Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

blackhole explot kit + redirects

Started by kenc , Oct 10 2011 01:14 AM

This topic is locked

#1
kenc

Posted 10 October 2011 - 01:14 AM

Member

Member
24 posts

Hello,
My son has a couple issues with his laptop.Like most 13 year olds most of his computer time is spent on youtube,facebook and various computer game sites.

Anyway,he first complained that AVG was reporting that it had blocked access to some unsavory site with the virus identified as "exploit blackhole exploit kit (2006)".

I ran AVG several times - it would not report anything found. Ditto with Microsoft malicious removal tool. However AVG would spontaneously trigger with the previously mentioned blackhole issue.

I ran Norton power eraser which claimed to have removed several issues (no specific trojan/virus mentioned by name however), and so far have not seen a re-occurrence of the AVG blackhole issue.....so far.

While searching for any information on the web, I noticed that various Google searches were being redirected as well.

I went through the google redirect protocol on this site with no improvement in the problem.

So, for sure we still have the redirect issue,and I bet the blackhole deal too.

Here's the OTM & Goored logs followed by the subsequently run OTL log:

Thanks in advance!
Ken

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\matt\Desktop\cmd.bat deleted successfully.
C:\Users\matt\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: matt
->Temp folder emptied: 1192178439 bytes
->Temporary Internet Files folder emptied: 234660317 bytes
->Java cache emptied: 11836096 bytes
->FireFox cache emptied: 203635228 bytes
->Google Chrome cache emptied: 57800927 bytes
->Flash cache emptied: 105601 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 186608409 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102023 bytes
RecycleBin emptied: 15637285 bytes

Total Files Cleaned = 1,814.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.18.0 log created on 10092011_234159

Files moved on Reboot...
C:\Users\matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\windows\temp\flaD552.tmp moved successfully.
C:\windows\temp\flaD92A.tmp moved successfully.

Registry entries deleted on Reboot...

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:49 on 09/10/2011 (matt)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:03 03/05/2011]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [15:55 28/12/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [01:23 05/01/2011]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [22:54 17/01/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [17:46 26/03/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [23:23 17/07/2011]

C:\Users\matt\Application Data\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\
[email protected] [22:45 26/02/2011]
[email protected] [23:45 19/02/2011]
{000F1EA4-5E08-4564-A29B-29076F63A37A} [01:53 03/02/2011]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} [23:52 04/06/2011]
{75656794-AB59-4712-BFBC-5D816D56F3BC} [22:20 25/02/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HBLite\bin\11.0.329.0\firefox\extensions" [04:40 28/12/2010]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG10\Firefox4\" [23:59 20/03/2011]
"[email protected]"="C:\ProgramDataMozilla\Extensions\[email protected]" [23:52 04/06/2011]
"[email protected]"="C:\Program Files (x86)\MyWebSearch\bar\1.bin" [17:43 19/07/2011]

-=E.O.F=-

OTL logfile created on: 10/9/2011 11:55:50 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\matt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 65.41% Memory free
7.61 Gb Paging File | 6.01 Gb Available in Paging File | 79.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.58 Gb Total Space | 188.56 Gb Free Space | 65.57% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATT-PC | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/09 23:33:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/03 16:16:55 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/07/19 10:43:48 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2011/07/19 10:43:48 | 000,034,320 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2011/06/03 06:27:16 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2011/03/24 02:59:34 | 000,199,904 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/03/01 07:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/26 15:50:34 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2009/12/09 17:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 17:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/28 06:49:03 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/09/28 06:49:02 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/09/28 06:49:02 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/09/28 06:49:02 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/09/28 06:49:02 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/09 18:36:18 | 009,665,536 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/23 15:22:07 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/07 14:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/19 10:43:48 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/06/03 06:27:16 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/03/24 02:59:34 | 000,199,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Toolbar Updater Service)
SRV - [2011/03/01 07:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/02/26 15:50:34 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 17:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/12/09 17:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/03/31 15:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 18:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/02 23:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 23:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 23:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 23:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSND&bmod=TSND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.1-x64-SP0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co...=TSND&bmod=TSND
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..keyword.URL: "http://www.bigseekpr...01449D12ED}?q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\matt\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HBLite\bin\11.0.329.0\firefox\extensions [2010/12/27 21:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/09/14 16:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected] [2011/06/04 16:52:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2011/08/09 18:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/02 20:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/02 20:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/04/24 13:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/09/10 09:22:24 | 000,000,000 | ---D | M]

[2010/12/26 11:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2011/10/04 22:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions
[2011/02/02 18:53:21 | 000,000,000 | ---D | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/06/04 16:52:31 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/02/25 15:20:29 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/02/26 15:45:08 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\[email protected]
[2011/02/19 16:45:49 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\[email protected]
[2011/06/04 16:52:32 | 000,002,267 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\searchplugins\bing-zugo.xml
[2011/03/18 22:21:27 | 000,001,820 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\searchplugins\bing.xml
[2011/07/17 16:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/28 08:55:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/04 18:23:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/17 15:54:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/26 10:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/17 16:23:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/14 16:46:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2011/08/09 18:35:18 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN
[2011/06/04 16:52:45 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\PROGRAMDATAMOZILLA\EXTENSIONS\[email protected]
[2011/07/31 16:48:17 | 000,000,000 | ---D | M] (Play Pickle TextLinks) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MTKDPMVM.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MTKDPMVM.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/12/18 16:52:58 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files (x86)\mozilla firefox\plugins\npclntax_HBLiteSA.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: HBLite Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: Play Pickle = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\
CHR - Extension: AVG Safe Search = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: Poppit = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/09 23:42:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (Zugo)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA0084E5-816C-4E2C-B8A2-3622BD78464B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C46628DC-D562-4829-9FFA-48C71DB14E51}: DhcpNameServer = 208.67.222.222 208.67.220.220 68.94.156.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 23:49:16 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\GooredFix Backups
[2011/10/09 23:48:43 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\matt\Desktop\GooredFix.exe
[2011/10/09 23:41:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/09 23:40:04 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTM.exe
[2011/10/09 23:33:33 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/10/09 23:24:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\matt\Desktop\HijackThis.exe
[2011/10/09 23:02:05 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\NPE
[2011/10/09 21:16:39 | 047,369,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2011/10/09 17:46:32 | 000,000,000 | ---D | C] -- C:\windows\system64
[2011/10/09 17:36:58 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Spawner GUI
[2011/10/04 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2011/10/04 17:34:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\mcforge_5.2.0.0
[2011/10/04 17:24:22 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\WoMClient-2.0.5
[2011/10/01 17:08:33 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Chromium
[2011/09/30 18:50:04 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2011/09/30 18:50:03 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\jagexlauncher
[2011/09/18 15:34:05 | 000,000,000 | ---D | C] -- C:\e2174b17c9bb60be59d830
[2011/09/17 21:17:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Planes
[2011/09/17 21:17:20 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\More Creeps
[2011/09/14 07:20:21 | 003,804,120 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\SysWow64\GameMon.des
[2011/09/14 07:19:58 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\SysWow64\npptNT2.sys
[2011/09/14 07:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/09/11 10:00:10 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/09/10 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\New folder

========== Files - Modified Within 30 Days ==========

[2011/10/09 23:55:32 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 23:55:32 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 23:54:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 23:50:50 | 001,540,270 | ---- | M] () -- C:\Users\matt\Desktop\tdsskiller.zip
[2011/10/09 23:48:45 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\matt\Desktop\GooredFix.exe
[2011/10/09 23:46:05 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 23:45:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/09 23:45:51 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 23:42:00 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/10/09 23:40:14 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTM.exe
[2011/10/09 23:33:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/10/09 23:24:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\matt\Desktop\HijackThis.exe
[2011/10/09 07:08:33 | 000,000,008 | ---- | M] () -- C:\Users\matt\AppData\Roaming\RSBuddy Login.ini
[2011/10/08 06:52:15 | 000,000,129 | ---- | M] () -- C:\Users\matt\jagex_runescape_preferences2.dat
[2011/10/08 06:52:15 | 000,000,035 | ---- | M] () -- C:\Users\matt\jagex_runescape_preferences.dat
[2011/10/08 06:10:54 | 000,000,024 | ---- | M] () -- C:\Users\matt\jagexappletviewer.preferences
[2011/10/07 18:01:40 | 390,441,976 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/10/07 08:56:21 | 134,352,362 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2011/10/05 15:15:09 | 001,083,125 | ---- | M] () -- C:\Users\matt\Desktop\RSBuddy.jar
[2011/10/04 17:43:13 | 034,193,440 | ---- | M] () -- C:\Users\matt\Desktop\mysql-5.5.16-winx64.msi
[2011/10/04 17:34:18 | 001,272,525 | ---- | M] () -- C:\Users\matt\Desktop\mcforge_5.2.0.0.zip
[2011/09/30 18:50:04 | 000,002,126 | ---- | M] () -- C:\Users\matt\Desktop\RuneScape.lnk
[2011/09/30 18:46:37 | 010,885,632 | ---- | M] () -- C:\Users\matt\Desktop\RuneScape.msi
[2011/09/28 17:07:22 | 000,277,873 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/23 15:55:10 | 000,113,461 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjw.avm
[2011/09/21 17:00:18 | 000,109,573 | ---- | M] () -- C:\Users\matt\Desktop\ItemslistV110.png
[2011/09/20 17:54:19 | 000,788,504 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/09/20 17:54:19 | 000,670,156 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/09/20 17:54:19 | 000,125,948 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/09/20 17:54:11 | 000,788,504 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/09/17 21:31:03 | 000,270,142 | ---- | M] () -- C:\Users\matt\Desktop\Minecraft.exe
[2011/09/16 10:38:02 | 047,369,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2011/09/14 16:46:17 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/09/13 21:21:08 | 000,027,245 | ---- | M] () -- C:\Users\matt\Documents\Autobiography.odt
[2011/09/12 19:11:49 | 000,017,974 | ---- | M] () -- C:\Users\matt\Documents\My Lesson 1.odt
[2011/09/11 11:06:16 | 000,000,222 | ---- | M] () -- C:\Users\matt\Desktop\Alliance of Valiant Arms.url
[2011/09/11 10:00:10 | 000,000,219 | ---- | M] () -- C:\Users\matt\Desktop\Team Fortress 2.url

========== Files Created - No Company Name ==========

[2011/10/09 23:50:05 | 001,540,270 | ---- | C] () -- C:\Users\matt\Desktop\tdsskiller.zip
[2011/10/09 07:08:33 | 000,000,008 | ---- | C] () -- C:\Users\matt\AppData\Roaming\RSBuddy Login.ini
[2011/10/04 17:36:35 | 034,193,440 | ---- | C] () -- C:\Users\matt\Desktop\mysql-5.5.16-winx64.msi
[2011/10/04 17:33:47 | 001,272,525 | ---- | C] () -- C:\Users\matt\Desktop\mcforge_5.2.0.0.zip
[2011/09/30 21:24:56 | 000,000,024 | ---- | C] () -- C:\Users\matt\jagexappletviewer.preferences
[2011/09/30 18:50:04 | 000,002,134 | ---- | C] () -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2011/09/30 18:50:04 | 000,002,126 | ---- | C] () -- C:\Users\matt\Desktop\RuneScape.lnk
[2011/09/30 18:44:26 | 010,885,632 | ---- | C] () -- C:\Users\matt\Desktop\RuneScape.msi
[2011/09/21 17:00:18 | 000,109,573 | ---- | C] () -- C:\Users\matt\Desktop\ItemslistV110.png
[2011/09/14 07:19:58 | 000,005,174 | ---- | C] () -- C:\windows\SysWow64\nppt9x.vxd
[2011/09/13 21:21:06 | 000,027,245 | ---- | C] () -- C:\Users\matt\Documents\Autobiography.odt
[2011/09/12 19:11:44 | 000,017,974 | ---- | C] () -- C:\Users\matt\Documents\My Lesson 1.odt
[2011/09/11 11:06:16 | 000,000,222 | ---- | C] () -- C:\Users\matt\Desktop\Alliance of Valiant Arms.url
[2011/09/11 10:00:10 | 000,000,219 | ---- | C] () -- C:\Users\matt\Desktop\Team Fortress 2.url
[2011/09/02 17:38:52 | 000,000,189 | ---- | C] () -- C:\Users\matt\AppData\Roaming\RSBuddy_chibles1.ini
[2011/07/13 08:45:22 | 000,000,092 | ---- | C] () -- C:\Users\matt\AppData\Local\fusioncache.dat
[2011/06/01 17:25:14 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/06/01 17:25:14 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/05/21 13:59:20 | 000,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2011/04/14 07:55:32 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/03/27 23:29:33 | 000,000,136 | ---- | C] () -- C:\Users\matt\AppData\Roaming\RSBot_Accounts.ini
[2011/03/06 15:55:54 | 000,000,224 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/03/06 15:54:59 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\SIntfNT.dll
[2011/03/06 15:54:59 | 000,017,212 | ---- | C] () -- C:\windows\SysWow64\SIntf32.dll
[2011/03/06 15:54:59 | 000,012,067 | ---- | C] () -- C:\windows\SysWow64\SIntf16.dll
[2011/02/26 15:50:34 | 000,270,240 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/02/26 15:50:34 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/01/04 18:11:43 | 000,788,504 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/02/20 09:22:24 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/02/20 09:22:24 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/02/20 09:22:24 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/02/20 08:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 08:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

< End of report >

#2
SweetTech

Posted 10 October 2011 - 10:56 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It looks like you maybe infected with an infection known as ZeroAccess.

You should be aware of the following warning:

Posted Image

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#3
kenc

Posted 10 October 2011 - 08:16 PM

Member

Topic Starter
Member
24 posts

Thanks for the help!

Here's the combofix output.

ComboFix 11-10-10.04 - matt 10/10/2011 18:47:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2272 [GMT -7:00]
Running from: c:\users\matt\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\HBLite
c:\program files (x86)\HBLite\bin\11.0.329.0\firefox\extensions\install.rdf
c:\program files (x86)\HyperCam Toolbar\tbHElper.dll
c:\program files (x86)\Mozilla Firefox\Plugins\npclntax_HBLiteSA.dll
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\images\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAAbout.mht
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\programdata\HBLiteSA\HBLiteSAEULA.mht
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\matt\AppData\Roaming\HBLite
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\system32\Thumbs.db
c:\windows\System64
c:\windows\SysWow64\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
-------\Service_Toolbar Updater Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 01:54 . 2011-10-11 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-11 01:41 . 2011-10-11 01:41 -------- d-----w- c:\users\matt\AppData\Local\CrashDumps
2011-10-10 06:41 . 2011-10-10 06:41 -------- d-----w- C:\_OTM
2011-10-10 06:02 . 2011-10-10 06:19 -------- d-----w- c:\users\matt\AppData\Local\NPE
2011-10-02 00:08 . 2011-10-02 00:08 -------- d-----w- c:\users\matt\AppData\Local\Chromium
2011-10-01 01:50 . 2011-10-01 01:50 -------- d-----w- c:\users\matt\AppData\Local\jagexlauncher
2011-09-18 22:34 . 2011-09-18 22:34 -------- d-----w- C:\e2174b17c9bb60be59d830
2011-09-14 14:20 . 2011-08-07 21:40 3804120 ----a-w- c:\windows\SysWow64\GameMon.des
2011-09-14 14:19 . 2005-01-02 03:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-09-14 14:19 . 2003-07-18 12:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-09-14 14:19 . 2011-09-14 14:19 -------- d-----w- c:\program files\Common Files\INCA Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-09 18:24 . 2011-08-09 18:24 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-07-31 07:35 . 2011-07-31 07:35 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-07-31 07:35 . 2011-07-31 07:35 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-07-22 05:35 . 2011-08-10 22:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-10 22:41 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-21 20:56 . 2011-03-06 22:54 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-07-21 20:56 . 2011-03-06 22:54 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-07-21 20:56 . 2011-03-06 22:54 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-07-16 05:26 . 2011-08-10 03:13 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 03:13 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 03:13 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 03:13 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 03:13 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 03:13 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 03:13 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 03:13 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 03:13 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 03:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 03:13 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 03:13 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 03:13 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 03:13 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 03:13 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 03:13 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 03:13 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 03:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1410" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-06-03 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 05:20]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 05:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"combofix"="c:\combofix\CF10955.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=iBarioG3&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110604&user_guid=42E138525A5D49C0AC5BDF70F15A26CF&machine_id=7e808773548b5d0839a5481b3fe7ec8e&browser=IE&os=win&os_version=6.1-x64-SP0
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/hypercam/{B01A792A-A894-4424-99F3-5901449D12ED}?q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers\YontooIEClient.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842016285-3377136195-4215203713-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,28,d2,d1,c5,ca,f2,bf,00,81,83,70,04,3d,23,62,91,48,11,3c,b2,10,ef,
5f,c9,ea,41,b9,21,b9,40,1f,c4,9a,99,6f,fe,00,6f,79,64,e4,84,f0,b9,84,a6,8f,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-842016285-3377136195-4215203713-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fe,55,0b,d7,fe,7d,10,2b,5b,f8,e8,e2,16,55,f6,b8,78,ef,e5,33,cc,
d8,ff,94,44,fd,b2,05,3c,72,e5,2f,78,93,2d,01,3e,98,f2,ae,14,dd,d5,50,45,3f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-10-10 19:01:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-11 02:01
.
Pre-Run: 202,064,945,152 bytes free
Post-Run: 201,551,831,040 bytes free
.
- - End Of File - - 310AE345B85A3D0DB573594DE5369D7C

#4
SweetTech

Posted 11 October 2011 - 11:05 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

No problem! I'm glad to be of assistance

ComboFix Script

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
DirLook::
C:\e2174b17c9bb60be59d830

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.51.0.1200) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#5
kenc

Posted 11 October 2011 - 10:33 PM

Member

Topic Starter
Member
24 posts

A couple of things.When I ran Combofix, I got a (attached) warning message (as I did the previous time but I forgot to save it).

Second issue.When we started this effort I noticed that my son's windows firewall had been disabled. To enable it was not a simple matter of going to control panel and checking "on" - that resulted in an error message, as did trying to do it "manually". I had to visit the Microsoft knowledge base in order to get the info to re-enable the firewall.
Can a virus/trojan disable a machines firewall?

Are you sure I should have UNchecked Eset's "remove found threats" as your instructions said?

Anyway, here are the log files. It looked like screen317 logfile eliminated the contents of the notepad! I'll rerun combofix and add in the next post.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7926

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/11/2011 7:17:05 PM
mbam-log-2011-10-11 (19-17-05).txt

Scan type: Quick scan
Objects scanned: 188834
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.HotBar) -> Value: [email protected] -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\matt\downloads\fdmsetup(1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\matt\downloads\FDMSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\matt\downloads\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\matt\downloads\Setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\matt\downloads\xvidsetup(1).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\matt\downloads\xvidsetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\matt\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

ESET

C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll.vir a variant of Win32/Adware.HotBar.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\[email protected] a variant of Win32/Olmarik.AVQ trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
C:\Users\matt\AppData\LocalLow\FunWebProducts\Installr\Cache\00A722CF.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar\Cache\33B3E83B.exe a variant of Win32/Toolbar.MyWebSearch.K application
C:\Users\matt\Downloads\SoftonicDownloader_for_i-funbox.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\matt\Downloads\WhiteSmokeInstaller_9147.exe a variant of Win32/InstallCore.A application

SCREEN317

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Attached Thumbnails

#6
kenc

Posted 11 October 2011 - 11:07 PM

Member

Topic Starter
Member
24 posts

The combofix log

ComboFix 11-10-11.05 - matt 10/11/2011 21:55:07.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2226 [GMT -7:00]
Running from: c:\users\matt\Desktop\ComboFix.exe
Command switches used :: c:\users\matt\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 05:00 . 2011-10-12 05:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8046FF97-6B54-435E-ACAF-B6B95B58C040}\offreg.dll
2011-10-12 04:59 . 2011-10-12 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-12 04:59 . 2011-10-12 04:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-10-12 02:28 . 2011-10-12 02:28 -------- d-----w- c:\program files (x86)\ESET
2011-10-12 02:13 . 2011-10-12 02:13 -------- d-----w- c:\users\matt\AppData\Roaming\Malwarebytes
2011-10-12 02:13 . 2011-10-12 02:13 -------- d-----w- c:\programdata\Malwarebytes
2011-10-12 02:13 . 2011-10-12 02:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-12 02:13 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 02:33 . 2011-10-11 02:33 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB2D3147-CAFB-4CBB-A794-B6209354FDA8}\gapaengine.dll
2011-10-11 02:33 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8046FF97-6B54-435E-ACAF-B6B95B58C040}\mpengine.dll
2011-10-11 02:19 . 2011-10-11 02:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-11 02:19 . 2011-10-11 02:20 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-11 02:19 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-11 01:41 . 2011-10-11 01:41 -------- d-----w- c:\users\matt\AppData\Local\CrashDumps
2011-10-10 06:41 . 2011-10-10 06:41 -------- d-----w- C:\_OTM
2011-10-10 06:02 . 2011-10-10 06:19 -------- d-----w- c:\users\matt\AppData\Local\NPE
2011-10-02 00:08 . 2011-10-02 00:08 -------- d-----w- c:\users\matt\AppData\Local\Chromium
2011-10-01 01:50 . 2011-10-01 01:50 -------- d-----w- c:\users\matt\AppData\Local\jagexlauncher
2011-09-18 22:34 . 2011-09-18 22:34 -------- d-----w- C:\e2174b17c9bb60be59d830
2011-09-14 14:20 . 2011-08-07 21:40 3804120 ----a-w- c:\windows\SysWow64\GameMon.des
2011-09-14 14:19 . 2005-01-02 03:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-09-14 14:19 . 2003-07-18 12:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-09-14 14:19 . 2011-09-14 14:19 -------- d-----w- c:\program files\Common Files\INCA Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-09 18:24 . 2011-08-09 18:24 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-07-31 07:35 . 2011-07-31 07:35 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-07-31 07:35 . 2011-07-31 07:35 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-07-22 05:35 . 2011-08-10 22:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-10 22:41 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-21 20:56 . 2011-03-06 22:54 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-07-21 20:56 . 2011-03-06 22:54 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-07-21 20:56 . 2011-03-06 22:54 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-07-16 05:26 . 2011-08-10 03:13 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 03:13 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 03:13 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 03:13 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 03:13 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 03:13 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 03:13 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 03:13 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 03:13 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 03:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 03:13 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 03:13 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 03:13 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 03:13 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 03:13 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 03:13 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 03:13 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 03:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 03:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 03:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\e2174b17c9bb60be59d830 ----
.
2011-09-18 22:34 . 2011-09-18 22:34 788 ---ha-w- c:\e2174b17c9bb60be59d830\$shtdwn$.req
2011-05-19 06:28 . 2011-05-19 06:28 36274 ----a-w- c:\e2174b17c9bb60be59d830\1055\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 27922 ----a-w- c:\e2174b17c9bb60be59d830\2052\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 37404 ----a-w- c:\e2174b17c9bb60be59d830\2070\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 37314 ----a-w- c:\e2174b17c9bb60be59d830\3082\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 37822 ----a-w- c:\e2174b17c9bb60be59d830\1038\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 37192 ----a-w- c:\e2174b17c9bb60be59d830\1040\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 31108 ----a-w- c:\e2174b17c9bb60be59d830\1041\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 30194 ----a-w- c:\e2174b17c9bb60be59d830\1042\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 36962 ----a-w- c:\e2174b17c9bb60be59d830\1043\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 36514 ----a-w- c:\e2174b17c9bb60be59d830\1044\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 37222 ----a-w- c:\e2174b17c9bb60be59d830\1045\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 36738 ----a-w- c:\e2174b17c9bb60be59d830\1046\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 37656 ----a-w- c:\e2174b17c9bb60be59d830\1049\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 36020 ----a-w- c:\e2174b17c9bb60be59d830\1053\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 27950 ----a-w- c:\e2174b17c9bb60be59d830\1028\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 36822 ----a-w- c:\e2174b17c9bb60be59d830\1029\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 36050 ----a-w- c:\e2174b17c9bb60be59d830\1030\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 38050 ----a-w- c:\e2174b17c9bb60be59d830\1031\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 38958 ----a-w- c:\e2174b17c9bb60be59d830\1032\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 36030 ----a-w- c:\e2174b17c9bb60be59d830\1035\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 37832 ----a-w- c:\e2174b17c9bb60be59d830\1036\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 32912 ----a-w- c:\e2174b17c9bb60be59d830\1037\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 27950 ----a-w- c:\e2174b17c9bb60be59d830\3076\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 34086 ----a-w- c:\e2174b17c9bb60be59d830\1025\LocalizedData.xml
2011-05-19 06:28 . 2011-05-19 06:28 15742 ----a-w- c:\e2174b17c9bb60be59d830\ParameterInfo.xml
2011-05-19 06:24 . 2011-05-19 06:24 3628 ----a-w- c:\e2174b17c9bb60be59d830\header.bmp
2011-05-19 06:24 . 2011-05-19 06:24 196662 ----a-w- c:\e2174b17c9bb60be59d830\SplashScreen.bmp
2011-05-19 06:24 . 2011-05-19 06:24 13606 ----a-w- c:\e2174b17c9bb60be59d830\Strings.xml
2011-05-19 06:24 . 2011-05-19 06:24 36180 ----a-w- c:\e2174b17c9bb60be59d830\UiInfo.xml
2011-05-19 06:24 . 2011-05-19 06:24 123035 ----a-w- c:\e2174b17c9bb60be59d830\1025\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 128333 ----a-w- c:\e2174b17c9bb60be59d830\1028\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 101146 ----a-w- c:\e2174b17c9bb60be59d830\1029\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 109464 ----a-w- c:\e2174b17c9bb60be59d830\1030\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 91719 ----a-w- c:\e2174b17c9bb60be59d830\1031\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 102048 ----a-w- c:\e2174b17c9bb60be59d830\1032\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 138595 ----a-w- c:\e2174b17c9bb60be59d830\1033\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 111176 ----a-w- c:\e2174b17c9bb60be59d830\1035\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 133172 ----a-w- c:\e2174b17c9bb60be59d830\1036\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 125351 ----a-w- c:\e2174b17c9bb60be59d830\1037\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 110879 ----a-w- c:\e2174b17c9bb60be59d830\1038\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 124974 ----a-w- c:\e2174b17c9bb60be59d830\1040\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 111958 ----a-w- c:\e2174b17c9bb60be59d830\1041\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 149503 ----a-w- c:\e2174b17c9bb60be59d830\1042\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 35285 ----a-w- c:\e2174b17c9bb60be59d830\1043\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 36083 ----a-w- c:\e2174b17c9bb60be59d830\1044\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 126541 ----a-w- c:\e2174b17c9bb60be59d830\1045\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 109574 ----a-w- c:\e2174b17c9bb60be59d830\1046\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 49319 ----a-w- c:\e2174b17c9bb60be59d830\1049\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 125073 ----a-w- c:\e2174b17c9bb60be59d830\1053\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 112947 ----a-w- c:\e2174b17c9bb60be59d830\1055\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 110754 ----a-w- c:\e2174b17c9bb60be59d830\2052\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 125196 ----a-w- c:\e2174b17c9bb60be59d830\2070\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 2060 ----a-w- c:\e2174b17c9bb60be59d830\3076\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 108174 ----a-w- c:\e2174b17c9bb60be59d830\3082\eula.rtf
2011-05-19 06:24 . 2011-05-19 06:24 104072 ----a-w- c:\e2174b17c9bb60be59d830\watermark.bmp
2011-05-19 06:06 . 2011-05-19 06:06 38672896 ----a-w- c:\e2174b17c9bb60be59d830\NDP40-KB2533523.msp
2011-05-17 19:04 . 2011-05-17 19:04 35802 ----a-w- c:\e2174b17c9bb60be59d830\1033\LocalizedData.xml
2011-05-17 15:42 . 2011-05-17 15:42 18264 ----a-w- c:\e2174b17c9bb60be59d830\3082\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 18264 ----a-w- c:\e2174b17c9bb60be59d830\2070\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 17240 ----a-w- c:\e2174b17c9bb60be59d830\1055\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 13656 ----a-w- c:\e2174b17c9bb60be59d830\2052\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 18264 ----a-w- c:\e2174b17c9bb60be59d830\1049\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 17240 ----a-w- c:\e2174b17c9bb60be59d830\1053\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 17752 ----a-w- c:\e2174b17c9bb60be59d830\1046\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 17240 ----a-w- c:\e2174b17c9bb60be59d830\1044\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 17752 ----a-w- c:\e2174b17c9bb60be59d830\1045\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 15192 ----a-w- c:\e2174b17c9bb60be59d830\1041\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 14680 ----a-w- c:\e2174b17c9bb60be59d830\1042\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 18776 ----a-w- c:\e2174b17c9bb60be59d830\1043\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 18264 ----a-w- c:\e2174b17c9bb60be59d830\1038\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 17752 ----a-w- c:\e2174b17c9bb60be59d830\1040\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 16216 ----a-w- c:\e2174b17c9bb60be59d830\1037\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 18264 ----a-w- c:\e2174b17c9bb60be59d830\1036\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 16728 ----a-w- c:\e2174b17c9bb60be59d830\1033\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 17752 ----a-w- c:\e2174b17c9bb60be59d830\1035\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 18264 ----a-w- c:\e2174b17c9bb60be59d830\1031\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 18776 ----a-w- c:\e2174b17c9bb60be59d830\1032\SetupResources.dll
2011-05-17 15:42 . 2011-05-17 15:42 17752 ----a-w- c:\e2174b17c9bb60be59d830\1030\SetupResources.dll
2011-05-17 15:41 . 2011-05-17 15:41 17752 ----a-w- c:\e2174b17c9bb60be59d830\1029\SetupResources.dll
2011-05-17 15:41 . 2011-05-17 15:41 13656 ----a-w- c:\e2174b17c9bb60be59d830\1028\SetupResources.dll
2011-05-17 15:41 . 2011-05-17 15:41 13656 ----a-w- c:\e2174b17c9bb60be59d830\3076\SetupResources.dll
2011-05-17 15:41 . 2011-05-17 15:41 295760 ----a-w- c:\e2174b17c9bb60be59d830\SetupUi.dll
2011-05-17 15:41 . 2011-05-17 15:41 16728 ----a-w- c:\e2174b17c9bb60be59d830\1025\SetupResources.dll
2011-05-17 15:41 . 2011-05-17 15:41 809304 ----a-w- c:\e2174b17c9bb60be59d830\SetupEngine.dll
2011-05-17 15:41 . 2011-05-17 15:41 78152 ----a-w- c:\e2174b17c9bb60be59d830\Setup.exe
2011-05-17 15:27 . 2011-05-17 15:27 16118 ----a-w- c:\e2174b17c9bb60be59d830\DHtmlHeader.html
2011-05-17 15:27 . 2011-05-17 15:27 30120 ----a-w- c:\e2174b17c9bb60be59d830\SetupUi.xsd
2011-05-17 15:27 . 2011-05-17 15:27 144416 ----a-w- c:\e2174b17c9bb60be59d830\sqmapi.dll
2011-05-17 14:02 . 2011-05-17 14:02 1150 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Print.ico
2011-05-17 14:02 . 2011-05-17 14:02 894 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Rotate1.ico
2011-05-17 14:02 . 2011-05-17 14:02 894 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Rotate2.ico
2011-05-17 14:02 . 2011-05-17 14:02 894 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Rotate3.ico
2011-05-17 14:02 . 2011-05-17 14:02 894 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Rotate4.ico
2011-05-17 14:02 . 2011-05-17 14:02 894 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Rotate5.ico
2011-05-17 14:02 . 2011-05-17 14:02 894 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Rotate6.ico
2011-05-17 14:02 . 2011-05-17 14:02 894 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Rotate7.ico
2011-05-17 14:02 . 2011-05-17 14:02 894 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Rotate8.ico
2011-05-17 14:02 . 2011-05-17 14:02 1150 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Save.ico
2011-05-17 14:02 . 2011-05-17 14:02 36710 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\Setup.ico
2011-05-17 14:02 . 2011-05-17 14:02 10134 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\stop.ico
2011-05-17 14:02 . 2011-05-17 14:02 1150 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\SysReqMet.ico
2011-05-17 14:02 . 2011-05-17 14:02 1150 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\SysReqNotMet.ico
2011-05-17 14:02 . 2011-05-17 14:02 10134 ----a-w- c:\e2174b17c9bb60be59d830\Graphics\warn.ico
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-12_01.50.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-12 04:59 . 2011-10-12 04:59 12403 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-10-12 01:48 . 2011-10-12 01:48 12403 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-07-19 04:52 . 2011-10-12 04:45 54854 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-12 04:45 42228 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-15 04:39 . 2011-10-12 04:45 16658 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-842016285-3377136195-4215203713-1001_UserData.bin
- 2010-12-15 02:40 . 2011-10-12 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-15 02:40 . 2011-10-12 05:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-15 02:40 . 2011-10-12 01:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-15 02:40 . 2011-10-12 05:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-15 02:40 . 2011-10-12 05:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-15 02:40 . 2011-10-12 01:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-15 02:39 . 2011-10-12 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-15 02:39 . 2011-10-12 01:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-15 02:39 . 2011-10-12 05:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-15 02:39 . 2011-10-12 01:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-12 05:00 . 2011-10-12 05:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-12 01:49 . 2011-10-12 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-12 01:49 . 2011-10-12 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-12 05:00 . 2011-10-12 05:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-10-12 05:00 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-12 01:49 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-12 05:00 966656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-12 01:49 966656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2011-10-12 04:59 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-12 01:48 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-06 21:43 . 2011-10-12 04:59 545408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-842016285-3377136195-4215203713-1001-8192.dat
- 2011-03-06 21:43 . 2011-10-12 01:48 545408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-842016285-3377136195-4215203713-1001-8192.dat
+ 2009-07-14 04:54 . 2011-10-12 05:00 4063232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-12 01:49 4063232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2011-10-11 02:32 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-10-12 04:58 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files (x86)\Yontoo Layers\YontooIEClient.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-06-03 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 05:20]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 05:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=iBarioG3&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110604&user_guid=42E138525A5D49C0AC5BDF70F15A26CF&machine_id=7e808773548b5d0839a5481b3fe7ec8e&browser=IE&os=win&os_version=6.1-x64-SP0
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.94.156.1
FF - ProfilePath - c:\users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/hypercam/{B01A792A-A894-4424-99F3-5901449D12ED}?q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842016285-3377136195-4215203713-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,28,d2,d1,c5,ca,f2,bf,00,81,83,70,04,3d,23,62,91,48,11,3c,b2,10,ef,
5f,c9,ea,41,b9,21,b9,40,1f,c4,9a,99,6f,fe,00,6f,79,64,e4,84,f0,b9,84,a6,8f,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-842016285-3377136195-4215203713-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fe,55,0b,d7,fe,7d,10,2b,5b,f8,e8,e2,16,55,f6,b8,78,ef,e5,33,cc,
d8,ff,94,44,fd,b2,05,3c,72,e5,2f,78,93,2d,01,3e,98,f2,ae,14,dd,d5,50,45,3f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-10-11 22:04:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 05:04
ComboFix2.txt 2011-10-12 04:48
ComboFix3.txt 2011-10-12 01:55
ComboFix4.txt 2011-10-11 02:01
.
Pre-Run: 199,076,872,192 bytes free
Post-Run: 199,019,200,512 bytes free
.
- - End Of File - - 38FFE09625115B16A801B887E7DC6A3F

#7
SweetTech

Posted 12 October 2011 - 11:05 AM

Sir SpamAlot

Retired Staff
7,671 posts

Good Afternoon kenc!

Can a virus/trojan disable a machines firewall?

Yes, an infection can disable a machines firewall.

Are you sure I should have UNchecked Eset's "remove found threats" as your instructions said?

Yes. I have my users uncheck that setting in the event a file is detected as a false positive, I'll script out any files that need to be removed.

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll.vir a variant of Win32/Adware.HotBar.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\[email protected] a variant of Win32/Olmarik.AVQ trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application

These threat(s) below will be removed very shortly:

C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Users\matt\AppData\LocalLow\FunWebProducts\Installr\Cache\00A722CF.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar\Cache\33B3E83B.exe a variant of Win32/Toolbar.MyWebSearch.K application
C:\Users\matt\Downloads\SoftonicDownloader_for_i-funbox.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\matt\Downloads\WhiteSmokeInstaller_9147.exe a variant of Win32/InstallCore.A application

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform:
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL

:Reg

:Files
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll	Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll	Win32/Toolbar.MyWebSearch application
C:\Users\matt\AppData\LocalLow\FunWebProducts\
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar\
C:\Users\matt\Downloads\SoftonicDownloader_for_i-funbox.exe
C:\Users\matt\Downloads\WhiteSmokeInstaller_9147.exe
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#8
kenc

Posted 12 October 2011 - 07:29 PM

Member

Topic Starter
Member
24 posts

Everything seems "normal" so far.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
Invalid Switch: Toolbar.MyWebSearch application
Invalid Switch: Toolbar.MyWebSearch application
C:\Users\matt\AppData\LocalLow\FunWebProducts\Shared\Cache folder moved successfully.
C:\Users\matt\AppData\LocalLow\FunWebProducts\Shared folder moved successfully.
C:\Users\matt\AppData\LocalLow\FunWebProducts\Installr\Cache folder moved successfully.
C:\Users\matt\AppData\LocalLow\FunWebProducts\Installr folder moved successfully.
C:\Users\matt\AppData\LocalLow\FunWebProducts folder moved successfully.
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar\Settings folder moved successfully.
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar\Message\COMMON folder moved successfully.
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar\Message folder moved successfully.
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar\History folder moved successfully.
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar\Cache folder moved successfully.
C:\Users\matt\AppData\LocalLow\MyWebSearch\bar folder moved successfully.
C:\Users\matt\Downloads\SoftonicDownloader_for_i-funbox.exe moved successfully.
C:\Users\matt\Downloads\WhiteSmokeInstaller_9147.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\matt\Desktop\cmd.bat deleted successfully.
C:\Users\matt\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: matt
->Temp folder emptied: 437169 bytes
->Temporary Internet Files folder emptied: 859312 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58585678 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5194 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1543140 bytes

Total Files Cleaned = 59.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: matt
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10122011_181746

Files\Folders moved on Reboot...
C:\Users\matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 10/12/2011 6:23:51 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\matt\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 60.09% Memory free
7.61 Gb Paging File | 5.86 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.58 Gb Total Space | 185.86 Gb Free Space | 64.63% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATT-PC | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 18:50:07 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/10/09 23:33:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2011/08/04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/03 16:16:55 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/06/03 06:27:16 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2011/03/01 07:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/26 15:50:34 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/23 04:19:58 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2011/02/23 04:19:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2009/12/09 17:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 17:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/12 18:03:38 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/11 18:50:07 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/10/11 18:50:03 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/10/11 18:50:03 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/10/11 18:50:03 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/10/11 18:50:03 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/02/23 04:19:50 | 001,879,000 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/09 18:36:18 | 009,665,536 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/11 18:50:07 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/07 14:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/08/04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/03 06:27:16 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/03/01 07:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/02/26 15:50:34 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 17:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/12/09 17:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/12/02 23:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 23:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/31 15:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/04 18:53:00 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 09:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/02 23:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 23:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 23:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 23:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSND&bmod=TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.1-x64-SP0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..keyword.URL: "http://www.bigseekpr...01449D12ED}?q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\matt\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected] [2011/06/04 16:52:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/02 20:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/10 18:53:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/04/24 13:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/09/10 09:22:24 | 000,000,000 | ---D | M]

[2010/12/26 11:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2011/10/04 22:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions
[2011/02/02 18:53:21 | 000,000,000 | ---D | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/06/04 16:52:31 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/02/25 15:20:29 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/02/26 15:45:08 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\[email protected]
[2011/02/19 16:45:49 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\extensions\[email protected]
[2011/06/04 16:52:32 | 000,002,267 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\searchplugins\bing-zugo.xml
[2011/03/18 22:21:27 | 000,001,820 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mtkdpmvm.default\searchplugins\bing.xml
[2011/07/17 16:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/28 08:55:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/04 18:23:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/17 15:54:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/26 10:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/04 16:52:45 | 000,000,000 | ---D | M] (Window Shopper - Powered by Superfish) -- C:\PROGRAMDATAMOZILLA\EXTENSIONS\[email protected]
[2011/07/31 16:48:17 | 000,000,000 | ---D | M] (Play Pickle TextLinks) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MTKDPMVM.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MTKDPMVM.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: HBLite Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: Play Pickle = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\
CHR - Extension: AVG Safe Search = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: Poppit = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/12 18:17:48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA0084E5-816C-4E2C-B8A2-3622BD78464B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C46628DC-D562-4829-9FFA-48C71DB14E51}: DhcpNameServer = 208.67.222.222 208.67.220.220 68.94.156.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\windows\SysWow64\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 18:17:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/12 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/12 18:03:06 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2011/10/12 17:55:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/11 19:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/11 19:13:15 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2011/10/11 19:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/11 19:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/11 19:13:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/10/11 19:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/11 19:08:53 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\matt\Desktop\mbam-setup.exe
[2011/10/10 19:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/10/10 19:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/10 18:46:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/10/10 18:46:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/10/10 18:46:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/10/10 18:44:53 | 004,255,422 | R--- | C] (Swearware) -- C:\Users\matt\Desktop\ComboFix.exe
[2011/10/10 18:41:27 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\CrashDumps
[2011/10/10 18:36:06 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/10/10 18:35:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/09 23:48:43 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\matt\Desktop\GooredFix.exe
[2011/10/09 23:41:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/09 23:40:04 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTM.exe
[2011/10/09 23:33:33 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/10/09 23:24:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\matt\Desktop\HijackThis.exe
[2011/10/09 23:02:05 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\NPE
[2011/10/09 17:36:58 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Spawner GUI
[2011/10/04 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2011/10/04 17:34:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\mcforge_5.2.0.0
[2011/10/04 17:24:22 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\WoMClient-2.0.5
[2011/10/01 17:08:33 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Chromium
[2011/09/30 18:50:04 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2011/09/30 18:50:03 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\jagexlauncher
[2011/09/18 15:34:05 | 000,000,000 | ---D | C] -- C:\e2174b17c9bb60be59d830
[2011/09/17 21:17:34 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\Planes
[2011/09/17 21:17:20 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\More Creeps
[2011/09/14 07:20:21 | 003,804,120 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\SysWow64\GameMon.des
[2011/09/14 07:19:58 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\SysWow64\npptNT2.sys
[2011/09/14 07:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared

========== Files - Modified Within 30 Days ==========

[2011/10/12 18:26:49 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 18:26:49 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 18:19:32 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/12 18:19:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/12 18:19:11 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 18:17:48 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/10/11 21:54:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 21:14:06 | 000,869,194 | ---- | M] () -- C:\Users\matt\Desktop\SecurityCheck.exe
[2011/10/11 19:13:10 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/11 19:12:30 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\matt\Desktop\mbam-setup.exe
[2011/10/11 18:41:20 | 004,255,422 | R--- | M] (Swearware) -- C:\Users\matt\Desktop\ComboFix.exe
[2011/10/10 19:20:14 | 000,002,154 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/10/10 19:19:59 | 000,811,874 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/10/10 19:19:59 | 000,672,284 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/10 19:19:59 | 000,126,976 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/09 23:48:45 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\matt\Desktop\GooredFix.exe
[2011/10/09 23:40:14 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTM.exe
[2011/10/09 23:33:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/10/09 23:24:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\matt\Desktop\HijackThis.exe
[2011/10/09 07:08:33 | 000,000,008 | ---- | M] () -- C:\Users\matt\AppData\Roaming\RSBuddy Login.ini
[2011/10/08 06:52:15 | 000,000,129 | ---- | M] () -- C:\Users\matt\jagex_runescape_preferences2.dat
[2011/10/08 06:52:15 | 000,000,035 | ---- | M] () -- C:\Users\matt\jagex_runescape_preferences.dat
[2011/10/08 06:10:54 | 000,000,024 | ---- | M] () -- C:\Users\matt\jagexappletviewer.preferences
[2011/10/07 18:01:40 | 390,441,976 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/10/05 15:15:09 | 001,083,125 | ---- | M] () -- C:\Users\matt\Desktop\RSBuddy.jar
[2011/10/04 17:43:13 | 034,193,440 | ---- | M] () -- C:\Users\matt\Desktop\mysql-5.5.16-winx64.msi
[2011/10/04 17:34:18 | 001,272,525 | ---- | M] () -- C:\Users\matt\Desktop\mcforge_5.2.0.0.zip
[2011/09/30 18:50:04 | 000,002,126 | ---- | M] () -- C:\Users\matt\Desktop\RuneScape.lnk
[2011/09/30 18:46:37 | 010,885,632 | ---- | M] () -- C:\Users\matt\Desktop\RuneScape.msi
[2011/09/21 17:00:18 | 000,109,573 | ---- | M] () -- C:\Users\matt\Desktop\ItemslistV110.png
[2011/09/20 17:54:11 | 000,788,504 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/09/17 21:31:03 | 000,270,142 | ---- | M] () -- C:\Users\matt\Desktop\Minecraft.exe
[2011/09/13 21:21:08 | 000,027,245 | ---- | M] () -- C:\Users\matt\Documents\Autobiography.odt
[2011/09/12 19:11:49 | 000,017,974 | ---- | M] () -- C:\Users\matt\Documents\My Lesson 1.odt

========== Files Created - No Company Name ==========

[2011/10/11 21:13:48 | 000,869,194 | ---- | C] () -- C:\Users\matt\Desktop\SecurityCheck.exe
[2011/10/11 19:13:10 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/10 19:19:47 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/10 19:14:25 | 000,002,154 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/10/10 18:46:37 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/10/10 18:46:37 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/10/10 18:46:37 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/10/10 18:46:37 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/10/10 18:46:37 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/09 07:08:33 | 000,000,008 | ---- | C] () -- C:\Users\matt\AppData\Roaming\RSBuddy Login.ini
[2011/10/04 17:36:35 | 034,193,440 | ---- | C] () -- C:\Users\matt\Desktop\mysql-5.5.16-winx64.msi
[2011/10/04 17:33:47 | 001,272,525 | ---- | C] () -- C:\Users\matt\Desktop\mcforge_5.2.0.0.zip
[2011/09/30 21:24:56 | 000,000,024 | ---- | C] () -- C:\Users\matt\jagexappletviewer.preferences
[2011/09/30 18:50:04 | 000,002,134 | ---- | C] () -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2011/09/30 18:50:04 | 000,002,126 | ---- | C] () -- C:\Users\matt\Desktop\RuneScape.lnk
[2011/09/30 18:44:26 | 010,885,632 | ---- | C] () -- C:\Users\matt\Desktop\RuneScape.msi
[2011/09/21 17:00:18 | 000,109,573 | ---- | C] () -- C:\Users\matt\Desktop\ItemslistV110.png
[2011/09/14 07:19:58 | 000,005,174 | ---- | C] () -- C:\windows\SysWow64\nppt9x.vxd
[2011/09/13 21:21:06 | 000,027,245 | ---- | C] () -- C:\Users\matt\Documents\Autobiography.odt
[2011/09/12 19:11:44 | 000,017,974 | ---- | C] () -- C:\Users\matt\Documents\My Lesson 1.odt
[2011/09/02 17:38:52 | 000,000,189 | ---- | C] () -- C:\Users\matt\AppData\Roaming\RSBuddy_chibles1.ini
[2011/07/13 08:45:22 | 000,000,092 | ---- | C] () -- C:\Users\matt\AppData\Local\fusioncache.dat
[2011/06/01 17:25:14 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/06/01 17:25:14 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/05/21 13:59:20 | 000,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2011/04/14 07:55:32 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/03/27 23:29:33 | 000,000,136 | ---- | C] () -- C:\Users\matt\AppData\Roaming\RSBot_Accounts.ini
[2011/03/06 15:55:54 | 000,000,224 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/03/06 15:54:59 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\SIntfNT.dll
[2011/03/06 15:54:59 | 000,017,212 | ---- | C] () -- C:\windows\SysWow64\SIntf32.dll
[2011/03/06 15:54:59 | 000,012,067 | ---- | C] () -- C:\windows\SysWow64\SIntf16.dll
[2011/02/26 15:50:34 | 000,270,240 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/02/26 15:50:34 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/01/04 18:11:43 | 000,811,874 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/02/20 09:22:24 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/02/20 09:22:24 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/02/20 09:22:24 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/02/20 08:27:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/02/20 08:27:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/09 18:04:47 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\.minecraft
[2010/12/28 17:12:04 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/08/24 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Free Download Manager
[2011/05/05 21:16:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\LEGO Company
[2011/01/04 19:02:25 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\OpenOffice.org
[2011/06/27 22:24:29 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\SoftGrid Client
[2011/08/13 11:18:40 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\SPORE
[2011/07/13 09:42:50 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\TeamViewer
[2010/12/25 23:24:56 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Tific
[2010/12/26 18:19:47 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Toshiba
[2011/02/20 11:55:07 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\TP
[2010/12/27 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Unity
[2011/01/02 17:35:34 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\WildTangent
[2010/12/14 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\WinBatch
[2011/09/18 22:19:53 | 000,032,594 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /HideShortcuts [2011/02/23 04:20:04 | 000,711,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /ShowShortcuts [2011/02/23 04:20:04 | 000,711,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/02/23 04:20:04 | 000,711,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe" -preferences [2011/02/23 04:19:45 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/20 22:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/06/20 22:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/05/04 07:07:18 | 000,001,757 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\.ChromotingConfig.json
[2011/10/07 15:53:58 | 000,000,005 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2010/12/25 14:08:48 | 000,548,874 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\en-US-1-2.bdic
[2010/12/25 14:08:11 | 000,000,000 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\First Run
[2011/10/07 15:53:57 | 000,007,647 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Local State
[2011/07/19 18:34:54 | 006,624,044 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/07/19 18:34:55 | 001,831,715 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/07/19 18:34:55 | 000,134,036 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2011/07/19 18:34:54 | 000,173,620 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2011/05/04 07:07:16 | 000,000,055 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Service State
[2011/06/22 19:15:15 | 000,061,440 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/05/04 08:06:51 | 000,006,906 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/05/04 08:06:51 | 000,006,906 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/10/07 15:53:55 | 000,025,600 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/10/07 15:53:57 | 000,000,117 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/07/19 18:42:24 | 000,049,653 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2010/12/25 14:08:12 | 000,006,144 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2011/07/19 18:40:48 | 000,065,536 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/07/19 18:40:48 | 000,229,376 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\History
[2011/04/22 19:03:47 | 000,558,080 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-12
[2011/06/22 19:15:15 | 000,057,344 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-02
[2011/06/22 19:15:58 | 000,106,496 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-04
[2011/07/19 18:37:08 | 000,331,776 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05
[2011/07/19 18:38:08 | 000,036,864 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-06
[2011/07/19 18:40:48 | 000,159,744 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-07
[2011/10/07 15:53:55 | 000,000,000 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2011/07/19 18:42:24 | 000,255,123 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/06/22 19:15:58 | 000,006,386 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/05/13 18:02:31 | 000,012,288 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/10/07 15:53:57 | 000,024,847 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/06/22 19:15:22 | 000,032,768 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/10/07 15:53:57 | 000,131,072 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/10/07 15:53:53 | 000,069,632 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/07/19 18:37:25 | 000,020,386 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\icon-128.png
[2011/07/19 18:37:25 | 000,000,698 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\manifest.json
[2011/07/19 18:37:25 | 000,000,385 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\bg\messages.json
[2011/07/19 18:37:25 | 000,000,158 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ca\messages.json
[2011/07/19 18:37:25 | 000,000,224 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\cs\messages.json
[2011/07/19 18:37:25 | 000,000,162 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\da\messages.json
[2011/07/19 18:37:25 | 000,000,172 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\de\messages.json
[2011/07/19 18:37:25 | 000,000,432 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\el\messages.json
[2011/07/19 18:37:25 | 000,000,272 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\en\messages.json
[2011/07/19 18:37:25 | 000,000,159 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\en_GB\messages.json
[2011/07/19 18:37:25 | 000,000,194 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\es\messages.json
[2011/07/19 18:37:25 | 000,000,152 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\es_419\messages.json
[2011/07/19 18:37:25 | 000,000,178 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\et\messages.json
[2011/07/19 18:37:25 | 000,000,191 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\fi\messages.json
[2011/07/19 18:37:25 | 000,000,180 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\fil\messages.json
[2011/07/19 18:37:25 | 000,000,154 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\fr\messages.json
[2011/07/19 18:37:25 | 000,000,393 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\hi\messages.json
[2011/07/19 18:37:25 | 000,000,172 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\hr\messages.json
[2011/07/19 18:37:25 | 000,000,221 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\hu\messages.json
[2011/07/19 18:37:25 | 000,000,180 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\id\messages.json
[2011/07/19 18:37:25 | 000,000,169 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\it\messages.json
[2011/07/19 18:37:25 | 000,000,232 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ja\messages.json
[2011/07/19 18:37:25 | 000,000,212 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ko\messages.json
[2011/07/19 18:37:25 | 000,000,190 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\lt\messages.json
[2011/07/19 18:37:25 | 000,000,191 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\lv\messages.json
[2011/07/19 18:37:25 | 000,000,167 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\nb\messages.json
[2011/07/19 18:37:25 | 000,000,165 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\nl\messages.json
[2011/07/19 18:37:25 | 000,000,168 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\pl\messages.json
[2011/07/19 18:37:25 | 000,000,168 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\pt_BR\messages.json
[2011/07/19 18:37:25 | 000,000,159 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\pt_PT\messages.json
[2011/07/19 18:37:25 | 000,000,197 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ro\messages.json
[2011/07/19 18:37:25 | 000,000,402 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ru\messages.json
[2011/07/19 18:37:25 | 000,000,172 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\sk\messages.json
[2011/07/19 18:37:25 | 000,000,175 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\sl\messages.json
[2011/07/19 18:37:25 | 000,000,391 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\sr\messages.json
[2011/07/19 18:37:25 | 000,000,168 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\sv\messages.json
[2011/07/19 18:37:25 | 000,000,478 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\th\messages.json
[2011/07/19 18:37:25 | 000,000,241 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\tr\messages.json
[2011/07/19 18:37:25 | 000,000,379 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\uk\messages.json
[2011/07/19 18:37:25 | 000,000,261 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\vi\messages.json
[2011/07/19 18:37:25 | 000,000,242 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\zh_CN\messages.json
[2011/07/19 18:37:25 | 000,000,256 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\zh_TW\messages.json
[2011/07/31 16:47:50 | 000,000,377 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\manifest.json
[2011/07/31 16:47:50 | 000,122,368 | ---- | M] (Play Pickle) -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\npptl.dll
[2011/07/31 16:47:50 | 000,003,700 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllefkbpbefdodiiefpkcnigpicmhohe\pptl.js
[2011/07/19 18:31:25 | 000,001,766 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\background.html
[2011/07/19 18:31:25 | 000,000,984 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\manifest.json
[2011/07/19 18:31:25 | 000,006,273 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\avgls-inline.js
[2011/07/19 18:31:25 | 000,013,424 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\flyover.js
[2011/07/19 18:31:25 | 000,001,302 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\interstitial-block.html
[2011/07/19 18:31:25 | 000,078,768 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\jquery-1.4.4.min.js
[2011/07/19 18:31:25 | 000,092,766 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\searchengine.js
[2011/07/19 18:31:25 | 000,013,513 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\searchshield.js
[2011/07/19 18:31:25 | 000,016,328 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\128x128.png
[2011/07/19 18:31:25 | 000,000,790 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\16x16.png
[2011/07/19 18:31:25 | 000,004,310 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\48x48.png
[2011/07/19 18:31:25 | 000,006,455 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\64x64.png
[2011/07/19 18:31:25 | 000,000,303 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_middle_gray.gif
[2011/07/19 18:31:25 | 000,000,610 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_middle_green.gif
[2011/07/19 18:31:25 | 000,000,773 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_middle_orange.gif
[2011/07/19 18:31:25 | 000,001,332 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_middle_red.gif
[2011/07/19 18:31:25 | 000,000,974 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_middle_yellow.gif
[2011/07/19 18:31:25 | 000,000,303 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_top_gray.gif
[2011/07/19 18:31:25 | 000,000,159 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_top_green.gif
[2011/07/19 18:31:25 | 000,000,204 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_top_orange.gif
[2011/07/19 18:31:25 | 000,000,959 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_top_red.gif
[2011/07/19 18:31:25 | 000,000,217 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\background_top_yellow.gif
[2011/07/19 18:31:25 | 000,001,932 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\block-doc.gif
[2011/07/19 18:31:25 | 000,000,394 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\blocked.gif
[2011/07/19 18:31:25 | 000,001,060 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\blocked12.png
[2011/07/19 18:31:25 | 000,000,333 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_bottom_gray.gif
[2011/07/19 18:31:25 | 000,000,454 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_bottom_green.gif
[2011/07/19 18:31:25 | 000,000,617 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_bottom_orange.gif
[2011/07/19 18:31:25 | 000,000,099 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_bottom_red.gif
[2011/07/19 18:31:25 | 000,000,626 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_bottom_yellow.gif
[2011/07/19 18:31:25 | 000,000,471 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_top_gray.gif
[2011/07/19 18:31:25 | 000,000,820 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_top_green.gif
[2011/07/19 18:31:25 | 000,000,446 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_top_orange.gif
[2011/07/19 18:31:25 | 000,000,484 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_top_red.gif
[2011/07/19 18:31:25 | 000,000,336 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\border_top_yellow.gif
[2011/07/19 18:31:25 | 000,000,339 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\box_bottom_red.gif
[2011/07/19 18:31:25 | 000,000,520 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\box_top_red.gif
[2011/07/19 18:31:25 | 000,000,364 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\caution.gif
[2011/07/19 18:31:25 | 000,000,523 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\caution12.png
[2011/07/19 18:31:25 | 000,000,586 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\click_here_gray.gif
[2011/07/19 18:31:25 | 000,001,418 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\click_here_green.gif
[2011/07/19 18:31:25 | 000,001,268 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\click_here_orange.gif
[2011/07/19 18:31:25 | 000,001,333 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\click_here_red.gif
[2011/07/19 18:31:25 | 000,001,368 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\click_here_yellow.gif
[2011/07/19 18:31:25 | 000,002,455 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\clock.gif
[2011/07/19 18:31:25 | 000,000,429 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\clock12.png
[2011/07/19 18:31:25 | 000,002,229 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\icons_blocked.gif
[2011/07/19 18:31:25 | 000,002,364 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\icons_caution.gif
[2011/07/19 18:31:25 | 000,000,613 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\icons_close.gif
[2011/07/19 18:31:25 | 000,002,314 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\icons_safe.gif
[2011/07/19 18:31:25 | 000,001,662 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\icons_unknown.gif
[2011/07/19 18:31:25 | 000,002,344 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\icons_warning.gif
[2011/07/19 18:31:25 | 000,001,683 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\LS_Logo_Results.gif
[2011/07/19 18:31:25 | 000,000,362 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\safe.gif
[2011/07/19 18:31:25 | 000,000,564 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\safe12.png
[2011/07/19 18:31:25 | 000,000,389 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\unknown.gif
[2011/07/19 18:31:25 | 000,004,322 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\vrsn-secured-lsfo.gif
[2011/07/19 18:31:25 | 000,000,374 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\warning.gif
[2011/07/19 18:31:25 | 000,000,555 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\content\Icons\warning12.png
[2011/07/19 18:31:25 | 001,752,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins\avgnpss.dll
[2011/07/19 18:31:25 | 001,859,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins\avgxpl.dll
[2011/05/04 07:10:19 | 000,014,514 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\icon_poppit.png
[2011/05/04 07:10:19 | 000,000,767 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\manifest.json
[8 C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[6 C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2011/05/04 07:05:54 | 000,003,072 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage
[2010/12/25 14:09:42 | 000,017,408 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2010/12/25 14:09:42 | 000,019,456 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2011/01/16 21:26:17 | 000,000,000 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#9
SweetTech

Posted 12 October 2011 - 10:14 PM

Sir SpamAlot

Retired Staff
7,671 posts

Good Evening!

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/01/04 18:23:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/17 15:54:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/26 10:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/11 19:08:53 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\matt\Desktop\mbam-setup.exe
:Reg

:Files
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

#10
kenc

Posted 12 October 2011 - 10:49 PM

Member

Topic Starter
Member
24 posts

Good Evening Sweet Tech!

After the previous post,I re-enabled the anti-virus and ran a full scan.Two problems were detected and fixed.I hope this hasn't complicated your systematic approach to cleaning out this PC? I've attached a screen shot (no log file) of the output.

Also included is the OTL log:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\Users\matt\Desktop\mbam-setup.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll moved successfully.
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\windows\system32\drivers\etc\Hosts
C:\Users\matt\Desktop\cmd.bat deleted successfully.
C:\Users\matt\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\matt\Desktop\cmd.bat deleted successfully.
C:\Users\matt\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: matt
->Temp folder emptied: 26394 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14784342 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28543222 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 270794 bytes

Total Files Cleaned = 42.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: matt
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10122011_213947

Files\Folders moved on Reboot...
C:\Users\matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\windows\temp\TMP0000003CB706E320A88766DE not found!

Registry entries deleted on Reboot...

Attached Thumbnails

#11
SweetTech

Posted 13 October 2011 - 09:59 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

After the previous post,I re-enabled the anti-virus and ran a full scan.Two problems were detected and fixed.I hope this hasn't complicated your systematic approach to cleaning out this PC? I've attached a screen shot (no log file) of the output.

Nope that's fine.

Microsoft Security Essentials doesn't give you a file path for where those files were detected was, does it?

#12
kenc

Posted 13 October 2011 - 10:20 PM

Member

Topic Starter
Member
24 posts

Microsoft Security Essentials doesn't give you a file path for where those files were detected was, does it?

Looks like they were both quarantined anyway!

file:C:\Qoobox\Quarantine\C\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll.vir

file:C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir

#13
SweetTech

Posted 14 October 2011 - 09:53 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

Okay, those two threats were detected in ComboFix's quarantine folder, and would have been removed from your computer once we clean-up our tools.

Are you experiencing any other issues with your computer, or are you ready to proceed with the clean-up procedure?

#14
kenc

Posted 15 October 2011 - 09:53 PM

Member

Topic Starter
Member
24 posts

Hi Sweet Tech,

My son has been using his laptop for the last 24 hours (not non-stop mind you!) and it seems
to be behaving correctly.

ken

#15
SweetTech

Posted 16 October 2011 - 10:08 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi Ken!

Glad to hear that!

Lets proceed with the clean-up procedure.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.