Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware checkup


  • Please log in to reply

#1
Oniketsoku

Oniketsoku

    Member

  • Member
  • PipPipPip
  • 343 posts
Internet has been gradually snowballing downwards for a while, doing a routine check for malware. MWB not picking up anything so I thought I'd post a log
Lately I've been redirected to a248.e.akamai.net often and other misc redirects once in a while. Hard reset on router wont make redirects go away. Also get popups from google chrome warning me not to go to websites that supposedly contain malware that I know are safe
Would appreciate a look, thanks in advance


OTL logfile created on: 10/21/2011 5:00:34 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zetsurin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 57.88% Memory free
8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 202.44 Gb Free Space | 43.46% Space Free | Partition Type: NTFS
Drive E: | 1.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ZETSURIN-PC | User Name: Zetsurin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 16:59:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zetsurin\Downloads\OTL.exe
PRC - [2011/10/03 09:54:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/08 13:18:52 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe
PRC - [2011/08/17 21:15:58 | 001,290,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/08/02 06:58:34 | 000,267,488 | ---- | M] () -- C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe
PRC - [2011/08/02 03:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/21 14:20:40 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe
PRC - [2011/03/16 11:33:22 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe
PRC - [2010/12/27 09:46:38 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/21 15:59:21 | 003,046,808 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010/11/26 14:06:42 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razertra.exe
PRC - [2010/09/30 10:32:08 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerofa.exe
PRC - [2010/09/08 17:56:04 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.92\deploy\LolClient.exe
PRC - [2010/07/28 20:00:48 | 007,485,792 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2010/06/28 11:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 11:12:40 | 000,412,728 | ---- | M] () -- C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 11:12:39 | 003,696,184 | ---- | M] () -- C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 11:11:13 | 000,142,568 | ---- | M] () -- C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 11:11:12 | 000,253,320 | ---- | M] () -- C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 11:11:10 | 002,403,240 | ---- | M] () -- C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 16:06:57 | 008,587,936 | ---- | M] () -- C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/09/08 13:18:52 | 002,592,768 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe
MOD - [2011/08/17 21:15:58 | 001,290,240 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/03/21 14:20:40 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe
MOD - [2011/03/16 11:33:22 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe
MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/12/21 15:59:21 | 003,046,808 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010/11/26 14:06:42 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razertra.exe
MOD - [2010/07/28 19:58:40 | 000,999,424 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/17 17:44:58 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/10/12 09:06:46 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/03 09:54:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/02 06:58:34 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/27 09:46:38 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/21 16:06:45 | 004,208,208 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/06/28 11:51:00 | 000,211,808 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010/06/28 11:50:28 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/12 09:03:08 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/29 18:22:16 | 000,023,040 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DABlack.sys -- (DABlackFltr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 19:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/06/29 10:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011/10/06 23:42:06 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/31 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20110811
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 03 5A BC B1 4E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zetsurin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zetsurin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Zetsurin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zetsurin\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Zetsurin\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\Zetsurin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DeathAdderBlackEdition] C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B950FCE-116D-469D-AFC2-040067AC9073}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AA427B6-A395-4598-A851-9297B0C31D1D}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/19 02:47:37 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\AppData\Roaming\WinRAR
[2011/10/19 02:47:37 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/19 02:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/19 02:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/10/12 09:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fate-stay night English
[2011/10/12 09:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FATE
[2011/10/12 09:03:08 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/10/12 09:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/10/12 09:02:24 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\AppData\Roaming\DAEMON Tools Lite
[2011/10/12 09:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/10/12 08:53:06 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\Desktop\VN Misc
[2011/10/12 08:28:06 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\Desktop\Fatestay
[2011/10/07 21:06:18 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\AppData\Roaming\Real
[2011/10/07 18:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/10/07 18:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011/10/06 23:41:24 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2011/10/06 23:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2011/10/05 22:08:18 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\AppData\Roaming\Mumble
[2011/10/05 22:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011/10/05 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2011/10/03 12:45:45 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\AppData\Local\PunkBuster
[2011/10/03 12:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/10/03 09:54:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2011/10/01 21:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/10/01 21:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/09/29 13:31:18 | 000,000,000 | ---D | C] -- C:\Users\Zetsurin\Desktop\[Nipponsei] Eureka seveN OST 1

========== Files - Modified Within 30 Days ==========

[2011/10/21 17:01:56 | 000,014,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 17:01:56 | 000,014,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 16:54:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/21 16:54:21 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/21 12:17:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-175131079-1930791116-3723239277-1000UA.job
[2011/10/20 09:18:35 | 000,000,113 | ---- | M] () -- C:\Users\Zetsurin\webct_upload_applet.properties
[2011/10/20 09:18:14 | 000,004,685 | ---- | M] () -- C:\Users\Zetsurin\Documents\rsrch summary 6.rtf
[2011/10/19 23:17:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-175131079-1930791116-3723239277-1000Core.job
[2011/10/18 19:31:59 | 000,274,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/17 09:42:18 | 000,784,764 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 09:42:18 | 000,652,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 09:42:18 | 000,121,028 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/17 09:38:05 | 000,010,318 | ---- | M] () -- C:\Users\Zetsurin\Documents\cc_20111017_093803.reg
[2011/10/16 08:42:10 | 000,001,801 | ---- | M] () -- C:\Users\Zetsurin\Desktop\iTunes.lnk
[2011/10/12 09:03:08 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/10/06 23:44:52 | 000,765,798 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/05 22:20:41 | 000,002,378 | ---- | M] () -- C:\Users\Zetsurin\Documents\MumbleAutomaticCertificateBackup.p12
[2011/10/05 22:07:56 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/10/05 16:15:17 | 000,002,415 | ---- | M] () -- C:\Users\Zetsurin\Desktop\Google Chrome.lnk
[2011/10/03 12:45:48 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/10/03 12:45:48 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/03 09:54:26 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/10/03 09:54:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/29 08:49:08 | 000,003,771 | ---- | M] () -- C:\Users\Zetsurin\Desktop\rsrch summry4.rtf

========== Files Created - No Company Name ==========

[2011/10/20 09:18:14 | 000,004,685 | ---- | C] () -- C:\Users\Zetsurin\Documents\rsrch summary 6.rtf
[2011/10/17 09:38:04 | 000,010,318 | ---- | C] () -- C:\Users\Zetsurin\Documents\cc_20111017_093803.reg
[2011/10/16 08:42:10 | 000,001,801 | ---- | C] () -- C:\Users\Zetsurin\Desktop\iTunes.lnk
[2011/10/05 22:20:41 | 000,002,378 | ---- | C] () -- C:\Users\Zetsurin\Documents\MumbleAutomaticCertificateBackup.p12
[2011/10/05 22:07:56 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/10/03 12:45:48 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/10/03 09:54:19 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/03 09:54:19 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/10/03 09:54:16 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/29 08:49:08 | 000,003,771 | ---- | C] () -- C:\Users\Zetsurin\Desktop\rsrch summry4.rtf
[2011/07/13 21:17:11 | 000,109,016 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/28 03:58:35 | 000,765,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/20 18:04:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/31 22:53:09 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/21 15:29:26 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/12/21 15:29:08 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2010/12/21 15:29:08 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2010/12/21 15:29:08 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/12 23:22:10 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\AnvSoft
[2011/10/17 20:53:18 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\BitTorrent
[2010/12/25 20:49:13 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2011/10/12 09:09:27 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\DAEMON Tools Lite
[2011/07/12 20:07:50 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\Downloaded Installations
[2011/04/15 17:57:44 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\Free PDF Tablet
[2011/05/24 13:47:36 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\ijjigame
[2010/12/21 16:32:13 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\LolClient
[2011/10/17 17:11:33 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\Mumble
[2011/08/11 04:22:12 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\PDFlite
[2011/09/14 20:31:30 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\Razer
[2011/07/26 18:18:51 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\SGTY
[2011/10/13 13:40:03 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\Spotify
[2011/08/21 02:51:29 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\SystemRequirementsLab
[2011/04/01 13:52:33 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\Systweak
[2010/12/21 16:03:08 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\Trillian
[2011/07/29 01:44:30 | 000,000,000 | ---D | M] -- C:\Users\Zetsurin\AppData\Roaming\Unity
[2011/08/08 14:22:18 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP