Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing Malware

Started by sikorsky 14 , Mar 29 2011 07:05 AM

  • Please log in to reply

#1
sikorsky 14
Posted 29 March 2011 - 07:05 AM

sikorsky 14

    Member

  • Member
  • PipPip
  • 18 posts
i need help removing some spyware/virus/malware on my computer (system specs should be in my signature?) im not quit sure what it is but when i start my computer malwarebytes says that it has prevented a process from starting so i quarintiened it i cant remember what the file was called, malware bytes also blocks alot of ip address's, sometimes when using Firefox it would randomly search something (using ctrl+f) and also on google i tried copying and pasting something into the search bar and it pasted something to do with facebookhack or something similar instead of what i wanted to coy and paste.

i have a feeling it has something to do with a virus in my app data folder (hidden folder) under "username" in my case would be "Timothy" under the start menu(im using Windows 7 Ultimate 64-bit), i have had a virus before that i found under the appdata folder that was called "A.exe" and they are usually random names so i looked under the appdata folder and found these two applications that i think may be the problem but i have not deleted them yet.

the files are under the location:
C:\Users\Timothy\AppData\Roaming

and the two files are called:
0Q11SIUAOM
Special
and they are both application files.

here is an image of the 2 files if it helps:
Posted Image

also a LOG from OTL:

OTL logfile created on: 3/29/2011 11:45:27 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Timothy\Documents\3D Animation Work\programs
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 741.47 Gb Free Space | 79.61% Space Free | Partition Type: NTFS

Computer Name: TIMOTHY-PC | User Name: Timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/29 23:39:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\My Documents\3D Animation Work\programs\OTL.exe
PRC - [2011/03/29 11:36:35 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/03/04 21:33:15 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/23 22:23:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2011/02/23 22:23:36 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/09/07 14:47:29 | 003,432,098 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\DAP\DAP.exe
PRC - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
PRC - [2009/11/20 22:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (SafeList) ==========

MOD - [2011/03/29 23:39:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\My Documents\3D Animation Work\programs\OTL.exe
MOD - [2010/11/20 22:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/19 23:14:25 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/01/27 09:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/26 18:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/11/04 17:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/03/10 01:38:18 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe -- (mi-raysat_3dsmax2011_64)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/03/17 20:03:39 | 003,229,784 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_d76cf65.dll -- (Akamai)
SRV - [2011/03/13 14:00:43 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/04 21:33:15 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/18 22:54:12 | 000,026,424 | --S- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DRIVER_BIN64 -- (DRIVER_B)
DRV:64bit: - [2011/03/11 20:00:47 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/27 10:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/27 09:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/07 16:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/01/06 19:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 00:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/17 23:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/03 06:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 12:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 12:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 12:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 12:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 14:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/18 09:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/20 22:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 22:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/10 08:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2011/03/29 22:53:52 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.c...er/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 2A DC 6A 0F D6 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/03/05 20:34:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/03/29 23:38:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/02/27 12:42:41 | 000,000,000 | ---D | M]

