DtBzztB0D0C0BtGtCyBzyyEtGyB0Fzz0DtGzz0D0FtBtGtB0DtDzz0AyEzytBtC0DtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0BtDyDyDzytBtCtGyDyByD0CtGyEtAyCyCtG0BtCyBtAtG0CtDyB0B0CyBzzzz0A0D0DyD2Q&cr=988815470&ir=
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2015/01/01 23:38:13 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\IObit
    [2014/12/03 12:23:55 | 000,000,000 | ---D | M] -- C:\Users\Gail\AppData\Roaming\Zumipi
    
    :Files
    C:\Windows\SysWow64\*.tmp
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 4.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *IObit*
    *SmartDefrag*
    *Vosteran*
    *Zumipi*
    
    :folderfind
    *IObit*
    *SmartDefrag*
    *Vosteran*
    *Zumipi*
    
    :Regfind
    IObit
    SmartDefrag
    Vosteran
    Zumipi
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help with removing malware.

Unread postby Nismogsxr » January 12th, 2015, 10:45 pm

A:
No Problem
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 12th, 2015, 10:46 pm

B:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Error: No service named LiveUpdateSvc was found to stop!
Service\Driver key LiveUpdateSvc not found.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Gail\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\IObit Uninstaller\UMLog folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Driver Booster\Logs\Scan folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Driver Booster\Logs\Main folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Driver Booster\Logs\Install folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\Startup Manager\ShortcutPublic folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\Startup Manager\Shortcut folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\Startup Manager folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\ProgramDeactivator folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\Log folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\Internet Booster folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\Homepage Protection folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\boottime folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8\Backup folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit\Advanced SystemCare V8 folder moved successfully.
C:\Users\Gail\AppData\Roaming\IObit folder moved successfully.
C:\Users\Gail\AppData\Roaming\Zumipi folder moved successfully.
========== FILES ==========
C:\Windows\SysWow64\tmpB00C.tmp moved successfully.
C:\Windows\SysWow64\tmpB03C.tmp moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gail\Desktop\cmd.bat deleted successfully.
C:\Users\Gail\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 57311 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gail
->Flash cache emptied: 107015 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gail

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gail
->Temp folder emptied: 153743732 bytes
->Temporary Internet Files folder emptied: 154173426 bytes
->Google Chrome cache emptied: 403153878 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16030971 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 734.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01122015_213020

Files\Folders moved on Reboot...
C:\Users\Gail\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gail\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 12th, 2015, 10:47 pm

C:
SystemLook 30.07.11 by jpshortstuff
Log created at 21:41 on 12/01/2015 by Gail
Administrator - Elevation successful

========== filefind ==========

Searching for "*IObit*"
C:\Program Files (x86)\IObit\Driver Booster\IObitDownloader.exe --a---- 2158400 bytes [01:32 02/01/2015] [20:00 09/12/2014] A74D25AB28EC8268EC8C67F46DE594A2
C:\Program Files (x86)\IObit\Driver Booster\Freeware\IObitDownloader.exe --a---- 2158400 bytes [01:32 02/01/2015] [20:00 09/12/2014] A74D25AB28EC8268EC8C67F46DE594A2
C:\ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe --a---- 24505912 bytes [02:35 02/01/2015] [02:35 02/01/2015] 157F5AAEF238A93DAA188A56B7705AF0
C:\ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe.dat --a---- 756 bytes [02:36 02/01/2015] [02:36 02/01/2015] 57EF33C19EDC7CD26142D13D3E289E76
C:\Users\All Users\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe --a---- 24505912 bytes [02:35 02/01/2015] [02:35 02/01/2015] 157F5AAEF238A93DAA188A56B7705AF0
C:\Users\All Users\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe.dat --a---- 756 bytes [02:36 02/01/2015] [02:36 02/01/2015] 57EF33C19EDC7CD26142D13D3E289E76
C:\Users\Gail\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forums.iobit.com_0.localstorage --a---- 43008 bytes [00:32 04/01/2015] [00:32 04/01/2015] C996AF8F6D546F7BC5585761C3B4BD71
C:\Users\Gail\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 2170880 bytes [01:48 02/01/2015] [02:32 03/01/2015] 9ED4455D4697107120FF019D9179B27D
C:\Users\Gail\Desktop\Performance Utilities\IObit Uninstaller.lnk --a---- 1188 bytes [01:33 02/01/2015] [01:33 02/01/2015] E59DEFCDF121A7A3DA3B8FF4E195C401
C:\Windows\Prefetch\IOBITUNINSTALER.EXE-77233D01.pf --a---- 170314 bytes [19:16 11/01/2015] [19:16 11/01/2015] 3F112C6486B4EBB5213AA17B160139E7
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit --a---- 249856 bytes [01:48 02/01/2015] [02:32 03/01/2015] FC214F5AC9CF36A5FC44983792BB8BC5
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit --a---- 253952 bytes [01:48 02/01/2015] [02:32 03/01/2015] D981243E8509FFA6A9116798F81026D1
C:\Windows\System32\IObitSmartDefragExtension.dll --a---- 128288 bytes [02:38 02/01/2015] [20:17 04/06/2014] 84E8B979BBBDD23AD84E88FD12236306
C:\Windows\System32\config\COMPONENTS.iobit --a---- 43917312 bytes [04:22 02/01/2015] [04:22 02/01/2015] EA810EAB24C75EC4BD662E6F4FE68457
C:\Windows\System32\config\DEFAULT.iobit --a---- 278528 bytes [01:48 02/01/2015] [01:48 02/01/2015] 29169D8C45F58646C7756DFAFCE73428
C:\Windows\System32\config\SAM.iobit --a---- 61440 bytes [01:48 02/01/2015] [01:48 02/01/2015] 91AB3C2C0E9B45F8DE4CC0465199D5D2
C:\Windows\System32\config\SECURITY.iobit --a---- 24576 bytes [01:48 02/01/2015] [01:48 02/01/2015] C08EFD23AF10110239CC52B6DF0BC62D
C:\Windows\System32\config\SOFTWARE.iobit --a---- 68485120 bytes [01:47 02/01/2015] [01:48 02/01/2015] C00B96B327FF80CE2A95482DE962C7C4

Searching for "*SmartDefrag*"
C:\Windows\System32\IObitSmartDefragExtension.dll --a---- 128288 bytes [02:38 02/01/2015] [20:17 04/06/2014] 84E8B979BBBDD23AD84E88FD12236306
C:\Windows\System32\SmartDefragBootTime.exe --a---- 34080 bytes [02:39 02/01/2015] [20:17 04/06/2014] 4D5D8058F17C873B4F0792678BAA6534

Searching for "*Vosteran*"
No files found.

Searching for "*Zumipi*"
No files found.

========== folderfind ==========

Searching for "*IObit*"
C:\Program Files (x86)\IObit d------ [01:32 02/01/2015]
C:\Program Files (x86)\Common Files\IObit d------ [01:33 02/01/2015]
C:\Program Files (x86)\IObit\IObit Uninstaller d------ [01:33 02/01/2015]
C:\ProgramData\IObit d------ [01:32 02/01/2015]
C:\ProgramData\IObit\IObit Uninstaller d------ [03:15 02/01/2015]
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_IObitUninstaler._2d678b232f4373185efd204728893c64ed5f2_14355428 d----c- [02:30 04/01/2015]
C:\Users\All Users\IObit d------ [01:32 02/01/2015]
C:\Users\All Users\IObit\IObit Uninstaller d------ [03:15 02/01/2015]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_IObitUninstaler._2d678b232f4373185efd204728893c64ed5f2_14355428 d----c- [02:30 04/01/2015]
C:\Users\Gail\AppData\LocalLow\IObit d------ [01:32 02/01/2015]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [03:05 02/01/2015]
C:\_OTL\MovedFiles\01122015_213020\C_Users\Gail\AppData\Roaming\IObit d------ [01:32 02/01/2015]
C:\_OTL\MovedFiles\01122015_213020\C_Users\Gail\AppData\Roaming\IObit\IObit Uninstaller d------ [01:33 02/01/2015]

Searching for "*SmartDefrag*"
No folders found.

Searching for "*Vosteran*"
No folders found.

Searching for "*Zumipi*"
C:\_OTL\MovedFiles\01122015_213020\C_Users\Gail\AppData\Roaming\Zumipi d------ [03:08 20/11/2014]

========== Regfind ==========

Searching for "IObit"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"="Uninstall Programs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
@="IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
@=""C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" control_statistics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8"
[HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984981.cab_Temp\373E1BFB-FDBB-420E-B85C-8D5703FFDC61\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2994023.cab_Temp\1793B1AC-BAB4-4829-A082-62F59DFC5E95\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_21_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_21_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984981.cab_Temp\373E1BFB-FDBB-420E-B85C-8D5703FFDC61\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2994023.cab_Temp\1793B1AC-BAB4-4829-A082-62F59DFC5E95\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_38_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_44_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_45_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_58_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_59_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_76_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2923545_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2923545.cab_Temp\9E7BD7F8-7F3E-43F8-BFE5-DE2C7093CD6F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2965788_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2965788.cab_Temp\46625BA4-A501-4F7D-A17E-85CA12C70C1E\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984976_SP1~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984976.cab_Temp\3FABC1CD-25C7-4BFB-AC33-886C85AD9822\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984981_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984981.cab_Temp\373E1BFB-FDBB-420E-B85C-8D5703FFDC61\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2984981.cab_Temp\373E1BFB-FDBB-420E-B85C-8D5703FFDC61\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2994023_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2994023.cab_Temp\1793B1AC-BAB4-4829-A082-62F59DFC5E95\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 8\KB2994023.cab_Temp\1793B1AC-BAB4-4829-A082-62F59DFC5E95\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath]
"oldPath"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\DiskDefrag.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect]
@="C:\Program Files (x86)\IObit\Surfing Protection\NativeMsg.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 8]
"apppath"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Advanced SystemCare 8]
"installpath"="C:\Program Files (x86)\IObit\Surfing Protection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\ASC]
"Path"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\LiveUpdate]
"AppPath"="C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RealTimeProtector]
"InstallLocation"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\Uninstaller 4]
"UninstallerFree"="C:\Program Files (x86)\IObit\IObit Uninstaller\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\MyComputer\DefragPath]
"oldPath"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\DiskDefrag.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\IObit\Driver Booster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
"InstallLocation"="C:\Program Files (x86)\IObit\Driver Booster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
"DisplayIcon"="C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
"UninstallString"=""C:\Program Files (x86)\IObit\Driver Booster\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
"QuietUninstallString"=""C:\Program Files (x86)\IObit\Driver Booster\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
"Publisher"="IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 8"
[HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"="Uninstall Programs"
[HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"="Uninstall Programs"

Searching for "SmartDefrag"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]

Searching for "Vosteran"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURLFallback"="http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0ByE0DyB0FzytByCtBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0DtBzztB0D0C0BtGtCyBzyyEtGyB0Fzz0DtGzz0D0FtBtGtB0DtDzz0AyEzytBtC0DtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0BtDyDyDzytBtCtGyDyByD0CtGyEtAyCyCtG0BtCyBtAtG0CtDyB0B0CyBzzzz0A0D0DyD2Q&cr=988815470&ir="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Vosteran"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy]
"AppPath"="C:\Program Files (x86)\WSE_Vosteran\\"
[HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURLFallback"="http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0ByE0DyB0FzytByCtBtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0DtBzztB0D0C0BtGtCyBzyyEtGyB0Fzz0DtGzz0D0FtBtGtB0DtDzz0AyEzytBtC0DtAyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0BtDyDyDzytBtCtGyDyByD0CtGyEtAyCyCtG0BtCyBtAtG0CtDyB0B0CyBzzzz0A0D0DyD2Q&cr=988815470&ir="
[HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Vosteran"

Searching for "Zumipi"
[HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Atexcid"="C:\Users\Gail\AppData\Roaming\Zumipi\usilor.exe"
[HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Atexcid"="C:\Users\Gail\AppData\Roaming\Zumipi\usilor.exe"

-= EOF =-
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby Nismogsxr » January 12th, 2015, 10:47 pm

D:
Havent noticed anything different.
Nismogsxr
Regular Member
 
Posts: 30
Joined: January 3rd, 2015, 8:42 pm

Re: Help with removing malware.

Unread postby pgmigg » January 12th, 2015, 11:40 pm

Hello Nismogsxr,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Program Files (x86)\IObit\Driver Booster\IObitDownloader.exe
    C:\Program Files (x86)\IObit\Driver Booster\Freeware\IObitDownloader.exe
    C:\ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe
    C:\ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe.dat
    C:\Users\All Users\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe
    C:\Users\All Users\IObit\ASCDownloader\ASC8\IObit Malware Fighter 2.exe.dat
    C:\Users\Gail\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forums.iobit.com_0.localstorage
    C:\Users\Gail\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit
    C:\Users\Gail\Desktop\Performance Utilities\IObit Uninstaller.lnk
    C:\Windows\Prefetch\IOBITUNINSTALER.EXE-77233D01.pf
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit
    C:\Windows\System32\IObitSmartDefragExtension.dll
    C:\Windows\System32\config\COMPONENTS.iobit
    C:\Windows\System32\config\DEFAULT.iobit
    C:\Windows\System32\config\SAM.iobit
    C:\Windows\System32\config\SECURITY.iobit
    C:\Windows\System32\config\SOFTWARE.iobit
    C:\Windows\System32\IObitSmartDefragExtension.dll
    C:\Windows\System32\SmartDefragBootTime.exe
    C:\Program Files (x86)\IObit
    C:\Program Files (x86)\Common Files\IObit
    C:\Program Files (x86)\IObit\IObit Uninstaller
    C:\ProgramData\IObit
    C:\ProgramData\IObit\IObit Uninstaller
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_IObitUninstaler._2d678b232f4373185efd204728893c64ed5f2_14355428
    C:\Users\All Users\IObit
    C:\Users\All Users\IObit\IObit Uninstaller
    C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_IObitUninstaler._2d678b232f4373185efd204728893c64ed5f2_14355428
    C:\Users\Gail\AppData\LocalLow\IObit
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
    
    :Reg
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_21_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_21_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_38_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_3_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_44_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_45_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_58_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_59_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_76_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_7_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2923545_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2923545~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2965788_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2965788~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984976_SP1~31bf3856ad364e35~amd64~~6.1.1.3]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984976~31bf3856ad364e35~amd64~~6.1.1.3]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984981_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2984981~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2994023_SP1~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2994023~31bf3856ad364e35~amd64~~6.1.1.1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath]
    "oldPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\MyComputer\DefragPath]
    "oldPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
    "Inno Setup: App Path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
    "DisplayIcon"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
    "UninstallString"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
    "QuietUninstallString"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"=-
    [HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMARTDEFRAGDRIVER]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    "TopResultURLFallback"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy]
    "AppPath"=-
    [HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    "TopResultURLFallback"=-
    [HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    @=""
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Atexcid"=-
    [HKEY_USERS\S-1-5-21-902369244-54897924-1017888222-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Atexcid"=-
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *IObit*
    *SmartDefrag*
    
    :folderfind
    *IObit*
    *SmartDefrag*
    
    :Regfind
    IObit
    SmartDefrag
    Vosteran
    Zumipi
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Only problem I had was trying to figure out how to disable the Comodo antivirus to run the scans. So I uninstalled the antivirus for the scans and then reinstalled it
Please read this article and I hope it will allow you to make simple steps to temporarily disable and then enable your Comodo AV instead of reinstalling it. ;)

Step 3.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.


Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Contents of the ESETScan.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 112 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware