Jump to content

Remove IObit Bootup Defrag

derekpw
 Share

Recommended Posts

derekpw

derekpw

Posted
Posted

I uninstalled the IObit Advanced System Care and Smart Defrag products about 6 months ago but still have occasions when booting up my system I get their defrag program running.  I can't find how to get rid of this anywhere.  I would like help removing this and any other IObit "infections" I might still have.  Thank you.  Derek

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hi Derek

Let's start off with the following and then we'll proceed as indicated. Its a bit later for me so I'll be getting some shut eye soon but will try to check back on you sometime tomorrow.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    STEP 02

    Please download Malwarebytes Anti-Rootkit from HERE

    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
    STEP 03

    Please download Junkware Removal Tool to your desktop.

    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus
    STEP 04

    Please download AdwCleaner by Xplode to your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • If prompted by the User Account Control click Yes to allow it to run.
    • Under Actions click on the Delete button.
    • Click OK on all prompts.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the entire contents of that logfile to your next reply.
    • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
    STEP 05

    button_eos.gif

    Please go here to run the online antivirus scannner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.
    Thanks

Link to post
Share on other sites
derekpw

derekpw

Posted
  • Author
Posted

I just ran the AdwCleaner, and after rebooting, opened my usual browser, Google Chrome, and I got a popup saying my preferences were corrupt or invalid.  The browser came up and all my customizations were gone and it was plain Chrome.  I hope it can be brought back.  Help!

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please run the following and we'll have it help us to remove any iObit software left on the system.

Please visit this webpage for instructions on downloading and running ComboFix: How to use ComboFix

Please make sure you disable your security applications before running ComboFix.

Once Combofix has completed it will produce and open a log file. Please attach that log file to your next reply.

If needed the file can be located here: C:\combofix.txt

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Link to post
Share on other sites
derekpw

derekpw

Posted
  • Author
Posted

ran ComboFix and it ran for 1 or 2 minutes and then turned off my computer, not a shutdown, just off.  When back up, no log file anywhere.  I did notice a weird directory named ComboFix in C:\ that had in it 2 icons showing my hard drive and my dvd drive.  Can that just be deleted?  Should i try and run again?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay let's try another tool then.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

Link to post
Share on other sites
derekpw

derekpw

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01

Ran by Derek (administrator) on 09-07-2013 21:20:35

Running from C:\Users\Derek\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\windows\system32\atiesrxx.exe

(AMD) C:\windows\system32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Logitech Inc.) C:\PROGRA~2\SQUEEZ~1\server\SqueezeSvr.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Conexant Systems, Inc) C:\Program Files\Conexant\SAII\SmartAudio.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe

() C:\Users\Derek\AppData\Local\Autobahn\nexdef.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE                                                                                                                                                                                                                         [505696 2009-11-05] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe                                                                                                                                                                                                                              [705368 2010-02-23] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe                                                                                                                                                                                                              [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe                                                                                                                                                                                                             [709976 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [Teco] - "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r                                                                                                                                                                                                                               [1483776 2010-02-25] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe                                                                                                                                                                                                                        [508216 2009-07-28] (TOSHIBA Corporation)

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()

HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe                                                                                                                                                                                                                                     [52600 2009-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [cAudioFilterAgent] - c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe [517176 2010-01-29] (Conexant Systems, Inc.)

HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe                                                                                                                                                                                                                          [913720 2010-03-03] (TOSHIBA Corporation)

HKLM\...\Run: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [6330568 2013-03-21] (ESET)

HKLM\...\Winlogon: [userinit] C:\windows\system32\userinit.exe,

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)

HKCU\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)

HKCU\...\Run: [Google Update] - "C:\Users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-27] (Google Inc.)

HKCU\...\Policies\system: [disableregistrytools] 0

HKLM-x32\...\Run: [TWebCamera] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun                                                                                                                                                                                    [2454840 2010-02-24] (TOSHIBA CORPORATION.)

HKLM-x32\...\Run: [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60                                                                                                                                                                               [1295736 2011-02-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)

HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk

ShortcutTarget: Logitech Media Server Tray Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.)

Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk

ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Derek\AppData\Local\Autobahn\nexdef.exe ()

BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outlook.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://calendar.live.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {52068670-CB31-4545-8202-3088AB4B063C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=642886&p={searchTerms}

SearchScopes: HKCU - {B69A12D0-7C4A-4ABD-A64C-325D4F89B887} URL = 

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF ProfilePath: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default


FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Derek\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Derek\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\searchplugins\dictionary.xml

FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

FF Extension: Ghostery - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\firefox@ghostery.com

FF Extension: Email This! Bookmarklet Extension - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\gmailthis@lazyrussian.com

FF Extension: Flagfox - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF Extension: Garmin Communicator - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF Extension: Groowe Search Toolbar - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{268ad77e-cff8-42d7-b479-da60a7b93305}

FF Extension: denggb - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\denggb@balandro.net.xpi

FF Extension: smarterwiki - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\smarterwiki@wikiatic.com.xpi

FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi

FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi

FF Extension: No Name - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\kgxg5no6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

Chrome: 

=======


CHR RestoreOnStartup: "https://mail.google.com/mail/ca/u/0/?shva=1#inbox", "https://www.google.com/calendar/render?tab=mc"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Google Talk Plugin) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Derek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Google Drive) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (WOT) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0

CHR Extension: (Atari - Millipede) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbollfhmapfgngdahcjdbicedcbkkge\1.0_0

CHR Extension: (Yet another flags) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmchcmgddbhmbkakammmklpoonoiiomk\0.9.9.6_0

CHR Extension: (Gmail Offline) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0

CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.1.9_0

CHR Extension: (Atari - Centipede) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakkiekmjcipgjlnenigjfgemakojanh\1.0_0

CHR Extension: (AdBlock) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0

CHR Extension: (FlashBlock) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0

CHR Extension: (Atari - Yars' Revenge) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdhhgcmlpojjmclpjbbhelmligedpgk\1.0_0

CHR Extension: (Atari - Asteroids) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlkamaohjodmnhiehbogggcllkndklok\1.3_0

CHR Extension: (Cloud Reader) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0

CHR Extension: (Yet Another Google Bookmarks Extension) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode\1.32_0

CHR Extension: (Atari - Tempest) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflkdjocancddgfnbhedkaefjdomdcaf\1.0_0

CHR Extension: (Frogger Classic) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnieegbgfhklagjjbacjiidjojeogd\1.1.1_0

CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0

CHR Extension: (Search Center) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfplmdnbnefomnjiknbpejdceedhdmf\4.0.1_0

CHR Extension: (Glossy Blue) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml\1.0_0

CHR Extension: (ChromeReload) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.5_0

CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0

CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0

CHR Extension: (World Time Map) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgaenegbjiendodcdhkhgpipfebflhl\1.0.2_0

CHR Extension: (Atari - Missile Command) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg\1.0_0

CHR Extension: (Send from Gmail (by Google)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0

 

==================== Services (Whitelisted) =================

 

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] ()

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)

R2 squeezesvc; C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()

S3 STONEDRV; C:\Windows\System32\Drivers\stonedrv.sys [20656 2009-11-03] ()

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-09 21:20 - 2013-07-09 21:20 - 00000000 ____D C:\FRST

2013-07-09 21:19 - 2013-07-09 21:19 - 01776221 ____A (Farbar) C:\Users\Derek\Desktop\FRST64.exe

2013-07-09 03:48 - 2013-07-09 03:51 - 00000000 ___SD C:\ComboFix

2013-07-09 03:48 - 2013-07-09 03:48 - 00000000 ____D C:\Qoobox

2013-07-09 03:48 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe

2013-07-09 03:48 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe

2013-07-09 03:48 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-07-09 03:48 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-07-09 03:48 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-07-09 03:48 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe

2013-07-09 03:48 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe

2013-07-09 03:48 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe

2013-07-09 03:45 - 2013-07-09 03:45 - 05086951 ____R (Swearware) C:\Users\Derek\Desktop\ComboFix.exe

2013-07-08 17:27 - 2013-07-09 08:04 - 00000022 ____A C:\Windows\S.dirmngr

2013-07-08 17:25 - 2013-07-08 17:25 - 00001470 ____A C:\Users\Derek\Desktop\AdwCleaner[s1].txt

2013-07-08 17:23 - 2013-07-08 17:23 - 00650027 ____A C:\Users\Derek\Desktop\AdwCleaner.exe

2013-07-08 14:37 - 2013-07-08 16:54 - 00001445 ____A C:\Users\Derek\Desktop\JRT.txt

2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\Windows\ERUNT

2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\JRT

2013-07-08 14:18 - 2013-07-08 14:18 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Derek\Desktop\JRT.exe

2013-07-07 22:14 - 2013-07-07 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-07-07 22:12 - 2013-07-07 22:12 - 00000000 ____D C:\Users\Derek\Downloads\Anti-Rootkit

2013-07-07 22:11 - 2013-07-07 22:11 - 13399154 ____A C:\Users\Derek\Downloads\mbar-1.06.0.1004.zip

2013-07-07 22:08 - 2013-07-07 22:09 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Derek\Desktop\NTREGOPT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darryl\Desktop\NTREGOPT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darren\Desktop\NTREGOPT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Derek\Desktop\ERUNT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darryl\Desktop\ERUNT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darren\Desktop\ERUNT.lnk

2013-07-07 22:07 - 2013-07-07 22:07 - 00791393 ____A (Lars Hederer                                                ) C:\Users\Derek\Downloads\erunt-setup.exe

2013-07-06 23:46 - 2013-07-06 23:46 - 00000000 ____D C:\Users\Derek\AppData\Local\GNU

2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Malwarebytes

2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-06 23:03 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-07-06 04:50 - 2013-07-09 20:55 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000UA1ce7a3f59b9b15.job

2013-07-06 04:50 - 2013-07-08 04:55 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000Core1ce7a3f44997af.job

2013-07-05 21:51 - 2013-07-05 21:51 - 00002074 ____A C:\Users\Derek\Desktop\Hobbies.lnk

2013-07-05 06:45 - 2013-07-09 20:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7985ecbd03cb.job

2013-07-03 20:43 - 2013-07-03 20:49 - 00002268 ____A C:\Windows\logboot_04.07.2013.tureg.log

2013-07-03 19:54 - 2013-07-03 19:54 - 00001903 ____A C:\Users\Derek\Desktop\Logs.lnk

2013-07-03 12:05 - 2013-07-03 12:05 - 97474796 ____A C:\Users\Derek\Downloads\Bear Creek.zip

2013-07-03 11:34 - 2013-07-03 11:34 - 00000000 ____D C:\Users\Derek\AppData\Local\Amazon Cloud Player

2013-07-03 11:33 - 2013-07-03 11:33 - 33397640 ____A (Amazon) C:\Users\Derek\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe

2013-07-02 21:24 - 2013-07-02 21:24 - 01786752 ____A C:\Users\Derek\Downloads\Coins.zip

2013-07-02 21:00 - 2013-07-02 21:22 - 00000000 ____D C:\Users\Derek\Downloads\Coins

2013-07-02 12:32 - 2013-07-02 12:32 - 00009030 ____A C:\Windows\HL-2070N.INI

2013-07-02 12:32 - 2013-07-02 12:32 - 00000152 ____A C:\Windows\BRVIDEO.INI

2013-07-02 12:32 - 2013-07-02 12:32 - 00000039 ____A C:\Windows\SysWOW64\bd2070n.dat

2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____D C:\Program Files (x86)\Brownie

2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____A C:\Windows\brmx2001.ini

2013-07-02 12:32 - 2009-05-25 19:14 - 00196608 ____N (brother) C:\Windows\SysWOW64\Pdrvinst.dll

2013-07-02 12:32 - 2008-10-23 00:00 - 00111928 ____N (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE

2013-07-02 12:32 - 2007-01-16 00:00 - 00024223 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\brlm03a.dll

2013-07-02 12:32 - 2006-12-21 11:23 - 00176128 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL

2013-07-02 12:32 - 2004-08-10 01:00 - 00000114 _____ C:\Windows\SysWOW64\brlmw03a.ini

2013-07-02 12:32 - 2004-08-10 00:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\brlmw03a.dll

2013-07-02 12:30 - 2013-07-02 12:30 - 00000000 ____D C:\Users\Derek\Downloads\install

2013-07-02 12:29 - 2013-07-02 12:30 - 105634606 ____A (A.I.SOFT,INC.) C:\Users\Derek\Downloads\HL2030_70-inst-win7-A2-en.EXE

2013-07-02 01:06 - 2013-07-02 01:06 - 00017173 ____A C:\Users\Derek\Downloads\server.prefs

2013-07-01 23:36 - 2013-07-02 00:37 - 00000000 ____D C:\ProgramData\Squeezebox

2013-07-01 23:36 - 2013-07-01 23:37 - 00000000 ____D C:\Program Files (x86)\Squeezebox

2013-07-01 23:35 - 2013-07-01 23:36 - 58564896 ____A (Logitech                                                    ) C:\Users\Derek\Downloads\LogitechMediaServer-7.7.2.exe

2013-06-30 03:48 - 2013-06-30 03:48 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-06-30 03:48 - 2013-06-30 03:48 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-06-30 00:02 - 2013-07-09 08:04 - 00036574 ____A C:\Windows\PFRO.log

2013-06-30 00:02 - 2013-07-09 08:04 - 00000784 ____A C:\Windows\setupact.log

2013-06-30 00:02 - 2013-06-30 00:02 - 00000000 ____A C:\Windows\setuperr.log

2013-06-27 10:27 - 2013-06-30 03:48 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-06-27 10:26 - 2013-06-27 10:26 - 00000000 ____D C:\ProgramData\McAfee

2013-06-24 08:12 - 2013-06-24 08:12 - 00000000 ____D C:\Program Files (x86)\SlimComputer

2013-06-24 08:10 - 2013-07-08 00:30 - 00000380 ____A C:\Windows\Tasks\SlimCleaner Scan.job

2013-06-24 08:07 - 2013-06-24 08:07 - 00000589 ____A C:\Users\Derek\Downloads\MyDefrag.debuglog

2013-06-24 07:50 - 2013-06-24 08:12 - 00000000 ____D C:\Users\Derek\AppData\Local\SlimWare Utilities Inc

2013-06-24 07:49 - 2013-06-24 08:29 - 00000000 ____D C:\Program Files (x86)\SlimCleaner

2013-06-24 07:49 - 2013-06-24 08:12 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2013-06-23 21:19 - 2013-06-23 21:19 - 00649536 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\slimcomputer-setup.exe

2013-06-23 21:18 - 2013-06-23 21:18 - 00735104 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\SlimCleaner-setup.exe

2013-06-19 21:21 - 2013-06-19 21:22 - 03165702 ____A C:\Users\Derek\Downloads\video.wmv

2013-06-19 11:37 - 2013-06-19 11:37 - 00000000 ____D C:\ProgramData\ESET

2013-06-16 09:27 - 2013-06-16 09:40 - 00000000 ____D C:\Windows\pss

2013-06-15 02:01 - 2013-06-08 07:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-15 02:01 - 2013-06-08 07:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-15 02:01 - 2013-06-08 07:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-15 02:01 - 2013-06-08 07:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-15 02:01 - 2013-06-08 07:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-15 02:01 - 2013-06-08 05:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-15 02:01 - 2013-06-08 04:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-15 02:01 - 2013-06-08 04:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-15 02:01 - 2013-06-08 04:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-15 02:01 - 2013-06-08 04:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-15 02:01 - 2013-06-08 04:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-15 02:01 - 2013-06-08 04:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-12 02:02 - 2013-05-16 18:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-12 02:02 - 2013-05-16 18:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-12 02:02 - 2013-05-16 18:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-12 02:02 - 2013-05-16 18:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-12 02:02 - 2013-05-16 18:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-06-12 02:02 - 2013-05-16 18:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-06-12 02:02 - 2013-05-16 18:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-12 02:02 - 2013-05-16 18:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-06-12 02:02 - 2013-05-16 17:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-12 02:02 - 2013-05-16 17:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-12 02:02 - 2013-05-16 17:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-12 02:02 - 2013-05-16 17:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-12 02:02 - 2013-05-16 17:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-12 02:02 - 2013-05-16 17:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-12 02:02 - 2013-05-16 17:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-12 02:02 - 2013-05-16 17:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 02:02 - 2013-05-16 17:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-12 02:02 - 2013-05-14 05:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 02:02 - 2013-05-14 01:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-06-11 23:02 - 2013-05-07 23:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-11 23:01 - 2013-05-12 22:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-11 23:01 - 2013-05-12 22:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-11 23:01 - 2013-05-12 22:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-11 23:01 - 2013-05-12 22:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-11 23:01 - 2013-05-12 21:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-06-11 23:01 - 2013-05-12 21:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-06-11 23:01 - 2013-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-06-11 23:01 - 2013-05-12 20:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-11 23:01 - 2013-05-12 20:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2013-06-11 23:01 - 2013-05-12 20:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2013-06-11 23:01 - 2013-05-09 22:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-11 23:01 - 2013-05-09 20:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll

2013-06-11 23:01 - 2013-04-25 22:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-11 23:01 - 2013-04-25 21:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-06-11 23:01 - 2013-04-25 16:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-06-11 23:01 - 2013-04-17 00:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-11 23:01 - 2013-04-16 23:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-11 23:01 - 2013-03-31 15:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

 

==================== One Month Modified Files and Folders =======

 

2013-07-09 21:20 - 2013-07-09 21:20 - 00000000 ____D C:\FRST

2013-07-09 21:19 - 2013-07-09 21:19 - 01776221 ____A (Farbar) C:\Users\Derek\Desktop\FRST64.exe

2013-07-09 21:14 - 2012-05-15 10:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-07-09 20:55 - 2013-07-06 04:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000UA1ce7a3f59b9b15.job

2013-07-09 20:50 - 2013-07-05 06:45 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce7985ecbd03cb.job

2013-07-09 15:24 - 2010-06-23 22:49 - 01412335 ____A C:\Windows\WindowsUpdate.log

2013-07-09 14:17 - 2009-07-13 21:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-09 14:17 - 2009-07-13 21:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-09 12:31 - 2010-10-28 18:53 - 00000000 ____D C:\Users\Derek\AppData\Roaming\FileZilla

2013-07-09 08:05 - 2010-10-27 19:13 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-07-09 08:04 - 2013-07-08 17:27 - 00000022 ____A C:\Windows\S.dirmngr

2013-07-09 08:04 - 2013-06-30 00:02 - 00036574 ____A C:\Windows\PFRO.log

2013-07-09 08:04 - 2013-06-30 00:02 - 00000784 ____A C:\Windows\setupact.log

2013-07-09 08:04 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-07-09 03:51 - 2013-07-09 03:48 - 00000000 ___SD C:\ComboFix

2013-07-09 03:48 - 2013-07-09 03:48 - 00000000 ____D C:\Qoobox

2013-07-09 03:48 - 2012-05-13 13:53 - 00000000 ____D C:\Windows\ERDNT

2013-07-09 03:45 - 2013-07-09 03:45 - 05086951 ____R (Swearware) C:\Users\Derek\Desktop\ComboFix.exe

2013-07-08 17:25 - 2013-07-08 17:25 - 00001470 ____A C:\Users\Derek\Desktop\AdwCleaner[s1].txt

2013-07-08 17:23 - 2013-07-08 17:23 - 00650027 ____A C:\Users\Derek\Desktop\AdwCleaner.exe

2013-07-08 16:54 - 2013-07-08 14:37 - 00001445 ____A C:\Users\Derek\Desktop\JRT.txt

2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\Windows\ERUNT

2013-07-08 14:30 - 2013-07-08 14:30 - 00000000 ____D C:\JRT

2013-07-08 14:18 - 2013-07-08 14:18 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Derek\Desktop\JRT.exe

2013-07-08 04:55 - 2013-07-06 04:50 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2953257119-1875599153-1455084081-1000Core1ce7a3f44997af.job

2013-07-08 00:30 - 2013-06-24 08:10 - 00000380 ____A C:\Windows\Tasks\SlimCleaner Scan.job

2013-07-07 22:51 - 2013-07-07 22:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-07-07 22:12 - 2013-07-07 22:12 - 00000000 ____D C:\Users\Derek\Downloads\Anti-Rootkit

2013-07-07 22:11 - 2013-07-07 22:11 - 13399154 ____A C:\Users\Derek\Downloads\mbar-1.06.0.1004.zip

2013-07-07 22:09 - 2013-07-07 22:08 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Derek\Desktop\NTREGOPT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darryl\Desktop\NTREGOPT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000899 ____A C:\Users\Darren\Desktop\NTREGOPT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Derek\Desktop\ERUNT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darryl\Desktop\ERUNT.lnk

2013-07-07 22:08 - 2013-07-07 22:08 - 00000880 ____A C:\Users\Darren\Desktop\ERUNT.lnk

2013-07-07 22:07 - 2013-07-07 22:07 - 00791393 ____A (Lars Hederer                                                ) C:\Users\Derek\Downloads\erunt-setup.exe

2013-07-06 23:46 - 2013-07-06 23:46 - 00000000 ____D C:\Users\Derek\AppData\Local\GNU

2013-07-06 23:46 - 2013-04-22 22:57 - 00000000 ____D C:\Users\Derek\AppData\Roaming\gnupg

2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Malwarebytes

2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-07-06 23:03 - 2013-07-06 23:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-05 21:51 - 2013-07-05 21:51 - 00002074 ____A C:\Users\Derek\Desktop\Hobbies.lnk

2013-07-03 21:46 - 2010-10-27 18:03 - 00000000 ____D C:\users\Derek

2013-07-03 20:49 - 2013-07-03 20:43 - 00002268 ____A C:\Windows\logboot_04.07.2013.tureg.log

2013-07-03 20:49 - 2009-07-13 19:34 - 77332480 ____A C:\Windows\System32\config\SOFTWARE_tureg_old

2013-07-03 20:49 - 2009-07-13 19:34 - 18874368 ____A C:\Windows\System32\config\SYSTEM_tureg_old

2013-07-03 20:49 - 2009-07-13 19:34 - 00028672 ____A C:\Windows\System32\config\SECURITY_tureg_old

2013-07-03 20:42 - 2009-07-13 19:34 - 00327680 ____A C:\Windows\System32\config\DEFAULT_tureg_old

2013-07-03 20:42 - 2009-07-13 19:34 - 00131072 ____A C:\Windows\System32\config\SAM_tureg_old

2013-07-03 20:29 - 2011-11-04 22:18 - 00000000 ____D C:\Registry Export

2013-07-03 19:54 - 2013-07-03 19:54 - 00001903 ____A C:\Users\Derek\Desktop\Logs.lnk

2013-07-03 12:05 - 2013-07-03 12:05 - 97474796 ____A C:\Users\Derek\Downloads\Bear Creek.zip

2013-07-03 11:34 - 2013-07-03 11:34 - 00000000 ____D C:\Users\Derek\AppData\Local\Amazon Cloud Player

2013-07-03 11:33 - 2013-07-03 11:33 - 33397640 ____A (Amazon) C:\Users\Derek\Downloads\AmazonCloudPlayerInstaller332._V381017050_.exe

2013-07-02 21:24 - 2013-07-02 21:24 - 01786752 ____A C:\Users\Derek\Downloads\Coins.zip

2013-07-02 21:22 - 2013-07-02 21:00 - 00000000 ____D C:\Users\Derek\Downloads\Coins

2013-07-02 12:32 - 2013-07-02 12:32 - 00009030 ____A C:\Windows\HL-2070N.INI

2013-07-02 12:32 - 2013-07-02 12:32 - 00000152 ____A C:\Windows\BRVIDEO.INI

2013-07-02 12:32 - 2013-07-02 12:32 - 00000039 ____A C:\Windows\SysWOW64\bd2070n.dat

2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____D C:\Program Files (x86)\Brownie

2013-07-02 12:32 - 2013-07-02 12:32 - 00000000 ____A C:\Windows\brmx2001.ini

2013-07-02 12:31 - 2010-03-23 18:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-07-02 12:30 - 2013-07-02 12:30 - 00000000 ____D C:\Users\Derek\Downloads\install

2013-07-02 12:30 - 2013-07-02 12:29 - 105634606 ____A (A.I.SOFT,INC.) C:\Users\Derek\Downloads\HL2030_70-inst-win7-A2-en.EXE

2013-07-02 01:06 - 2013-07-02 01:06 - 00017173 ____A C:\Users\Derek\Downloads\server.prefs

2013-07-02 00:37 - 2013-07-01 23:36 - 00000000 ____D C:\ProgramData\Squeezebox

2013-07-01 23:37 - 2013-07-01 23:36 - 00000000 ____D C:\Program Files (x86)\Squeezebox

2013-07-01 23:36 - 2013-07-01 23:35 - 58564896 ____A (Logitech                                                    ) C:\Users\Derek\Downloads\LogitechMediaServer-7.7.2.exe

2013-06-30 03:48 - 2013-06-30 03:48 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-06-30 03:48 - 2013-06-30 03:48 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-06-30 03:48 - 2013-06-30 03:48 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-06-30 03:48 - 2013-06-27 10:27 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-06-30 03:48 - 2011-04-16 17:51 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-06-30 03:48 - 2010-03-23 18:05 - 00000000 ____D C:\Program Files (x86)\Java

2013-06-30 00:02 - 2013-06-30 00:02 - 00000000 ____A C:\Windows\setuperr.log

2013-06-29 16:36 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2013-06-27 18:50 - 2010-10-28 13:26 - 00000000 ____D C:\Users\Derek\AppData\Roaming\Mozilla

2013-06-27 10:46 - 2013-04-20 20:49 - 00000000 ____D C:\ProgramData\Apple Computer

2013-06-27 10:46 - 2013-04-20 20:49 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-27 10:26 - 2013-06-27 10:26 - 00000000 ____D C:\ProgramData\McAfee

2013-06-27 10:19 - 2010-03-23 18:09 - 00000000 ____D C:\ProgramData\Toshiba

2013-06-27 10:19 - 2010-03-23 18:06 - 00000000 ____D C:\Program Files\TOSHIBA

2013-06-27 09:59 - 2013-05-14 11:46 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client

2013-06-27 09:58 - 2012-11-26 21:36 - 00000000 ____D C:\Users\Derek\Downloads\Program Updates

2013-06-27 04:15 - 2012-08-01 20:52 - 00000000 ____D C:\Users\Derek\Documents\_NEW DIRECTORIES

2013-06-24 08:29 - 2013-06-24 07:49 - 00000000 ____D C:\Program Files (x86)\SlimCleaner

2013-06-24 08:12 - 2013-06-24 08:12 - 00000000 ____D C:\Program Files (x86)\SlimComputer

2013-06-24 08:12 - 2013-06-24 07:50 - 00000000 ____D C:\Users\Derek\AppData\Local\SlimWare Utilities Inc

2013-06-24 08:12 - 2013-06-24 07:49 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2013-06-24 08:07 - 2013-06-24 08:07 - 00000589 ____A C:\Users\Derek\Downloads\MyDefrag.debuglog

2013-06-24 07:58 - 2010-03-23 17:42 - 00000000 ____D C:\Windows\Panther

2013-06-23 21:19 - 2013-06-23 21:19 - 00649536 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\slimcomputer-setup.exe

2013-06-23 21:18 - 2013-06-23 21:18 - 00735104 ____A (SlimWare Utilities, Inc.) C:\Users\Derek\Downloads\SlimCleaner-setup.exe

2013-06-19 21:22 - 2013-06-19 21:21 - 03165702 ____A C:\Users\Derek\Downloads\video.wmv

2013-06-19 12:09 - 2011-12-30 09:32 - 00000263 ____A C:\Users\Derek\AppData\Roaming\Battery Meter_Settings.ini

2013-06-19 11:37 - 2013-06-19 11:37 - 00000000 ____D C:\ProgramData\ESET

2013-06-19 11:30 - 2013-06-06 00:16 - 00000000 ____D C:\ProgramData\AVAST Software

2013-06-19 04:17 - 2012-08-04 20:21 - 00000000 ____D C:\Users\Derek\Pictures2

2013-06-16 09:40 - 2013-06-16 09:27 - 00000000 ____D C:\Windows\pss

2013-06-12 05:14 - 2012-05-15 10:53 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-06-12 05:14 - 2011-08-27 18:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-06-12 03:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2013-06-12 02:03 - 2010-10-28 15:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-06-11 04:18 - 2012-08-04 21:28 - 00000000 ____D C:\Users\Derek\SerenityBay.com

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-07-03 01:36

 

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please run DDS and send me those files and we'll see if we can detect any left over from iObit still.    You should uninstall the SlimCleaner that really is not needed and Windows 7 can already do the maintenance for you. Most of these type of tools are always susceptible to toolbars and other potential threats that can either screw up your computer or eventually help to allow it to get infected.

 

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment. 


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt


  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file


 

Link to post
Share on other sites
derekpw

derekpw

Posted
  • Author
Posted

attached.  i have not seen the iobit defrag yet on a reboot. either it hasn't been rebooted enough yet, i think i had it run every 10th reboot, or it is gone.  should we end this unless i see it again?  i do see iobit toolbar listed in that log but have no idea where that is.  i am gone for about 3 hours now.

dds.txt

attach.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

I would recommend that you go to your Control Panel, Programs, Add/Remove and uninstall the following programs and when done reboot the computer.

IObit Toolbar v4.3
Java 7 Update 21 (64-bit)
Java™ 6 Update 26
SlimCleaner
SlimComputer
 
 
 
Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Then let me know if there is any other issues or concerns before we finish up here.

Thanks

Link to post
Share on other sites
derekpw

derekpw

Posted
  • Author
Posted
 Results of screen317's Security Check version 0.99.68  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled!  

ESET NOD32 Antivirus 6.0   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:`````````

 Malwarebytes Anti-Malware version 1.75.0.1300  

 TuneUp Utilities 2012   

 TuneUp Utilities Language Pack (en-US) 

 Java 7 Update 25  

 Adobe Flash Player 11.7.700.224  

 Adobe Reader XI  

 Mozilla Thunderbird (17.0.5) 

 Google Chrome 27.0.1453.116  

 Google Chrome 28.0.1500.71  

````````Process Check: objlist.exe by Laurent````````

 WinPatrol winpatrol.exe 

 ESET NOD32 Antivirus egui.exe  

 ESET NOD32 Antivirus ekrn.exe  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 BillP Studios WinPatrol WinPatrol.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log``````````````````````

 

 

i uninstalled the programs you recommended.  the iobit toolbar errored when i tried.  see attached snip.

 

post-142473-0-76231400-1373510623_thumb.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

No problem I'll write up a script tool for you to run later tonight or we'll use another tool for it.

 

As for this software you might want to reconsider using it.  Windows 7 can do all of the required maintenance needed on its own and the Registry cleaning tools can actually cause harm to your computer.

 

TuneUp Utilities 2012   

TuneUp Utilities Language Pack (en-US)
 
Again, up to you but I wouldn't run it on my own computer as it's simply not needed.
 
I'll post back something later tonight for this iObit clean up.  
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please download SystemLook from below and save it to your Desktop.

SystemLook (64-bit)

  • Double-click SystemLook_x64.exe to run it.
  • Copy the contents of the following code box into the main text field:

    :filefind*iobit*:folderfind*iobit*:regfindiobit
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to post
Share on other sites
derekpw

derekpw

Posted
  • Author
Posted

Geez!

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:18 on 10/07/2013 by Derek
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*iobit*"
C:\Boot\BCD.iobit --a---- 28672 bytes [05:46 19/02/2012] [00:08 07/04/2012] 8B5CF183435280E0A657255CC01B5A2A
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\iobit@mybrowserbar.com --a---- 40 bytes [10:11 18/01/2011] [05:05 13/02/2011] 672F3175987DF93CA25D9B1946FAF88E
C:\Users\Derek\NTUSER.DAT.iobit --a---- 2715648 bytes [05:46 19/02/2012] [00:08 07/04/2012] E64459AC6E7C622157C075FA1D2FD82B
C:\Users\Derek\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 2580480 bytes [05:46 19/02/2012] [00:08 07/04/2012] 7F43179596F774D9AC202B73AF671EA8
C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Recent\IObit Toolbar v4.3 Uninstall.PNG.lnk --a---- 673 bytes [02:22 11/07/2013] [02:43 11/07/2013] CEC8D709A63986FEA1EE9521B4A80A75
C:\Users\Derek\Desktop\IObit Toolbar v4.3 Uninstall.PNG --a---- 30082 bytes [02:22 11/07/2013] [02:22 11/07/2013] 226B99CC49A3A115AA7BFA0F092877FB
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.iobit --a---- 311296 bytes [05:46 19/02/2012] [00:08 07/04/2012] FF1B4505F17ADC103FAAF6F2B5CD6B75
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.iobit --a---- 446464 bytes [05:46 19/02/2012] [00:08 07/04/2012] 267F4BD2A00B11CE4541D7A59DE0E2FD
C:\Windows\System32\config\DEFAULT.iobit --a---- 327680 bytes [05:46 19/02/2012] [05:46 19/02/2012] B24E83A2829160B4D68A8BCF4BC15260
C:\Windows\System32\config\SAM.iobit --a---- 131072 bytes [05:46 19/02/2012] [05:46 19/02/2012] E4A690E61E33A1815507A645277E09D0
C:\Windows\System32\config\SECURITY.iobit --a---- 28672 bytes [05:46 19/02/2012] [05:46 19/02/2012] C9AA5C030160F8AEE5881B131D0C938D
C:\Windows\System32\config\SOFTWARE.iobit --a---- 70447104 bytes [05:46 19/02/2012] [05:46 19/02/2012] EA3D2408742FC9BA3BD72D8566B275A7
C:\Windows\System32\config\SYSTEM.iobit --a---- 13873152 bytes [05:46 19/02/2012] [05:46 19/02/2012] 48E4470B29A051BFF109F2F5DDD4D4F4
 
========== folderfind ==========
 
Searching for "*iobit*"
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [11:37 12/12/2011]
 
========== regfind ==========
 
Searching for "iobit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\IObit]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iobit]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iobit]
[HKEY_CURRENT_USER\Software\Classes\.iobit]
[HKEY_CURRENT_USER\Software\Classes\.iobit]
@="iobit_auto_file"
[HKEY_CURRENT_USER\Software\Classes\iobit_auto_file]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\//\//\IObit Cloud Anti-Malwre]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A92E9B2606CB9284784201A0FC7F6ED3]
"ProductName"="IObit Toolbar v4.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A92E9B2606CB9284784201A0FC7F6ED3\SourceList]
"PackageName"="iobitToolbar.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_2_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_5_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576_RTM~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576_SP1~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB2607576~31bf3856ad364e35~amd64~~6.1.1.0]
"InstallLocation"="\\?\C:\Program Files (x86)\IObit\Advanced SystemCare 5\KB2607576.cab_Temp\C3581070-4620-4CB9-AFFB-33475490863B\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\Res\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\chrome\content\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\chrome\locale\EN-US\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\chrome\locale\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\FF\chrome\skin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\IE\4.3\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\IObit Toolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\227891B259797954E88A157FD9F260A0]
"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\WidgiHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2420B77BA60FFF8459FB252F8249B547]
"A92E9B2606CB9284784201A0FC7F6ED3"="C?\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\extensions\iobit@mybrowserbar.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DCED2B089CF994E8AE06ACC68A5EE9]
"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\Res\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49EFEF44F9F9E174D88D2367B8D09298]
"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5343648881A5C3A4AB95B915E0DD9232]
"A92E9B2606CB9284784201A0FC7F6ED3"="C?\Program Files (x86)\IObit Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\877C70B90AC0B10439D7E233FB552DC0]
"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\FF\chrome\skin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8AA3AE5B29805BA45936E77BE5D17854]
"A92E9B2606CB9284784201A0FC7F6ED3"="C?\Program Files (x86)\IObit Toolbar\FF\install.rdf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2A9776E1D82C384AAF9A1C74B6EFF03]
"A92E9B2606CB9284784201A0FC7F6ED3"="C?\Program Files (x86)\IObit Toolbar\FF\chrome.manifest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8B34D3806072054880CD17980F94CCF]
"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D30D152A4BC0CE44B828A5D2EFAD4865]
"A92E9B2606CB9284784201A0FC7F6ED3"="C:\Program Files (x86)\IObit Toolbar\FF\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A92E9B2606CB9284784201A0FC7F6ED3\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A92E9B2606CB9284784201A0FC7F6ED3\InstallProperties]
"DisplayName"="IObit Toolbar v4.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
"partnerName"="IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit]
"installDir"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\IObit Malware Fighter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\IObit\RegistryDefragBoot]
"LogPath"="\??\C:\Program Files (x86)\IObit\Advanced SystemCare 5\BootTimeLog\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitUpdate_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\IObitUpdate_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{62B9E29A-BC60-4829-8724-100ACFF7E63D}]
"InstallLocation"="C:\Program Files (x86)\IObit Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{62B9E29A-BC60-4829-8724-100ACFF7E63D}]
"DisplayName"="IObit Toolbar v4.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{38A6E5EA-6854-4F3C-AD6C-7FB6E92C5A8C}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmartDefragBootTime]
"LogFileDir"="\??\C:\Program Files (x86)\IObit\Smart Defrag 2\Log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SmartDefragBootTime]
"LogFileDir"="\??\C:\Program Files (x86)\IObit\Smart Defrag 2\Log"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SmartDefragBootTime]
"LogFileDir"="\??\C:\Program Files (x86)\IObit\Smart Defrag 2\Log"
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\AppDataLow\Software\IObit]
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iobit]
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iobit]
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Classes\.iobit]
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Classes\.iobit]
@="iobit_auto_file"
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000\Software\Classes\iobit_auto_file]
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000_Classes\.iobit]
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000_Classes\.iobit]
@="iobit_auto_file"
[HKEY_USERS\S-1-5-21-2953257119-1875599153-1455084081-1000_Classes\iobit_auto_file]
 
-= EOF =-
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please do the following.
 
Click on START and type in CMD.EXE and when it shows on your Menu right click over it and choose "Run as administrator" and type the following exactly as it is and then press the Enter key.
This will create a new file on your Desktop called FileList.txt - please attach that file on  your next reply.
 

DIR /A /S "C:\Windows\System32\config" >%USERPROFILE%\Desktop\FileList.txt
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please save the attached file CFScript.txt to the same location where you have Combofix

 

Backup your Registry again by running he ERUNT utility I had you install

 

Then drag and drop it onto combofix to run it.  Once done it will produce a new log - please post back that new log.

CFScript.txt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.