Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Web Browser Injection

Started by blackfire88 , Aug 20 2011 04:51 AM

This topic is locked

#16
blackfire88

Posted 23 August 2011 - 04:53 PM

Member

Topic Starter
Member
23 posts

2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,240 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 99900.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,262 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 80.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,194 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 63200.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,240 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 630.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,244 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 5.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,304 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 42710.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,238 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 4000.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,174 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 3483.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,304 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 310.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,228 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 260.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 240.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,228 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 220.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,260 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 218.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,234 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 215.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,182 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 211.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,298 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 17500.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,348 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 100.reg.dat
2011-08-23 06:52:16 . 2011-08-23 06:52:16 1,246 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 10.reg.dat
2011-08-23 06:52:15 . 2011-08-23 06:52:15 1,302 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Searchqu 405 MediaBar.reg.dat
2011-08-23 06:52:15 . 2011-08-23 06:52:15 556 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Half-Life Dedicated Server Update Tool.reg.dat
2011-08-23 06:52:15 . 2011-08-23 06:52:15 1,978 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Free Screen Recorder_is1.reg.dat
2011-08-23 06:52:08 . 2011-08-23 06:52:08 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2011-08-23 06:51:55 . 2011-08-23 06:51:55 79 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-fsm.reg.dat
2011-08-23 06:51:55 . 2011-08-23 06:51:55 79 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Steam.reg.dat
2011-08-23 06:51:55 . 2011-08-23 06:51:55 90 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-10.reg.dat
2011-08-23 06:47:42 . 2011-08-23 06:47:42 12,409 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-08-23 06:16:22 . 2011-08-23 06:16:22 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-07-04 12:06:30 . 2011-07-04 12:06:33 532,799 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\Documents\505.zip.vir
2011-06-23 10:04:24 . 2011-06-23 10:04:26 596,291 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\Documents\526.zip.vir
2011-05-22 01:08:19 . 2011-05-22 07:27:12 428,960 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\Desktop\Setup.exe.vir
2011-04-16 06:41:02 . 2011-04-08 15:54:44 396,800 ----a-w- C:\Qoobox\Quarantine\C\setup.exe.vir
2011-04-16 00:58:25 . 2010-12-09 15:17:40 5,529 ----a-w- C:\Qoobox\Quarantine\C\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\oko3wcv3.default\searchplugins\SearchquWebSearch.xml.vir
2009-09-14 00:57:44 . 2011-08-06 22:21:12 1,242,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Steam\Steam.exe.vir
2007-11-06 21:03:18 . 2007-11-06 21:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

#17
Gammo

Posted 24 August 2011 - 09:48 AM

Member 2k

Malware Removal
2,299 posts

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::

DeQuarantine::
C:\Qoobox\Quarantine\C\Program Files (x86)\Steam\Steam.exe.vir

Firefox::
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\oko3wcv3.default\
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=405&q=

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Open notepad by going to Start > Run and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following:

@echo off
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Steam.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 99900.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 80.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 63200.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 630.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 5.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 42710.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 4000.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 3483.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 310.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 260.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 240.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 220.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 218.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 215.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 211.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 17500.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 100.reg.dat"
Regedit /s "C:\Qoobox\Quarantine\Registry_backups\AddRemove-Steam App 10.reg.dat"
del %0

In Notepad click on the "File" menu > Save As...
Under "File name" type steam.bat
Change "Save as type" to All Files
Save it to your Desktop

Double click on steam.bat. It will open a notepad windows. Please post the contents of this file in your next reply.

Is Steam working again after doing the above?

#18
blackfire88

Posted 25 August 2011 - 05:41 AM

Member

Topic Starter
Member
23 posts

I would like to mention, a screen with hebrew in it came up and had like an ad on it, it then closed. During it being open(about 0.5 of a second) there was a progress bar, and it went really fast.....?

#19
blackfire88

Posted 25 August 2011 - 05:59 AM

Member

Topic Starter
Member
23 posts

ComboFix 11-08-24.06 - ASUS 08/25/2011 21:49:07.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8151.6306 [GMT 10:00]
Running from: c:\users\Public\Music\sexy music\ComboFix.exe
Command switches used :: c:\users\Public\Music\sexy music\CFSCRIPT.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 11:55 . 2011-08-25 11:55 -------- d-----w- C:\ComboFix - Copy
2011-08-25 11:55 . 2011-08-25 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-25 02:20 . 2011-08-25 05:58 -------- d-----w- c:\users\ASUS\avatars
2011-08-24 08:42 . 2011-08-24 08:42 -------- d-----w- c:\windows\VMUVC
2011-08-24 05:36 . 2011-08-24 05:38 -------- d-----w- c:\program files\Babylon
2011-08-24 05:36 . 2011-08-24 05:36 -------- d-----w- c:\program files (x86)\Babylon
2011-08-24 03:50 . 2011-08-24 03:50 -------- d-----w- c:\users\ASUS\AppData\Roaming\SmartHideIP
2011-08-24 03:50 . 2011-08-24 03:50 -------- d-----w- c:\programdata\SmartHideIP
2011-08-24 03:50 . 2011-08-24 03:50 -------- d-----w- c:\program files (x86)\Ask.com
2011-08-24 03:50 . 2011-08-24 03:50 -------- d-----w- c:\program files (x86)\SmartHideIP
2011-08-22 11:57 . 2011-08-22 11:57 -------- d-----w- C:\_OTL
2011-08-21 05:06 . 2008-11-21 17:33 1650688 ------w- c:\windows\SysWow64\IcdShlex.dll
2011-08-20 00:58 . 2011-08-21 10:50 -------- d-----w- C:\cellcity
2011-08-19 23:24 . 2011-08-20 06:01 -------- d-----w- C:\cs_forest_dense
2011-08-17 08:39 . 2011-08-17 08:39 -------- d-----w- C:\ZombieMod
2011-08-15 00:18 . 2011-08-15 00:18 -------- d-----w- c:\users\ASUS\AppData\Roaming\GameMaker
2011-08-13 06:31 . 2011-08-13 06:31 -------- d-----w- c:\windows\en
2011-08-13 06:26 . 2011-08-13 06:26 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-13 06:26 . 2009-09-04 07:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-08-13 06:26 . 2009-09-04 07:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-08-13 06:25 . 2009-09-04 07:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-08-13 06:25 . 2009-09-04 07:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-08-13 06:24 . 2006-11-29 03:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-08-13 06:24 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-08-13 05:24 . 2011-08-13 05:24 -------- d-----w- c:\users\ASUS\AppData\Local\GayMaker 8.1
2011-08-13 01:15 . 2011-08-13 01:19 -------- d-----w- c:\users\ASUS\My Games
2011-08-12 10:59 . 2011-08-12 11:00 -------- d-----w- c:\users\ASUS\AppData\Local\AutoTyperMurGee
2011-08-12 10:59 . 2011-08-12 11:07 -------- d-----w- c:\program files (x86)\Auto Typer by MurGee
2011-08-11 07:35 . 2011-08-11 07:35 -------- d-----w- c:\program files\Proxy Labs
2011-08-10 17:01 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-10 17:01 . 2011-07-22 05:36 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-08-10 08:12 . 2011-08-10 08:12 -------- d-----w- c:\users\ASUS\.thumbnails
2011-08-10 08:11 . 2011-08-10 08:11 -------- d-----w- c:\program files\Blender Foundation
2011-08-10 07:48 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 07:47 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 07:47 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 07:47 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-07 07:47 . 2011-08-07 07:47 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\35ded8fd1cc54d601\MeshBetaRemover.exe
2011-08-04 11:42 . 2011-08-16 10:18 -------- d-----w- c:\users\ASUS\Maps
2011-08-01 12:17 . 2011-08-01 12:17 413696 ----a-w- c:\windows\SysWow64\pcapwsp.dll
2011-08-01 12:17 . 2011-08-01 12:17 315392 ----a-w- c:\windows\SysWow64\sbcrreag.dll
2011-08-01 12:15 . 2011-08-01 12:15 526336 ----a-w- c:\windows\system32\pcapwsp.dll
2011-08-01 12:15 . 2011-08-01 12:15 356352 ----a-w- c:\windows\system32\sbcrreag.dll
2011-07-30 06:05 . 2011-07-30 06:05 -------- d-----w- c:\users\ASUS\AppData\Local\Vitalwerks
2011-07-30 06:05 . 2011-07-30 06:05 -------- d-----w- c:\program files (x86)\No-IP
2011-07-30 02:58 . 2011-07-30 02:58 -------- d-----w- c:\program files\VTF Shell Extensions
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 09:50 . 2011-05-20 21:59 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:26 . 2011-08-10 07:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-08 07:45 . 2011-05-10 06:16 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-06 05:54 . 2010-12-28 15:42 363560 ----a-w- c:\windows\system32\guard64.dll
2011-07-06 05:54 . 2010-12-28 15:42 285256 ----a-w- c:\windows\SysWow64\guard32.dll
2011-07-06 05:53 . 2011-01-06 07:37 92688 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-07-06 05:53 . 2011-01-06 07:37 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-06 05:53 . 2011-01-06 07:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-07-06 05:53 . 2011-01-06 07:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 07:35 . 2011-03-20 06:43 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-30 07:33 . 2011-03-20 06:43 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-15 18:57 . 2011-04-20 11:06 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-11 03:07 . 2011-07-13 05:02 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-08 06:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-08 06:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-27 21:37 . 2011-05-27 21:37 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-27 21:37 . 2011-05-27 21:37 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-27 21:37 . 2011-05-27 21:37 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-27 21:37 . 2011-05-27 21:37 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-27 21:37 . 2011-05-27 21:37 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-27 21:37 . 2011-05-27 21:37 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-27 21:37 . 2011-05-27 21:37 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-27 21:37 . 2011-05-27 21:37 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-27 21:37 . 2011-05-27 21:37 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-27 21:37 . 2011-05-27 21:37 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-27 21:37 . 2011-05-27 21:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-27 21:37 . 2011-05-27 21:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-27 21:37 . 2011-05-27 21:37 448512 ----a-w- c:\windows\system32\html.iec
2011-05-27 21:37 . 2011-05-27 21:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-27 21:37 . 2011-05-27 21:37 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-27 21:37 . 2011-05-27 21:37 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-27 21:37 . 2011-05-27 21:37 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-27 21:37 . 2011-05-27 21:37 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-27 21:37 . 2011-05-27 21:37 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-27 21:37 . 2011-05-27 21:37 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-27 21:37 . 2011-05-27 21:37 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-27 21:37 . 2011-05-27 21:37 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-27 21:37 . 2011-05-27 21:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-27 21:37 . 2011-05-27 21:37 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-27 21:37 . 2011-05-27 21:37 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-27 21:37 . 2011-05-27 21:37 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-27 21:37 . 2011-05-27 21:37 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-27 21:37 . 2011-05-27 21:37 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-27 21:37 . 2011-05-27 21:37 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-27 21:37 . 2011-05-27 21:37 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-27 21:37 . 2011-05-27 21:37 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-27 21:37 . 2011-05-27 21:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-27 21:37 . 2011-05-27 21:37 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-27 21:37 . 2011-05-27 21:37 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-27 21:37 . 2011-05-27 21:37 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-27 21:37 . 2011-05-27 21:37 160256 ----a-w- c:\windows\system32\wextract.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-23_06.50.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-24 08:40 . 2007-04-12 12:59 85688 c:\windows\VMUVC\EffectResources\FT\13.dat
+ 2011-08-24 08:40 . 2007-04-12 12:59 86016 c:\windows\VMUVC\EffectResources\FrameWizardV.exe
+ 2011-08-24 08:40 . 2007-04-12 12:59 25600 c:\windows\VMUVC\EffectResources\borlndmm.dll
+ 2011-08-24 08:40 . 2007-04-14 00:55 69632 c:\windows\twain_32\VMUVC\VTwDX8.dll
+ 2011-08-24 08:40 . 2008-09-02 07:47 94208 c:\windows\SysWOW64\vvftctrl.dll
+ 2011-08-24 08:40 . 2008-02-29 00:14 12800 c:\windows\system32\VMUVC.dll
- 2009-07-14 05:30 . 2011-07-30 06:11 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-08-24 08:42 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-24 08:40 . 2007-04-14 00:55 69632 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\VTwDX8.dll
+ 2011-08-24 08:40 . 2008-02-29 00:14 12800 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\VMUVC.dll
+ 2011-08-24 08:40 . 2007-04-12 12:59 85688 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\FT\13.dat
+ 2011-08-24 08:40 . 2008-09-02 07:47 94208 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\Filter\vvftctrl.dll
+ 2011-08-24 08:40 . 2007-04-12 12:59 86016 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\EffRes\FrameWizardV.exe
+ 2011-08-24 08:40 . 2007-04-12 12:59 25600 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\EffRes\borlndmm.dll
- 2011-01-18 00:27 . 2011-08-22 12:08 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-18 00:27 . 2011-08-24 18:37 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-18 00:27 . 2011-08-24 18:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-18 00:27 . 2011-08-22 12:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-22 12:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-24 18:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-24 08:40 . 2007-04-12 12:59 920868 c:\windows\VMUVC\EffectResources\Image.dat
+ 2011-08-24 08:40 . 2007-04-12 12:59 562424 c:\windows\VMUVC\EffectResources\FT\3.dat
+ 2011-08-24 08:40 . 2007-04-12 12:59 612352 c:\windows\VMUVC\EffectResources\FrameWizard.exe
+ 2011-08-24 08:40 . 2007-04-14 00:55 163840 c:\windows\twain_32\VMUVC\VtwUI.dll
+ 2011-08-24 08:40 . 2007-04-14 00:55 163840 c:\windows\twain_32\VMUVC\VtwCtl.dll
+ 2011-05-28 22:48 . 2011-08-25 07:03 272862 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-08-24 08:40 . 2008-09-02 08:18 128512 c:\windows\system32\vvftctrl.dll
- 2009-07-14 05:30 . 2011-07-30 06:11 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-08-24 08:42 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-07-13 17:19 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-08-24 08:41 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-08-24 08:40 . 2007-04-14 00:55 163840 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\VtwUI.dll
+ 2011-08-24 08:40 . 2007-04-14 00:55 163840 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\VtwCtl.dll
+ 2011-08-24 08:40 . 2010-04-29 00:07 202112 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\vmuvc.sys
+ 2011-08-24 08:40 . 2007-04-12 12:59 562424 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\FT\3.dat
+ 2011-08-24 08:40 . 2008-07-01 01:14 303616 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\Filter\vvftUVC.sys
+ 2011-08-24 08:40 . 2008-09-02 08:18 128512 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\Filter\vvftctrlx64.dll
+ 2011-08-24 08:40 . 2007-04-12 12:59 920868 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\EffRes\Image.dat
+ 2011-08-24 08:40 . 2007-04-12 12:59 612352 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\EffRes\FrameWizard.exe
+ 2011-08-24 08:40 . 2008-07-01 01:14 303616 c:\windows\system32\drivers\vvftUVC.sys
+ 2011-08-24 08:40 . 2010-04-29 00:07 202112 c:\windows\system32\drivers\vmuvc.sys
+ 2011-06-07 08:23 . 2010-11-20 10:44 184960 c:\windows\system32\drivers\usbvideo.sys
+ 2011-06-07 08:23 . 2010-11-20 10:43 109696 c:\windows\system32\drivers\USBAUDIO.sys
+ 2009-07-14 04:46 . 2011-08-24 08:35 107456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-08-24 03:50 . 2011-08-24 03:50 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-08-24 08:40 . 2007-04-12 12:59 1541120 c:\windows\VMUVC\EffectResources\FT\1.dat
+ 2011-08-24 08:40 . 2007-04-12 12:59 1496064 c:\windows\VMUVC\EffectResources\cc3250mt.dll
+ 2011-08-24 08:40 . 2007-04-12 12:59 1541120 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\FT\1.dat
+ 2011-08-24 08:40 . 2007-04-12 12:59 1496064 c:\windows\system32\DriverStore\FileRepository\vmuvc.inf_amd64_neutral_14c9a6fd2c38d8cd\EffRes\cc3250mt.dll
+ 2011-08-24 03:50 . 2011-08-24 03:50 3352576 c:\windows\Installer\8858f85.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-26 08:23 1493160 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Software Informer"="c:\program files (x86)\Software Informer\softinfo.exe" [2009-11-25 2011205]
"MS Shell Services"="c:\program files (x86)\KidLogger\Kidlogger.exe" [2011-04-14 428336]
"AutoTyperMurGee"="c:\program files (x86)\Auto Typer by MurGee\AutoTyper.exe" [2011-06-02 45056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"InstantBurn"="c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2010-02-10 697640]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-01-19 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-03-03 222504]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-26 397992]
"VMonitorVMUVC"="c:\program files (x86)\Dolphin\363409\VMonitor.exe" [2008-08-29 143360]
.
c:\users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110822.031\IDSvia64.sys [2011-08-22 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/03/06 11:31];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-01-19 05:10 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [2011-08-01 1844736]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [x]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 00:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 21:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8317472]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-06 9048392]
"ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe" [2011-08-01 1922560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home?AF=15520
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: pcapwsp.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\oko3wcv3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3027128&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.ftp - 212.160.138.236
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - 212.160.138.236
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 212.160.138.236
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 212.160.138.236
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2512061380-1411166098-213802770-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2512061380-1411166098-213802770-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-25 21:58:01
ComboFix-quarantined-files.txt 2011-08-25 11:58
ComboFix2.txt 2011-08-23 06:53
C:\DeQuarantine.txt
.
Pre-Run: 1,782,757,560,320 bytes free
Post-Run: 1,782,674,345,984 bytes free
.
- - End Of File - - 1738A3D03E5F71537ACA89A2615DB47A

#20
blackfire88

Posted 25 August 2011 - 05:59 AM

Member

Topic Starter
Member
23 posts

C:\Qoobox\Quarantine\C\Program Files (x86)\Steam\Steam.exe.vir -> C:\Program Files (x86)\Steam\Steam.exe

#21
blackfire88

Posted 25 August 2011 - 06:08 AM

Member

Topic Starter
Member
23 posts

Ran An OTL In Case You Want It:

OTL logfile created on: 8/25/2011 9:59:42 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Public\Music\sexy music
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 73.78% Memory free
15.92 Gb Paging File | 13.22 Gb Available in Paging File | 83.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1660.33 Gb Free Space | 89.13% Space Free | Partition Type: NTFS
Drive D: | 72.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/21 18:14:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Music\sexy music\OTL.exe
PRC - [2011/07/26 18:23:20 | 000,397,992 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/30 17:35:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/02 22:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Auto Typer by MurGee\AutoTyper.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/04/15 19:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/04/15 19:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/04/14 15:32:56 | 000,428,336 | ---- | M] (Tesline-service) -- C:\Program Files (x86)\KidLogger\Kidlogger.exe
PRC - [2011/03/23 04:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/10/16 10:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/10 13:46:40 | 000,697,640 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/11/25 18:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files (x86)\Software Informer\softinfo.exe
PRC - [2009/11/02 13:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/06 13:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2008/08/29 17:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files (x86)\Dolphin\363409\VMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/02 22:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Auto Typer by MurGee\AutoTyper.exe
MOD - [2011/04/14 15:32:58 | 000,108,848 | ---- | M] () -- C:\Program Files (x86)\KidLogger\kidlog.dll
MOD - [2010/11/17 12:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/09 09:52:26 | 033,735,976 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll
MOD - [2010/01/22 09:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/22 09:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/22 09:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/02 13:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 13:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/01 22:15:44 | 001,844,736 | ---- | M] (Proxy Labs) [Auto | Running] -- C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe -- (pcapsvc)
SRV:64bit: - [2011/07/06 15:51:57 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/07 08:22:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/30 17:35:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/04/15 19:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/08 12:12:10 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 12:12:04 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 11:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/16 10:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/06/26 03:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/10 16:16:16 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/31 13:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/03/31 13:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 13:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 12:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 16:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 15:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/08 12:12:30 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/11/20 23:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 23:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 21:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 21:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/17 14:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 14:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/09/08 06:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/26 03:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/15 18:40:06 | 000,032,872 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tsvp.sys -- (TsVp)
DRV:64bit: - [2010/04/29 10:07:08 | 000,202,112 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvc.sys -- (VMUVC)
DRV:64bit: - [2010/04/21 14:14:04 | 000,022,120 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsvlb.sys -- (TsVlb)
DRV:64bit: - [2010/04/01 13:33:07 | 000,021,608 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cv2k1.sys -- (CV2K1)
DRV:64bit: - [2009/10/07 13:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2009/10/07 13:48:26 | 000,376,304 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/21 10:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/05 20:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/01 11:14:42 | 000,303,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vvftUVC.sys -- (vvftUVC)
DRV:64bit: - [2008/06/16 20:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110822.031\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/04 16:10:23 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110824.033\EX64.SYS -- (NAVEX15)
DRV - [2011/08/04 16:10:23 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110824.033\ENG64.SYS -- (NAVENG)
DRV - [2011/07/28 16:11:02 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/28 16:11:02 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/23 10:27:21 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/09/17 14:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/01/19 15:10:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/03/06 11:31:44] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...m/home?AF=15520
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 37 EB 20 C5 60 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/08/21 19:49:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011/08/22 22:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/24 13:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/20 15:58:41 | 000,000,000 | ---D | M]

[2011/04/16 10:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\Mozilla\Extensions
[2011/08/24 16:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\oko3wcv3.default\extensions
[2011/02/20 16:09:59 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\oko3wcv3.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/08/24 15:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/01 16:33:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/13 20:33:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/24 13:51:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/23 04:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/08/24 15:35:43 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/05/06 17:57:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/23 16:50:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [ProxyCap] C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe (Proxy Labs)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files (x86)\Dolphin\363409\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AutoTyperMurGee] C:\Program Files (x86)\Auto Typer by MurGee\AutoTyper.exe ()
O4 - HKCU..\Run: [MS Shell Services] C:\Program Files (x86)\KidLogger\Kidlogger.exe (Tesline-service)
O4 - HKCU..\Run: [Software Informer] C:\Program Files (x86)\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysNative\pcapwsp.dll (Proxy Labs)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWow64\pcapwsp.dll (Proxy Labs)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (c:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\Windows\SysWOW64\guard32.dll) - c:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/23 19:48:31 | 000,600,164 | R--- | M] () - D:\autorun.aru -- [ CDFS ]
O32 - AutoRun File - [2011/03/23 20:06:52 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 21:58:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/25 21:56:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/25 12:20:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS\avatars
[2011/08/25 09:49:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{1A067EB1-AADF-4D98-81EF-5BF41D1DE91A}
[2011/08/25 09:49:03 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{14944AE3-AEBD-4B0F-A6CE-16FE6171EC13}
[2011/08/24 18:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin USB 2.0 Clip-on Webcam with Built-in Microphone
[2011/08/24 18:42:16 | 000,000,000 | ---D | C] -- C:\Windows\VMUVC
[2011/08/24 18:40:52 | 000,877,056 | ---- | C] (vimicro) -- C:\Windows\SysNative\vmuvc.ax
[2011/08/24 18:40:52 | 000,745,984 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\vmctrl.ax
[2011/08/24 18:40:52 | 000,516,096 | ---- | C] (vimicro) -- C:\Windows\SysWow64\VMUVC.ax
[2011/08/24 18:40:52 | 000,447,488 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\vvftUVCx64.ax
[2011/08/24 18:40:52 | 000,303,616 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\drivers\vvftUVC.sys
[2011/08/24 18:40:52 | 000,202,112 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\drivers\vmuvc.sys
[2011/08/24 18:40:52 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysWow64\vvftUVC.ax
[2011/08/24 18:40:52 | 000,128,512 | ---- | C] (Vimicro Cooperation) -- C:\Windows\SysNative\vvftctrl.dll
[2011/08/24 18:40:52 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysWow64\VMCtrl.ax
[2011/08/24 18:40:52 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\Windows\SysWow64\vvftctrl.dll
[2011/08/24 18:40:52 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysWow64\exvmuvc.ax
[2011/08/24 18:40:52 | 000,012,800 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\VMUVC.dll
[2011/08/24 18:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dolphin
[2011/08/24 15:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/08/24 15:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2011/08/24 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2011/08/24 13:50:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\SmartHideIP
[2011/08/24 13:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartHideIP
[2011/08/24 13:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/08/24 13:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Hide IP
[2011/08/24 13:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartHideIP
[2011/08/24 08:57:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{8C238DD6-0F81-4419-B917-EFF9E121A327}
[2011/08/24 08:57:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{3275008A-F6BC-46EE-A2A3-38DBDD9C71AB}
[2011/08/23 16:16:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/23 16:16:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/23 16:16:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/23 16:16:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/23 16:15:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/22 22:10:20 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{6737DE70-DF78-4781-B1AC-43620559A933}
[2011/08/22 21:57:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/21 15:07:59 | 000,120,816 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxcpyi64.exe
[2011/08/21 15:07:59 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxcpya64.exe
[2011/08/21 15:07:59 | 000,055,024 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2011/08/21 15:07:59 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2011/08/21 15:07:59 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2011/08/21 15:07:58 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxsfs.dll
[2011/08/21 15:07:58 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxdrv.dll
[2011/08/21 15:07:58 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxafs.dll
[2011/08/21 15:07:58 | 000,122,864 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxinsi64.exe
[2011/08/21 15:07:58 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\vxblock.dll
[2011/08/21 15:07:58 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxhpinst.exe
[2011/08/21 15:07:58 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxinsa64.exe
[2011/08/21 15:07:58 | 000,063,984 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxwma.dll
[2011/08/21 15:07:57 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\px.dll
[2011/08/21 15:07:57 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxwave.dll
[2011/08/21 15:07:57 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxmas.dll
[2011/08/21 15:07:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\Voice Files
[2011/08/21 15:07:45 | 001,690,624 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\IcdShlex64.dll
[2011/08/21 15:06:44 | 001,650,688 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdShlex.dll
[2011/08/21 15:06:44 | 000,586,992 | ---- | C] (Gracenote) -- C:\Windows\SysWow64\CddbLinkSony.dll
[2011/08/21 15:06:44 | 000,208,896 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\ICDFConv.dll
[2011/08/21 15:06:44 | 000,126,976 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdYsys.dll
[2011/08/21 15:06:44 | 000,061,440 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\DSConv.dll
[2011/08/21 15:06:44 | 000,057,344 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\StrmOut.dll
[2011/08/21 15:06:43 | 001,340,656 | ---- | C] (Gracenote, Inc.) -- C:\Windows\SysWow64\CDDBControlSony.dll
[2011/08/21 15:06:43 | 001,029,360 | ---- | C] (Gracenote) -- C:\Windows\SysWow64\CDDBUISony.dll
[2011/08/21 15:06:43 | 000,573,440 | ---- | C] (http://www.id3lib.org/) -- C:\Windows\SysWow64\id3lib.dll
[2011/08/21 15:06:43 | 000,348,160 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\MP3Enc.dll
[2011/08/21 15:06:43 | 000,323,584 | ---- | C] (Sony corporation) -- C:\Windows\SysWow64\LPEC.dll
[2011/08/21 15:06:43 | 000,317,440 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdXa.dll
[2011/08/21 15:06:43 | 000,249,856 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdStor2.dll
[2011/08/21 15:06:43 | 000,233,472 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdComm4.dll
[2011/08/21 15:06:43 | 000,221,184 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdComm3.dll
[2011/08/21 15:06:43 | 000,221,184 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdComm2.dll
[2011/08/21 15:06:43 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\spiccDve.dll
[2011/08/21 15:06:43 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\spicc.dll
[2011/08/21 15:06:43 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdSConv.dll
[2011/08/21 15:06:43 | 000,094,208 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdSptSv.exe
[2011/08/21 15:06:43 | 000,094,208 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdCddaDve.dll
[2011/08/21 15:06:43 | 000,086,016 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdMSCom.dll
[2011/08/21 15:06:43 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdSpiDve.dll
[2011/08/21 15:06:43 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdSpi.dll
[2011/08/21 15:06:43 | 000,065,536 | ---- | C] (Sony corporation) -- C:\Windows\SysWow64\rcnv2.dll
[2011/08/21 15:06:43 | 000,057,344 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\icdcomm.dll
[2011/08/21 15:06:43 | 000,028,672 | ---- | C] ( Sony/AC開発部) -- C:\Windows\SysWow64\spc.dll
[2011/08/21 15:06:43 | 000,016,384 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdShare.dll
[2011/08/21 15:06:42 | 000,094,208 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdCdda.dll
[2011/08/21 15:06:42 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\ICDUSB2.dll
[2011/08/21 15:06:42 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\ICDUSB.dll
[2011/08/21 15:06:42 | 000,065,536 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\ICDUSB3.dll
[2011/08/21 15:06:31 | 000,110,592 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\trcsp.ax
[2011/08/21 15:06:31 | 000,102,400 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\msvdec.ax
[2011/08/21 15:06:31 | 000,069,632 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\trcde.ax
[2011/08/21 15:06:30 | 000,995,328 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\lcstde.ax
[2011/08/21 15:06:30 | 000,131,072 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdSrc3.ax
[2011/08/21 15:06:30 | 000,110,592 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\lpecsp.ax
[2011/08/21 15:06:30 | 000,110,592 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\lcstsp.ax
[2011/08/21 15:06:30 | 000,102,400 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdPars.ax
[2011/08/21 15:06:30 | 000,077,824 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdSrc2.ax
[2011/08/21 15:06:30 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\icdsrc.ax
[2011/08/21 15:06:30 | 000,073,728 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\DPCtrl.ax
[2011/08/21 15:06:30 | 000,069,632 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\lpecde.ax
[2011/08/21 15:06:30 | 000,065,536 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\IcdAfs.ax
[2011/08/21 15:06:30 | 000,053,248 | ---- | C] (Sony Corporation) -- C:\Windows\SysWow64\AudiDest.ax
[2011/08/21 15:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Digital Voice Editor 3
[2011/08/20 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{2D3965A2-280C-48DA-8FB1-41E9954E3538}
[2011/08/20 19:19:43 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{96F88E7C-CDF5-44E2-9B54-B6E42D410927}
[2011/08/20 10:58:10 | 000,000,000 | ---D | C] -- C:\cellcity
[2011/08/20 09:24:25 | 000,000,000 | ---D | C] -- C:\cs_forest_dense
[2011/08/20 08:31:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{ABC0E34D-DC45-4936-9ED8-1881A9E33CC8}
[2011/08/19 16:26:37 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{6D325F9D-2703-4093-BA23-E9C70C3C3D2B}
[2011/08/19 16:26:25 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{5A567BCE-E82E-40B3-8EF5-550712C03E12}
[2011/08/18 22:41:41 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{8B5020BD-3EBB-49BD-810C-DD2A433591DD}
[2011/08/18 22:41:28 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{2D9E0E1C-E7FE-4190-88AD-169317A2D5B7}
[2011/08/17 18:39:14 | 000,000,000 | ---D | C] -- C:\ZombieMod
[2011/08/15 21:51:56 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{5C0E5A23-0FED-4024-A24E-3E71A2F218A7}
[2011/08/15 21:51:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{964FE5C3-8D33-4455-AA5B-3D38C0060DCA}
[2011/08/15 21:50:55 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{A13FE584-2228-47C6-B33E-F47DAA7658B3}
[2011/08/15 11:00:03 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\BuildRPmap
[2011/08/15 10:18:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\GameMaker
[2011/08/15 10:18:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Maker 8.1
[2011/08/14 17:38:05 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\blahblahblah
[2011/08/14 10:30:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{83FBA4DF-6F4F-4934-A8B4-57E6E6F43296}
[2011/08/14 10:30:05 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{AF74C817-1422-4F61-9A21-871986884B36}
[2011/08/13 21:59:07 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\New folder (9)
[2011/08/13 19:52:40 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{D18D0032-2FF7-46B0-994E-96D6987C9297}
[2011/08/13 19:52:28 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{5EB19014-3B8E-44C0-8E75-CE14307DE28B}
[2011/08/13 19:34:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{B93963C7-D502-42DC-A0D2-CB5423924B6E}
[2011/08/13 19:34:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{516966C2-01AA-4CDA-AF96-31C27C4ABAE8}
[2011/08/13 16:31:01 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/13 16:26:01 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/08/13 16:26:01 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/08/13 16:25:51 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/08/13 16:25:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/08/13 16:24:57 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/08/13 16:24:57 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/08/13 16:19:13 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{17B171B2-B009-484E-9DA4-76B95C7CB75A}
[2011/08/13 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{BDA491D2-A211-4288-A156-F5DE3E3A0E5B}
[2011/08/13 15:50:09 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{C3E12A13-43CF-4FF5-AB6B-B4844CE291A0}
[2011/08/13 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{C9B60AF4-5B7D-4DB2-91DC-E1C86D659922}
[2011/08/13 15:24:08 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\GayMaker 8.1
[2011/08/13 11:15:38 | 000,000,000 | ---D | C] -- C:\Users\ASUS\My Games
[2011/08/12 20:59:56 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\AutoTyperMurGee
[2011/08/12 20:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto Typer by MurGee
[2011/08/12 20:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Typer
[2011/08/12 16:41:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Documents\[bleep]ing rapist
[2011/08/11 20:25:57 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{4D8CECCE-592C-4C2F-8AA9-884C716BA456}
[2011/08/11 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{78650765-E5F5-46FD-B781-42FDD079BA65}
[2011/08/11 20:18:14 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{CEE022E2-0576-4801-B101-9D59BD91EC27}
[2011/08/11 17:42:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{6487F7F7-0759-46AC-A7E8-4D8708A2E048}
[2011/08/11 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{1174C412-F41A-45ED-A551-3176976754D9}
[2011/08/11 17:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Proxy Labs
[2011/08/11 08:20:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{E56BF31B-DDF9-4B84-9920-303A8D0BC9DB}
[2011/08/11 03:02:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/11 03:02:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/11 03:02:00 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/11 03:02:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/11 03:02:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/11 03:02:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/11 03:02:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/11 03:02:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/11 03:01:59 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/10 18:12:28 | 000,000,000 | ---D | C] -- C:\Users\ASUS\.thumbnails
[2011/08/10 18:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2011/08/10 18:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2011/08/10 17:49:29 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 17:49:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 17:49:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 17:49:27 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 17:49:27 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 17:49:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 17:49:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 17:49:27 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 17:49:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 17:49:27 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 17:49:16 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 17:49:16 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 17:49:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 17:49:16 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 17:49:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 17:49:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 17:49:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 17:49:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 17:49:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 17:49:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 17:49:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 17:49:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:49:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:49:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:49:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:49:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 17:49:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:49:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 17:47:54 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 17:47:53 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 17:47:53 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/09 17:57:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{FA9C7C3C-A2AD-4F73-B1B6-53DE26136666}
[2011/08/09 17:57:36 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{13EDAC6F-B954-41B0-9A58-A063A6B2CDC3}
[2011/08/08 22:08:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{765BD257-691F-4F87-AEE0-DDCFF1212FC8}
[2011/08/08 22:08:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{22F14B11-DE94-49A6-A9F6-AF8F376522CA}
[2011/08/07 20:42:43 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{04B7C995-D8E5-4E4E-B06C-2B418DB43702}
[2011/08/07 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{12CAC87A-2DE9-44EB-A7D6-1A22CD6AC28A}
[2011/08/07 20:30:37 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{4B408032-086D-4937-9846-355CB23B808A}
[2011/08/07 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{B8F8BA56-9887-4AAD-A261-0FB8B20703B2}
[2011/08/07 20:29:49 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{A8DD7AD7-12ED-4A68-99F4-9CD96B40E79B}
[2011/08/07 19:40:46 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{C349C6DE-ED2C-42AE-8B53-FE3C5EA778FB}
[2011/08/07 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{D4F9702B-8BA9-444E-9136-E7A97A81001E}
[2011/08/07 18:54:38 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{8517A3F2-B184-4A63-9F75-40C943CFD38A}
[2011/08/07 18:03:40 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{92F955AD-4842-4BDC-A13E-B65A9690D187}
[2011/08/07 18:03:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{32F864BE-DC6B-4B2F-BC86-4346A21949CE}
[2011/08/07 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{22BFB1CE-0D26-4502-BCDD-597031F8802E}
[2011/08/07 16:43:19 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{596BBB5F-F004-4CA4-A529-4AF568A8E7A8}
[2011/08/07 16:43:07 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{0DFC8079-02B9-42E2-A9D8-EB4543A8E8EE}
[2011/08/07 08:22:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{21220740-8216-4368-BFBA-4BCC880DE851}
[2011/08/07 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{95FA46DB-CBC3-47CF-9DBC-C49C20059137}
[2011/08/06 19:16:00 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{EF723553-191E-427F-8257-1C01DFC76A65}
[2011/08/06 19:15:32 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{ADE3CA25-FBC4-4712-A645-650DD4AFEDB7}
[2011/08/06 11:37:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{BD9186FF-B612-45D6-B6DA-79D0D788EE6D}
[2011/08/06 11:26:52 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{BB5D43BF-95F8-4D7E-BA87-9709B5E0A0E7}
[2011/08/06 11:26:20 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{371C7D32-0ED4-4EB5-AAAE-CC2C2AC8E9DD}
[2011/08/05 17:01:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\update_3.0.8_to_3.0.9
[2011/08/05 17:01:17 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\styles
[2011/08/05 17:01:17 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\language
[2011/08/05 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\includes
[2011/08/05 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\download
[2011/08/05 17:01:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\adm
[2011/08/05 16:00:29 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\phpBB-3.0.8_to_3.0.9
[2011/08/04 21:42:36 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Maps
[2011/08/03 20:10:20 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{934DF828-916B-45F9-BA50-FA38E2B217EC}
[2011/08/03 19:53:54 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{200DE421-8830-41A3-8138-4DAE789FCC10}
[2011/08/02 16:01:17 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{5D8F06F0-1621-475E-AF77-B1C439488F4C}
[2011/08/01 22:17:16 | 000,413,696 | ---- | C] (Proxy Labs) -- C:\Windows\SysWow64\pcapwsp.dll
[2011/08/01 22:17:12 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll
[2011/08/01 22:15:40 | 000,526,336 | ---- | C] (Proxy Labs) -- C:\Windows\SysNative\pcapwsp.dll
[2011/08/01 22:15:36 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysNative\sbcrreag.dll
[2011/08/01 14:27:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\New folder (8)
[2011/08/01 14:13:56 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{73193BF1-7602-4C48-B905-4D705231F920}
[2011/07/31 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\usb
[2011/07/31 15:26:58 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{35C5BE5B-30E3-4299-9E69-78169158DDCF}
[2011/07/31 14:41:00 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{0343AF9E-89DA-4C4B-B873-4D98DD388D08}
[2011/07/30 16:18:57 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2011/07/30 16:08:07 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{24702B6C-A328-4D1F-BFC1-F73AF21D3C07}
[2011/07/30 16:06:28 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{1A35724D-C2BF-490C-92BE-832564B44EDD}
[2011/07/30 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\Vitalwerks
[2011/07/30 16:05:22 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2011/07/30 16:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2011/07/30 12:58:19 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VTF Shell Extensions
[2011/07/30 12:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\VTF Shell Extensions
[2011/07/29 16:17:35 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{C5BC185A-173E-46D4-8943-4B4AE90605ED}
[2011/07/28 18:02:00 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{AD0DC9D8-D5F5-4FDA-B2B8-6582BF665C81}

========== Files - Modified Within 30 Days ==========

[2011/08/25 17:03:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/24 18:42:22 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\amcap.lnk
[2011/08/24 18:40:22 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/24 18:40:22 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/24 13:52:05 | 000,002,048 | ---- | M] () -- C:\Users\ASUS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/24 13:50:15 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Smart Hide IP.lnk
[2011/08/23 16:50:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/22 22:08:05 | 2115,280,895 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/21 19:50:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/21 19:49:14 | 000,328,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/21 18:14:40 | 000,000,063 | ---- | M] () -- C:\Users\ASUS\Desktop\T.URL
[2011/08/21 15:57:33 | 001,767,902 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/21 15:57:33 | 000,504,154 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/21 15:57:33 | 000,006,608 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/21 15:06:26 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Digital Voice Editor 3.lnk
[2011/08/20 21:16:03 | 000,017,529 | ---- | M] () -- C:\Users\ASUS\Documents_1110201_102843.dmp.png
[2011/08/13 15:23:29 | 000,007,612 | ---- | M] () -- C:\Users\ASUS\AppData\Local\Resmon.ResmonCfg
[2011/08/11 03:09:09 | 000,006,590 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/10 18:11:58 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2011/08/06 10:51:42 | 000,001,418 | ---- | M] () -- C:\Users\ASUS\Desktop\th_overlay.png
[2011/08/06 10:27:08 | 000,177,915 | ---- | M] () -- C:\Users\ASUS\Desktop\bedandpillow.zip
[2011/08/06 09:51:04 | 000,064,682 | ---- | M] () -- C:\Users\ASUS\Desktop\NV_simplemath_captcha_1_0_1.zip
[2011/08/06 09:40:12 | 000,039,004 | ---- | M] () -- C:\Users\ASUS\Desktop\one_click_ban-1.0.4.zip
[2011/08/05 17:00:51 | 000,594,999 | ---- | M] () -- C:\Users\ASUS\Desktop\update_3.0.8_to_3.0.9.tar.gz
[2011/08/05 16:05:20 | 000,068,469 | ---- | M] () -- C:\Users\ASUS\Desktop\viewtopic.php
[2011/08/05 16:05:20 | 000,000,625 | ---- | M] () -- C:\Users\ASUS\Desktop\web.config
[2011/08/05 16:05:18 | 000,060,187 | ---- | M] () -- C:\Users\ASUS\Desktop\posting.php
[2011/08/05 16:05:18 | 000,044,344 | ---- | M] () -- C:\Users\ASUS\Desktop\search.php
[2011/08/05 16:05:18 | 000,028,774 | ---- | M] () -- C:\Users\ASUS\Desktop\viewforum.php
[2011/08/05 16:05:18 | 000,009,649 | ---- | M] () -- C:\Users\ASUS\Desktop\ucp.php
[2011/08/05 16:05:18 | 000,008,093 | ---- | M] () -- C:\Users\ASUS\Desktop\style.php
[2011/08/05 16:05:16 | 000,062,900 | ---- | M] () -- C:\Users\ASUS\Desktop\memberlist.php
[2011/08/05 16:05:14 | 000,039,606 | ---- | M] () -- C:\Users\ASUS\Desktop\feed.php
[2011/08/05 16:05:14 | 000,004,515 | ---- | M] () -- C:\Users\ASUS\Desktop\cron.php
[2011/08/05 16:05:14 | 000,003,836 | ---- | M] () -- C:\Users\ASUS\Desktop\common.php
[2011/08/05 15:59:49 | 001,564,431 | ---- | M] () -- C:\Users\ASUS\Desktop\phpBB-3.0.8_to_3.0.9.zip
[2011/08/01 22:17:16 | 000,413,696 | ---- | M] (Proxy Labs) -- C:\Windows\SysWow64\pcapwsp.dll
[2011/08/01 22:17:12 | 000,315,392 | ---- | M] ( ) -- C:\Windows\SysWow64\sbcrreag.dll
[2011/08/01 22:15:40 | 000,526,336 | ---- | M] (Proxy Labs) -- C:\Windows\SysNative\pcapwsp.dll
[2011/08/01 22:15:36 | 000,356,352 | ---- | M] ( ) -- C:\Windows\SysNative\sbcrreag.dll

========== Files Created - No Company Name ==========

[2011/08/24 18:42:22 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\amcap.lnk
[2011/08/24 13:50:13 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Smart Hide IP.lnk
[2011/08/23 16:16:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/23 16:16:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/23 16:16:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/23 16:16:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/23 16:16:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/21 18:14:40 | 000,000,063 | ---- | C] () -- C:\Users\ASUS\Desktop\T.URL
[2011/08/21 15:06:43 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2011/08/21 15:06:43 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2011/08/21 15:06:43 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2011/08/21 15:06:26 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Digital Voice Editor 3.lnk
[2011/08/20 21:16:03 | 000,017,529 | ---- | C] () -- C:\Users\ASUS\Documents_1110201_102843.dmp.png
[2011/08/11 17:35:48 | 000,002,601 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProxyCap.lnk
[2011/08/10 18:11:56 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2011/08/06 10:51:41 | 000,001,418 | ---- | C] () -- C:\Users\ASUS\Desktop\th_overlay.png
[2011/08/06 10:27:06 | 000,177,915 | ---- | C] () -- C:\Users\ASUS\Desktop\bedandpillow.zip
[2011/08/06 09:51:01 | 000,064,682 | ---- | C] () -- C:\Users\ASUS\Desktop\NV_simplemath_captcha_1_0_1.zip
[2011/08/06 09:40:10 | 000,039,004 | ---- | C] () -- C:\Users\ASUS\Desktop\one_click_ban-1.0.4.zip
[2011/08/05 17:01:17 | 000,068,469 | ---- | C] () -- C:\Users\ASUS\Desktop\viewtopic.php
[2011/08/05 17:01:17 | 000,062,900 | ---- | C] () -- C:\Users\ASUS\Desktop\memberlist.php
[2011/08/05 17:01:17 | 000,060,187 | ---- | C] () -- C:\Users\ASUS\Desktop\posting.php
[2011/08/05 17:01:17 | 000,044,344 | ---- | C] () -- C:\Users\ASUS\Desktop\search.php
[2011/08/05 17:01:17 | 000,028,774 | ---- | C] () -- C:\Users\ASUS\Desktop\viewforum.php
[2011/08/05 17:01:17 | 000,009,649 | ---- | C] () -- C:\Users\ASUS\Desktop\ucp.php
[2011/08/05 17:01:17 | 000,008,093 | ---- | C] () -- C:\Users\ASUS\Desktop\style.php
[2011/08/05 17:01:17 | 000,000,625 | ---- | C] () -- C:\Users\ASUS\Desktop\web.config
[2011/08/05 17:01:16 | 000,039,606 | ---- | C] () -- C:\Users\ASUS\Desktop\feed.php
[2011/08/05 17:01:16 | 000,004,515 | ---- | C] () -- C:\Users\ASUS\Desktop\cron.php
[2011/08/05 17:01:16 | 000,003,836 | ---- | C] () -- C:\Users\ASUS\Desktop\common.php
[2011/08/05 16:58:12 | 000,594,999 | ---- | C] () -- C:\Users\ASUS\Desktop\update_3.0.8_to_3.0.9.tar.gz
[2011/08/05 15:59:42 | 001,564,431 | ---- | C] () -- C:\Users\ASUS\Desktop\phpBB-3.0.8_to_3.0.9.zip
[2011/06/24 18:43:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/06/17 13:36:11 | 000,000,032 | ---- | C] () -- C:\ProgramData\hash.dat
[2011/04/13 18:51:08 | 000,007,612 | ---- | C] () -- C:\Users\ASUS\AppData\Local\Resmon.ResmonCfg
[2011/04/08 21:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/03/27 16:52:34 | 000,006,590 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/20 16:43:24 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/20 16:43:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/20 16:43:08 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/03/01 20:16:44 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/01 20:16:44 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/15 18:16:07 | 000,000,016 | -H-- | C] () -- C:\Users\ASUS\AppData\Local\90CCE5EB.ini
[2011/01/17 15:41:00 | 000,028,729 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/01/17 15:40:46 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/17 15:40:44 | 000,018,524 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/06/26 03:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/03 06:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

< End of report >

#22
Gammo

Posted 25 August 2011 - 08:54 AM

Member 2k

Malware Removal
2,299 posts

Hi,

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#23
blackfire88

Posted 26 August 2011 - 12:31 AM

Member

Topic Starter
Member
23 posts

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7573

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/26/2011 4:26:44 PM
mbam-log-2011-08-26 (16-26-44).txt

Scan type: Quick scan
Objects scanned: 177003
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It Reported Nothing,
But i am positive i still have something on my computer, some random "Babylon" thing downloaded and started installing, i clicked cancel but my IE homepage and search thing is Babylon.

#24
Gammo

Posted 26 August 2011 - 03:34 AM

Member 2k

Malware Removal
2,299 posts

Hi,

This should take care of the Babylon stuff:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...m/home?AF=15520
[2011/08/24 15:35:43 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
[2011/08/24 15:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/08/24 15:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2011/08/24 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Are you still experiencing any problems after doing the above?

#25
blackfire88

Posted 26 August 2011 - 04:49 PM

Member

Topic Starter
Member
23 posts

I tried Running ESET, It found a virus, and continued scanning. I left it there and the computer froze after a while.
The ESET had not been completed.

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully.
C:\Program Files\Babylon folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro folder moved successfully.
C:\Program Files (x86)\Babylon folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Public\Music\sexy music\cmd.bat deleted successfully.
C:\Users\Public\Music\sexy music\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ASUS
->Temp folder emptied: 551374 bytes
->Temporary Internet Files folder emptied: 7081207 bytes
->Java cache emptied: 3027 bytes
->FireFox cache emptied: 161505885 bytes
->Flash cache emptied: 5080 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4907 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 38567863 bytes

Total Files Cleaned = 198.00 mb

[EMPTYFLASH]

User: All Users

User: ASUS
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.26.5 log created on 08272011_084247

Files\Folders moved on Reboot...
C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\ASUS\AppData\Local\Temp\vbc9B86.tmp not found!

Registry entries deleted on Reboot...

#26
blackfire88

Posted 26 August 2011 - 06:35 PM

Member

Topic Starter
Member
23 posts

Re-Ran ESET and Left It Run. It just found the virus. It's a HTML/ScrInject.B.Gen Virus.
I think that's what we are looking for. The name matches it.

#27
blackfire88

Posted 26 August 2011 - 06:40 PM

Member

Topic Starter
Member
23 posts

Did some googling, Apparently ESET is the only AV that detects it. All other ones like Norton and top brands don't.

#28
blackfire88

Posted 26 August 2011 - 06:45 PM

Member

Topic Starter
Member
23 posts

It *May* not be the virus. The HTML virus I had before is gone, i have no idea what this one is.

#29
blackfire88

Posted 26 August 2011 - 07:01 PM

Member

Topic Starter
Member
23 posts

The file was not a virus. Just a corrupted RAR file.

#30
blackfire88

Posted 26 August 2011 - 10:34 PM

Member

Topic Starter
Member
23 posts

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=a3bc8337273a564cbfc5ca65d859aaf4
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-27 12:59:18
# local_time=2011-08-27 10:59:18 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 75 1733393 15814235 0 0
# compatibility_mode=3588 16777214 85 79 0 17453087 0 0
# compatibility_mode=5893 16776574 100 94 6858863 66032531 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=492818
# found=1
# cleaned=0
# scan_time=7677
C:\Users\ASUS\Videos\images\SteamGamers_Gmod_TTT___Server__j_Map___Pack_.rar HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=a3bc8337273a564cbfc5ca65d859aaf4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-27 03:46:26
# local_time=2011-08-27 01:46:26 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 75 1741284 15822126 0 0
# compatibility_mode=3588 16777214 85 79 0 17460978 0 0
# compatibility_mode=5893 16776574 100 94 6866754 66040422 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=491965
# found=2
# cleaned=2
# scan_time=9814
C:\Users\ASUS\Desktop\Other Stuff\Installers\xfire_installer_43094.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\ASUS\Videos\images\SteamGamers_Gmod_TTT___Server__j_Map___Pack_.rar HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C