[2011/02/27 11:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Extensions
[2011/03/29 20:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions
File not found (No name found) --
[2011/03/06 00:28:16 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES (X86)\DAP\DAPFIREFOX
[2011/03/09 20:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/10 18:24:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 12\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\TIMOTHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I6IWRQTM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TIMOTHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I6IWRQTM.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/03/29 11:31:35 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Debuger] C:\Users\Timothy\AppData\Roaming\special.exe (AdSndUisb)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Microsoft Debuger] C:\Users\Timothy\AppData\Roaming\special.exe (AdSndUisb)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O4 - Startup: C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\91498.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Microsoft Debuger = C:\Users\Timothy\AppData\Roaming\special.exe (AdSndUisb)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/19 23:09:27 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/29 21:56:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Malwarebytes
[2011/03/29 21:56:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/29 21:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/29 21:56:26 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/29 21:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/29 21:22:58 | 000,368,128 | ---- | C] (AdSndUisb) -- C:\Users\Timothy\AppData\Roaming\special.exe
[2011/03/29 13:38:48 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OZx#Startup#
[2011/03/29 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OZx
[2011/03/29 12:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011/03/29 11:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations
[2011/03/28 20:13:28 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\{7380E495-5E4D-4BE0-BCFF-D2712A918DD0}
[2011/03/28 19:01:44 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\A2A
[2011/03/28 18:36:55 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Real_Environment_Simulati
[2011/03/28 18:27:23 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captain Sim
[2011/03/28 18:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Captain Sim
[2011/03/28 18:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CaptainSim
[2011/03/28 17:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A2A Simulations
[2011/03/28 15:24:42 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\ArmA 2
[2011/03/28 15:24:41 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ArmA 2
[2011/03/28 15:22:51 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/03/28 15:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/03/28 15:01:32 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Microsoft Game Studios
[2011/03/28 14:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2011/03/28 13:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/03/28 13:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/03/27 19:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft
[2011/03/27 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\InstallShield
[2011/03/27 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\DirectXJune2010
[2011/03/27 14:34:37 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ArmA 2 Demo
[2011/03/27 14:05:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\FOMM
[2011/03/27 14:05:12 | 000,000,000 | ---D | C] -- C:\Games
[2011/03/27 14:05:04 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\FOMM
[2011/03/27 14:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2011/03/27 13:31:49 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\FalloutNV
[2011/03/27 13:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/03/27 13:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/03/27 12:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011/03/27 12:13:56 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\{A01D0B9D-C9C3-410D-A8C6-81D10C7C873F}
[2011/03/27 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Tracing
[2011/03/27 12:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/03/27 12:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/03/27 12:01:16 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Windows Live
[2011/03/27 12:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/03/27 11:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011/03/27 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2011/03/27 10:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/03/27 10:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2011/03/27 10:32:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[2011/03/27 10:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/03/27 09:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/03/27 09:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/03/26 21:48:35 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Electronic Arts
[2011/03/26 21:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/03/26 21:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/03/26 21:21:24 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\2K Games
[2011/03/26 19:39:57 | 000,000,000 | RH-D | C] -- C:\Users\Timothy\AppData\Roaming\SecuROM
[2011/03/26 19:29:29 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/03/26 19:28:56 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/03/26 19:10:16 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Downloaded Installations
[2011/03/26 17:19:09 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\My Games
[2011/03/26 13:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Esellerate
[2011/03/26 13:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate
[2011/03/26 11:56:55 | 000,279,172 | ---- | C] (Digital River, Inc.) -- C:\Windows\eWebClient.dll
[2011/03/25 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\{F6F4693B-EEB1-4A45-B86F-9F35ED2300E6}
[2011/03/25 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\{2D639940-8917-4AB3-B451-0E1AFB7BB8B3}
[2011/03/24 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx
[2011/03/24 15:19:15 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Need for Speed World
[2011/03/24 15:10:06 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Electronic_Arts_Inc
[2011/03/23 18:30:20 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\{DE4DA28D-8570-4225-ABFE-97DA67F98192}
[2011/03/22 21:34:12 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\{C35A0A57-6832-451F-AFDB-34015223AF5C}
[2011/03/22 21:30:50 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/03/22 21:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/03/22 21:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/03/22 15:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VRS FA-18E Superbug X
[2011/03/21 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\3DMGAME
[2011/03/21 18:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/03/20 21:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VTFEdit
[2011/03/19 23:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/03/19 23:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/03/19 23:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/03/19 23:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2011/03/19 20:24:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\3DReaperDX
[2011/03/19 18:21:16 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\DassaultSystemes
[2011/03/19 18:21:16 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\DassaultSystemes
[2011/03/19 18:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2011/03/19 08:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/03/18 22:55:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/18 22:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ray Adams
[2011/03/18 21:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/03/18 20:36:04 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\My eBooks
[2011/03/18 12:57:26 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Real_Environment_Xtreme
[2011/03/18 12:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Environment Xtreme
[2011/03/18 12:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Environment Xtreme
[2011/03/17 23:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[2011/03/17 23:23:27 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\IObit
[2011/03/17 23:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/03/17 22:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/03/17 22:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/03/17 22:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/17 22:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/03/17 22:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/03/17 22:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/03/17 20:54:36 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\3dsMax
[2011/03/17 20:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/03/17 20:51:24 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Autodesk
[2011/03/17 20:48:41 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\3D Animation Work
[2011/03/17 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Desktop\Games
[2011/03/17 20:38:10 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Inventor
[2011/03/17 20:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/03/17 20:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2011/03/17 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Autodesk
[2011/03/17 20:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2011/03/17 20:29:31 | 000,000,000 | ---D | C] -- C:\Autodesk
[2011/03/17 20:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011/03/17 16:20:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/17 11:16:07 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\BioWare
[2011/03/17 11:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011/03/17 11:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/03/17 11:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2
[2011/03/17 11:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2011/03/17 08:33:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/03/16 18:28:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Flight Simulator X Files
[2011/03/16 18:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2011/03/16 18:11:57 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/03/16 13:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ModMan
[2011/03/16 13:49:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\lib
[2011/03/16 13:49:41 | 000,000,000 | ---D | C] -- C:\Windows\ModMan
[2011/03/15 17:17:00 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\BFBC2
[2011/03/14 18:33:52 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Bioshock2
[2011/03/14 18:33:52 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Bioshock2
[2011/03/14 18:33:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/03/14 18:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/03/14 18:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/03/14 18:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BioShock 2
[2011/03/14 08:27:39 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Bioshock
[2011/03/14 01:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eagle Dynamics
[2011/03/14 01:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eagle Dynamics
[2011/03/14 01:14:54 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\ubi.com
[2011/03/14 01:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ubi.com
[2011/03/14 01:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PocketSoft
[2011/03/14 01:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ubi.com
[2011/03/14 01:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2011/03/14 01:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/03/13 12:26:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\SKIDROW
[2011/03/13 11:32:07 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Activision
[2011/03/11 20:07:17 | 000,346,144 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2011/03/11 20:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/11 20:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/11 20:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/11 13:37:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/03/10 18:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/09 20:48:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/03/09 20:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/03/06 14:27:22 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\{668C1D98-AA9A-4430-9B64-8BD7C8D88BEC}
[2011/03/06 00:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
[2011/03/06 00:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP
[2011/03/05 23:02:49 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\{37C03259-A5D1-469C-829C-17908A0DC983}
[2011/03/05 20:58:38 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Cranium_Consulting_and_Cu
[2011/03/05 20:34:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Apple Computer
[2011/03/05 20:34:49 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Apple Computer
[2011/03/05 20:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/03/05 20:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/05 20:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/03/05 20:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/03/05 20:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/03/05 20:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/03/05 20:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/05 20:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/03/05 20:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/03/05 20:25:59 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ElevatedDiagnostics
[2011/03/05 07:49:05 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\GameSpy
[2011/03/05 07:48:58 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ApplicationHistory
[2011/03/04 21:38:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2011/03/04 14:51:33 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\six-rsync
[2011/03/04 14:31:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Chromium
[2011/03/04 14:30:56 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\six-updater
[2011/03/04 14:29:15 | 000,000,000 | ---D | C] -- C:\.gem
[2011/03/04 14:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Six-Updater
[2011/03/04 00:30:32 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\AdobeUM
[2011/03/04 00:30:32 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Adobe
[2011/03/04 00:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/03/03 19:54:17 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/03/03 19:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teamspeak
[2011/03/03 17:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/03/03 14:23:01 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\ArmA II Launcher
[2011/03/02 22:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/02/28 15:56:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/02/28 01:47:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/02/28 01:46:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/02/28 01:45:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/29 23:42:08 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/29 23:42:08 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/29 23:00:18 | 000,791,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/29 23:00:18 | 000,668,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/29 23:00:18 | 000,124,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/29 22:58:24 | 000,000,409 | ---- | M] () -- C:\Windows\SysWow64\mail.dat
[2011/03/29 22:58:17 | 000,000,265 | ---- | M] () -- C:\Windows\SysWow64\mess.dat
[2011/03/29 22:57:15 | 000,000,201 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\data.dat
[2011/03/29 22:54:54 | 000,016,384 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\svchost.exe
[2011/03/29 22:54:11 | 004,842,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/29 22:53:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/29 21:23:32 | 000,368,128 | ---- | M] (AdSndUisb) -- C:\Users\Timothy\AppData\Roaming\special.exe
[2011/03/29 12:40:03 | 000,785,246 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/29 11:34:08 | 000,016,384 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\0Q11SIUAOM.exe
[2011/03/28 21:15:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/03/26 22:48:02 | 000,084,480 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/03/26 21:45:04 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/26 19:29:29 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/03/26 19:10:25 | 000,000,662 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/03/25 15:19:07 | 000,000,132 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/03/23 13:18:08 | 000,007,632 | ---- | M] () -- C:\Users\Timothy\AppData\Local\Resmon.ResmonCfg
[2011/03/22 15:54:17 | 000,000,090 | -HS- | M] () -- C:\Windows\cnerolf.bin
[2011/03/19 08:42:16 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2011/03/18 22:54:12 | 000,026,424 | --S- | M] () -- C:\Windows\SysNative\drivers\DRIVER_BIN64
[2011/03/17 16:22:30 | 000,001,552 | ---- | M] () -- C:\Users\Timothy\Desktop\Flight Simulator Folder.lnk
[2011/03/11 20:00:47 | 000,346,144 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2011/03/11 20:00:47 | 000,074,272 | ---- | M] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011/03/10 15:01:13 | 000,001,388 | ---- | M] () -- C:\Users\Timothy\Desktop\ArmA 2 Folder.lnk
[2011/03/05 21:40:39 | 000,000,020 | ---- | M] () -- C:\Windows\hú§
[2011/03/05 07:49:01 | 000,000,095 | ---- | M] () -- C:\Users\Timothy\AppData\Local\fusioncache.dat
[2011/03/04 21:33:20 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/04 21:33:15 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/04 21:33:14 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/03 19:54:17 | 000,001,099 | ---- | M] () -- C:\Users\Timothy\Desktop\TeamSpeak 3 Client.lnk
[2011/02/28 01:49:16 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/02/28 01:49:16 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/02/28 01:47:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/29 22:58:24 | 000,000,409 | ---- | C] () -- C:\Windows\SysWow64\mail.dat
[2011/03/29 22:58:17 | 000,000,265 | ---- | C] () -- C:\Windows\SysWow64\mess.dat
[2011/03/29 22:55:15 | 000,000,201 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\data.dat
[2011/03/29 22:54:54 | 000,016,384 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\svchost.exe
[2011/03/29 11:34:08 | 000,016,384 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\0Q11SIUAOM.exe
[2011/03/28 21:15:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/03/26 22:48:02 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/03/26 21:45:03 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/26 19:10:25 | 000,000,662 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/03/25 15:19:07 | 000,000,132 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/03/22 21:29:43 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/03/22 21:28:52 | 000,001,388 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/03/22 15:54:17 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/03/18 22:54:12 | 000,026,424 | --S- | C] () -- C:\Windows\SysNative\drivers\DRIVER_BIN64
[2011/03/17 22:04:18 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2011/03/17 22:03:06 | 000,001,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/03/17 22:02:53 | 000,001,282 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/03/17 22:01:35 | 000,001,389 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/03/17 22:01:23 | 000,001,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/03/17 22:01:03 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/03/17 20:57:38 | 000,001,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 12.lnk
[2011/03/17 16:22:30 | 000,001,552 | ---- | C] () -- C:\Users\Timothy\Desktop\Flight Simulator Folder.lnk
[2011/03/17 14:51:31 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2011/03/14 01:14:54 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/11 22:22:31 | 000,007,632 | ---- | C] () -- C:\Users\Timothy\AppData\Local\Resmon.ResmonCfg
[2011/03/11 20:07:17 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2011/03/10 15:01:13 | 000,001,388 | ---- | C] () -- C:\Users\Timothy\Desktop\ArmA 2 Folder.lnk
[2011/03/05 21:40:39 | 000,000,020 | ---- | C] () -- C:\Windows\hú§
[2011/03/05 20:33:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/03/05 07:49:01 | 000,000,095 | ---- | C] () -- C:\Users\Timothy\AppData\Local\fusioncache.dat
[2011/03/04 21:39:15 | 000,785,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/04 21:33:15 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/04 21:33:15 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/04 21:33:14 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/03 19:54:17 | 000,001,099 | ---- | C] () -- C:\Users\Timothy\Desktop\TeamSpeak 3 Client.lnk
[2011/02/28 01:49:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/02/28 01:48:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/02/28 01:47:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/02/27 10:18:12 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/02/27 10:09:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/27 10:03:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/12/21 13:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/08/27 18:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/26 21:21:24 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\2K Games
[2011/03/03 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\ArmA II Launcher
[2011/03/19 22:34:39 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Autodesk
[2011/03/14 08:28:19 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Bioshock
[2011/03/19 17:35:07 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Bioshock2
[2011/03/19 18:21:16 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\DassaultSystemes
[2011/02/27 12:43:35 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\ESET
[2011/03/17 23:23:27 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\IObit
[2011/03/24 15:19:15 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Need for Speed World
[2011/03/04 14:51:33 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\six-rsync
[2011/03/04 14:55:31 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\six-updater
[2011/03/09 20:49:27 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\SystemRequirementsLab
[2011/03/14 01:14:54 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\ubi.com
[2011/03/29 23:46:33 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\uTorrent
[2009/07/14 16:08:49 | 000,023,134 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B11E0DF

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 29 March 2011 - 10:32 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKLM..\Run: [Microsoft Debuger] C:\Users\Timothy\AppData\Roaming\special.exe (AdSndUisb)
O4 - HKCU..\Run: [Microsoft Debuger] C:\Users\Timothy\AppData\Roaming\special.exe (AdSndUisb)
O4 - Startup: C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\91498.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Microsoft Debuger = C:\Users\Timothy\AppData\Roaming\special.exe (AdSndUisb)
[2011/03/29 21:22:58 | 000,368,128 | ---- | C] (AdSndUisb) -- C:\Users\Timothy\AppData\Roaming\special.exe
[2011/03/29 22:57:15 | 000,000,201 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\data.dat
[2011/03/29 22:54:54 | 000,016,384 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\svchost.exe
[2011/03/29 11:34:08 | 000,016,384 | ---- | M] () -- C:\Users\Timothy\AppData\Roaming\0Q11SIUAOM.exe
[2011/03/29 22:58:24 | 000,000,409 | ---- | M] () -- C:\Windows\SysWow64\mail.dat
[2011/03/29 22:58:17 | 000,000,265 | ---- | M] () -- C:\Windows\SysWow64\mess.dat

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
sikorsky 14
Posted 29 March 2011 - 11:20 PM

sikorsky 14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
alright i have followed you're steps here are the log files:

wasn't sure if you need the OTL one but here it is anyway:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Debuger not found.
File C:\Users\Timothy\AppData\Roaming\special.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Debuger not found.
File C:\Users\Timothy\AppData\Roaming\special.exe not found.
File C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\91498.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Microsoft Debuger not found.
File C:\Users\Timothy\AppData\Roaming\special.exe not found.
File C:\Users\Timothy\AppData\Roaming\special.exe not found.
C:\Users\Timothy\AppData\Roaming\data.dat moved successfully.
File C:\Users\Timothy\AppData\Roaming\svchost.exe not found.
File C:\Users\Timothy\AppData\Roaming\0Q11SIUAOM.exe not found.
C:\Windows\SysWOW64\mail.dat moved successfully.
C:\Windows\SysWOW64\mess.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Timothy\Documents\3D Animation Work\programs\cmd.bat deleted successfully.
C:\Users\Timothy\Documents\3D Animation Work\programs\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Timothy
->Temp folder emptied: 22537463 bytes
->Temporary Internet Files folder emptied: 3314575 bytes
->Java cache emptied: 682127 bytes
->FireFox cache emptied: 122899494 bytes
->Flash cache emptied: 56155 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6378 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 143.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Timothy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 03302011_155428

Files\Folders moved on Reboot...
C:\Users\Timothy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

And the ComboFix log file:

ComboFix 11-03-29.03 - Timothy 03/30/2011 16:11:47.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2699 [GMT 11:00]
Running from: c:\users\Timothy\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 05:15 . 2011-03-30 05:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 04:54 . 2011-03-30 04:54 -------- d-----w- C:\_OTL
2011-03-30 02:17 . 2011-03-30 02:20 -------- d-----w- c:\users\Timothy\AppData\Roaming\.minecraft
2011-03-30 02:17 . 2011-03-30 02:17 -------- d-----w- c:\users\Timothy\AppData\Roaming\.minecraft server
2011-03-30 02:16 . 2011-03-30 02:17 -------- d-----w- c:\program files (x86)\AutoRun Killer
2011-03-29 23:06 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DD5302C-DC4D-4252-B146-C643879E5486}\mpengine.dll
2011-03-29 10:56 . 2011-03-29 10:56 -------- d-----w- c:\users\Timothy\AppData\Roaming\Malwarebytes
2011-03-29 10:56 . 2011-03-29 10:56 -------- d-----w- c:\programdata\Malwarebytes
2011-03-29 10:56 . 2010-12-20 07:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-29 10:56 . 2011-03-29 10:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-29 10:56 . 2010-12-20 07:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 01:41 . 2011-03-29 01:41 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-03-28 09:13 . 2011-03-28 09:13 -------- d-----w- c:\users\Timothy\AppData\Local\{7380E495-5E4D-4BE0-BCFF-D2712A918DD0}
2011-03-28 07:36 . 2011-03-28 07:36 -------- d-----w- c:\users\Timothy\AppData\Local\Real_Environment_Simulati
2011-03-28 07:23 . 2011-03-28 07:23 -------- d-----w- c:\programdata\CaptainSim
2011-03-28 04:24 . 2011-03-22 04:18 -------- d-----w- c:\users\Timothy\AppData\Local\ArmA 2
2011-03-28 04:01 . 2011-03-18 01:18 -------- d-----w- c:\users\Timothy\AppData\Local\Microsoft Game Studios
2011-03-28 03:56 . 2011-03-28 03:56 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2011-03-28 02:27 . 2011-03-28 02:27 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-28 02:13 . 2011-03-28 02:13 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-03-27 08:24 . 2011-03-27 08:24 -------- d-----w- c:\users\Timothy\AppData\Roaming\InstallShield
2011-03-27 03:56 . 2011-03-27 03:56 -------- d-----w- c:\program files\DirectXJune2010
2011-03-27 03:34 . 2011-03-27 03:34 -------- d-----w- c:\users\Timothy\AppData\Local\ArmA 2 Demo
2011-03-27 03:05 . 2011-03-27 03:05 -------- d-----w- C:\Games
2011-03-27 03:05 . 2011-03-27 03:05 -------- d-----w- c:\users\Timothy\AppData\Local\FOMM
2011-03-27 02:31 . 2011-03-10 07:32 -------- d-----w- c:\users\Timothy\AppData\Local\FalloutNV
2011-03-27 02:17 . 2011-03-27 03:04 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2011-03-27 01:18 . 2011-03-27 02:14 -------- d-----w- c:\programdata\Solidshield
2011-03-27 01:13 . 2011-03-27 01:14 -------- d-----w- c:\users\Timothy\AppData\Local\{A01D0B9D-C9C3-410D-A8C6-81D10C7C873F}
2011-03-27 01:13 . 2011-03-02 12:35 -------- d-----w- c:\users\Timothy\Tracing
2011-03-27 01:02 . 2011-03-08 20:44 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-03-27 01:01 . 2011-03-25 06:38 -------- d-----w- c:\users\Timothy\AppData\Local\Windows Live
2011-03-27 01:01 . 2011-03-27 01:01 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-03-27 00:57 . 2011-03-27 00:57 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-03-26 23:32 . 2011-03-26 23:32 -------- d-----w- c:\program files (x86)\THQ
2011-03-26 23:25 . 2011-03-17 12:23 -------- d-----w- c:\program files\Defraggler
2011-03-26 22:30 . 2011-03-26 22:30 -------- d-----w- c:\program files\7-Zip
2011-03-26 11:48 . 2011-03-26 11:48 84480 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2011-03-26 10:48 . 2011-03-26 10:48 -------- d-----w- c:\users\Timothy\AppData\Local\Electronic Arts
2011-03-26 10:48 . 2011-03-25 11:05 -------- d-----w- c:\programdata\Electronic Arts
2011-03-26 10:45 . 2011-03-26 10:45 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-03-26 10:21 . 2011-03-26 10:21 -------- d-----w- c:\users\Timothy\AppData\Roaming\2K Games
2011-03-26 08:39 . 2011-03-26 08:39 -------- d--h--r- c:\users\Timothy\AppData\Roaming\SecuROM
2011-03-26 08:29 . 2011-03-26 08:29 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-03-26 08:10 . 2011-03-26 08:10 662 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-03-26 08:10 . 2011-03-18 10:20 -------- d-----w- c:\users\Timothy\AppData\Local\Downloaded Installations
2011-03-26 02:31 . 2011-03-26 02:31 -------- d-----w- c:\programdata\Esellerate
2011-03-26 02:31 . 2011-03-26 02:31 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2011-03-26 00:56 . 2007-04-19 02:04 279172 ----a-w- c:\windows\eWebClient.dll
2011-03-25 06:38 . 2011-03-25 06:39 -------- d-----w- c:\users\Timothy\AppData\Local\{F6F4693B-EEB1-4A45-B86F-9F35ED2300E6}
2011-03-25 06:38 . 2011-03-25 06:38 -------- d-----w- c:\users\Timothy\AppData\Local\{2D639940-8917-4AB3-B451-0E1AFB7BB8B3}
2011-03-24 04:19 . 2011-03-24 04:19 -------- d-----w- c:\users\Timothy\AppData\Roaming\Need for Speed World
2011-03-24 04:10 . 2011-03-24 04:10 -------- d-----w- c:\users\Timothy\AppData\Local\Electronic_Arts_Inc
2011-03-23 07:30 . 2011-03-23 07:30 -------- d-----w- c:\users\Timothy\AppData\Local\{DE4DA28D-8570-4225-ABFE-97DA67F98192}
2011-03-22 10:34 . 2011-03-22 10:34 -------- d-----w- c:\users\Timothy\AppData\Local\{C35A0A57-6832-451F-AFDB-34015223AF5C}
2011-03-22 10:30 . 2011-03-22 10:30 -------- d-----w- c:\windows\en
2011-03-22 10:28 . 2011-03-22 10:28 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-03-22 10:26 . 2011-03-22 10:28 -------- d-----w- c:\program files (x86)\Windows Live
2011-03-22 04:54 . 2011-03-22 04:54 90 --sh--w- c:\windows\cnerolf.bin
2011-03-21 08:58 . 2011-03-21 08:58 -------- d-----w- c:\users\Timothy\AppData\Local\3DMGAME
2011-03-21 07:12 . 2011-03-21 07:12 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-03-20 10:27 . 2011-03-20 10:28 -------- d-----w- c:\program files (x86)\VTFEdit
2011-03-19 12:14 . 2011-03-19 12:14 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-03-19 12:13 . 2011-03-19 12:13 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-03-19 12:11 . 2011-03-19 12:11 -------- d-----w- c:\program files (x86)\Autodesk
2011-03-19 07:21 . 2011-03-19 07:50 -------- d-----w- c:\programdata\DassaultSystemes
2011-03-19 07:21 . 2011-03-19 07:21 -------- d-----w- c:\users\Timothy\AppData\Roaming\DassaultSystemes
2011-03-19 07:21 . 2011-03-19 07:21 -------- d-----w- c:\users\Timothy\AppData\Local\DassaultSystemes
2011-03-18 11:54 . 2011-03-18 11:54 -------- d-----w- c:\program files (x86)\Ray Adams
2011-03-18 10:20 . 2011-03-18 10:20 -------- d-----w- c:\program files (x86)\AMD
2011-03-18 09:36 . 2003-05-14 13:01 133376 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-18 01:57 . 2011-03-18 01:57 -------- d-----w- c:\users\Timothy\AppData\Local\Real_Environment_Xtreme
2011-03-18 01:51 . 2011-03-29 06:41 -------- d-----w- c:\program files (x86)\Real Environment Xtreme
2011-03-17 12:23 . 2011-03-17 12:23 -------- d-----w- c:\users\Timothy\AppData\Roaming\IObit
2011-03-17 12:23 . 2011-03-17 12:23 -------- d-----w- c:\program files (x86)\IObit
2011-03-17 11:04 . 2011-03-17 11:08 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-03-17 11:03 . 2011-03-17 11:04 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-17 11:02 . 2011-03-17 11:02 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-03-17 11:01 . 2011-03-17 11:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-03-17 09:51 . 2011-03-17 09:51 -------- d-----w- c:\programdata\FLEXnet
2011-03-17 09:51 . 2011-03-19 11:33 -------- d-----w- c:\users\Timothy\AppData\Local\Autodesk
2011-03-17 09:36 . 2011-03-19 12:17 -------- d-----w- c:\program files\Autodesk
2011-03-17 09:35 . 2011-03-19 12:13 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2011-03-17 09:35 . 2008-07-11 21:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-03-17 09:35 . 2008-07-11 21:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-03-17 09:35 . 2008-07-11 21:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-03-17 09:35 . 2008-07-11 21:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-03-17 09:35 . 2008-07-11 21:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-03-17 09:35 . 2008-07-11 21:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-17 09:33 . 2011-03-19 12:13 -------- d-----w- c:\programdata\Autodesk
2011-03-17 09:33 . 2011-03-19 11:34 -------- d-----w- c:\users\Timothy\AppData\Roaming\Autodesk
2011-03-17 09:29 . 2011-03-19 12:09 -------- d-----w- C:\Autodesk
2011-03-17 09:03 . 2011-03-30 05:10 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-03-17 00:14 . 2011-03-21 07:12 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-03-17 00:14 . 2011-03-21 07:12 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-03-17 00:04 . 2011-03-17 00:14 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2011-03-17 00:04 . 2011-03-17 00:10 -------- d-----w- c:\program files (x86)\Mass Effect 2
2011-03-16 21:33 . 2011-03-16 21:33 -------- d-sh--w- c:\programdata\DSS
2011-03-16 07:25 . 2011-03-16 07:25 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2011-03-16 07:11 . 2011-03-16 07:11 -------- d-----w- c:\windows\PCHEALTH
2011-03-16 02:49 . 2011-03-16 02:49 -------- d-----w- c:\windows\SysWow64\lib
2011-03-16 02:49 . 2011-03-16 02:49 -------- d-----w- c:\windows\ModMan
2011-03-14 07:33 . 2011-03-14 07:33 -------- d-----w- c:\windows\SysWow64\xlive
2011-03-14 07:33 . 2011-03-14 07:33 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-03-14 07:18 . 2011-03-17 10:49 -------- d-----w- c:\program files (x86)\BioShock 2
2011-03-13 21:27 . 2011-03-13 21:28 -------- d-----w- c:\users\Timothy\AppData\Roaming\Bioshock
2011-03-13 14:23 . 2011-03-13 14:23 -------- d-----w- c:\program files (x86)\Eagle Dynamics
2011-03-13 14:13 . 2003-11-14 05:12 518416 ----a-r- c:\windows\SysWow64\MSXML.DLL
2011-03-13 14:11 . 2011-03-13 14:11 -------- d-----w- c:\program files (x86)\Ubisoft
2011-03-13 14:11 . 2011-03-13 14:11 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-03-13 14:11 . 2003-02-27 05:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-03-13 14:11 . 2002-12-05 03:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-03-13 14:11 . 2002-12-02 04:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-03-13 14:11 . 2002-12-02 02:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-03-13 14:11 . 2002-12-02 02:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-03-13 14:11 . 2011-03-13 14:11 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-03-13 01:26 . 2011-03-13 01:26 -------- d-----w- c:\users\Timothy\AppData\Local\SKIDROW
2011-03-13 00:32 . 2011-03-13 00:32 -------- d-----w- c:\users\Timothy\AppData\Local\Activision
2011-03-11 09:07 . 2011-03-11 09:00 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-03-11 09:07 . 2011-03-11 09:00 346144 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-03-11 09:06 . 2011-03-11 09:07 -------- d-----w- c:\program files\iTunes
2011-03-11 09:06 . 2011-03-11 09:06 -------- d-----w- c:\program files\iPod
2011-03-10 07:24 . 2011-03-10 07:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-09 09:48 . 2011-03-09 09:48 -------- d-----w- c:\windows\Sun
2011-03-09 09:48 . 2011-03-10 07:24 -------- d-----w- c:\program files (x86)\Java
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-30 05:01 . 2011-02-26 23:20 25640 ----a-w- c:\windows\gdrv.sys
2011-03-22 10:26 . 2009-08-18 00:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 09:00 . 2011-02-26 23:09 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-02-27 21:03 . 2011-02-27 03:11 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-02-27 21:03 . 2011-02-27 03:11 14848 ----a-w- c:\windows\system32\slwga.dll
2011-02-27 21:03 . 2011-02-27 03:10 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-02-27 21:03 . 2011-02-27 03:12 1008640 ----a-w- c:\windows\system32\user32.dll
2011-02-27 21:03 . 2011-02-27 03:11 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-02-27 05:32 . 2011-02-27 05:32 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-27 03:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-27 03:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-27 00:48 . 2011-02-27 00:48 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2011-02-18 05:36 . 2011-02-18 05:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 05:36 . 2011-02-18 05:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 10:40 . 2011-02-27 00:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 07:11 . 2011-02-27 00:25 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2010-09-29 01:54 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2011-01-26 22:56 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2010-09-29 01:37 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2011-01-26 22:28 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2011-01-26 22:24 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2011-02-27 00:04 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2011-01-26 22:14 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-09-29 01:14 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2011-01-26 22:12 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2010-09-29 01:13 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-01-17 11:09 . 2011-02-27 01:00 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-17 05:47 . 2011-02-27 01:00 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-07 12:17 . 2011-02-27 01:00 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 12:17 . 2011-02-27 01:00 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 12:14 . 2011-02-27 01:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 09:51 . 2011-02-27 01:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 09:20 . 2011-02-27 01:00 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 07:46 . 2011-02-27 01:00 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:46 . 2011-02-27 01:00 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-27 01:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 06:01 . 2011-02-27 01:01 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-01-07 05:43 . 2011-02-27 01:00 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-07 05:03 . 2011-01-07 05:03 45408 ----a-w- c:\windows\system32\drivers\point64.sys
2011-01-07 05:03 . 2011-01-07 05:03 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-01-06 08:37 . 2011-01-06 08:37 51584 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-01-05 10:34 . 2011-02-27 01:00 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 06:56 . 2011-02-27 01:00 3129344 ----a-w- c:\windows\system32\win32k.sys
2011-01-05 05:55 . 2011-02-27 01:00 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
------- Sigcheck -------
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-02-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-02-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-29 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\Gigabyte\GBTUpd\PreRun.exe" [2008-04-02 297480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
R3 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-19 1436424]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-16 194496]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-11-04 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-12 10134560]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2919168]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Timothy\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_d76cf65.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_d76cf65.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1441474589-596432395-1113266856-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:93,29,3b,d4,e4,23,a8,b7,54,56,74,3f,7b,f8,46,46,a2,13,ac,8f,40,79,87,
29,47,7d,ef,f7,7c,64,c3,c7,ba,3d,40,7d,59,c4,71,46,27,6b,b0,79,bd,f8,04,7c,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1441474589-596432395-1113266856-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,cd,d9,9c,1f,9b,f8,f6,a2,95,89,50,3a,83,0c,87,62,ee,df,92,62,
b2,1d,b8,fb,e3,f0,fb,ed,ed,a8,43,87,17,61,c6,04,c1,c4,b8,80,80,37,4b,f4,6c,\
"rkeysecu"=hex:25,d7,34,f1,af,41,17,23,cc,1b,3c,db,6b,20,c1,ce
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-30 16:16:39
ComboFix-quarantined-files.txt 2011-03-30 05:16
.
Pre-Run: 754,860,482,560 bytes free
Post-Run: 754,735,665,152 bytes free
.
- - End Of File - - 929909FE6AF040A13003FC57BE7133A2
  • 0

#4
Gammo
Posted 30 March 2011 - 06:26 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

That looks better. A few more scans and we're done. :D

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#5
sikorsky 14
Posted 31 March 2011 - 12:34 AM

sikorsky 14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
although MBAM quick scan and ESET online scanner didn't find any threats i will post the logs anyway.

MBAM quick scan log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6223

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

3/31/2011 4:03:41 PM
mbam-log-2011-03-31 (16-03-41).txt

Scan type: Quick scan
Objects scanned: 167842
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET online scanner log:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=6ddebeaabf50a645a4676cb6ac9c6d32
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-31 06:25:00
# local_time=2011-03-31 05:25:00 (+1000, AUS Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 53182012 0 0
# compatibility_mode=8201 39157181 100 75 0 11862156 0 0
# scanned=277593
# found=0
# cleaned=0
# scan_time=4138
# nod_component=V3 Build:0x30000000
  • 0

#6
Gammo
Posted 31 March 2011 - 03:17 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :D
  • 0

#7
sikorsky 14
Posted 31 March 2011 - 04:26 AM

sikorsky 14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
thanks helped me out alot all good now, im not experiencing any unusuall activity on my computer anymore.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP