Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware not being detected


  • This topic is locked This topic is locked

#1
GeluMarzipan

GeluMarzipan

    New Member

  • Member
  • Pip
  • 5 posts
Recently I've been having Avast show me warnings of 'windows\assembly\temp\U\80000032,@' trying to infect processes of mine when they open. I've been looking around to a fix for this and it seems other people are getting it too. So I downloaded different scanners that I've seen people suggest that I use and have run scans. So far the infection has been slowing down and Avast hasn't reported any more blocking but I know the virus hasn't been deleted or fixed yet. So I'm posting the logs that people have suggested that other people post for their issues. FYI I normally use Malwarebytes and Avast to keep my computer safe, but neither of these programs are finding anything. I'm not attaching the Malwarebytes Log because it didn't show that it found anything at all.

Along with using Malwarebytes and Avast. At recommendation of other people I've run scans using OTL, aswMBR, SAS, and TrendMicro. SAS is scanning again because I didn't grab a scan-log after it was done last time because it only cleared out tracking cookies. TrendMicro's HouseCall is still scanning on a complete scan because the quick-scan didn't pull anything up.

Let's see. The warnings started appearing about two/three days ago out of nowhere and I ran my normal scans and they didn't show anything, so I assumed it wasn't in my computer itself. Then it started popping up more trying to infect processes like Minecraft, uTorrent, and Opera.

Edit: I've also run TDSSKiller and have downloaded ComboFix. I plan on running ComboFix after TrendMicro and SAS are finished scanning.

Attached Files


Edited by GeluMarzipan, 30 October 2011 - 03:53 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You have the conserv malware

For the next step please run Combofix, and on completion re-run OTL with the following script please


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window.
  • Post that log as well

  • 0

#3
GeluMarzipan

GeluMarzipan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the after-ComboFix scan. Also attached the ComboFix log, just in case that was needed.

OTL logfile created on: 10/30/2011 4:10:12 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = I:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.53 Gb Available Physical Memory | 58.77% Memory free
12.00 Gb Paging File | 9.61 Gb Available in Paging File | 80.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 188.92 Gb Free Space | 32.34% Space Free | Partition Type: NTFS
Drive I: | 489.25 Mb Total Space | 432.33 Mb Free Space | 88.37% Space Free | Partition Type: FAT
Drive Z: | 186.31 Gb Total Space | 106.13 Gb Free Space | 56.96% Space Free | Partition Type: NTFS

Computer Name: MARZISPCOFDOOM | User Name: Marzi Wolfen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 09:17:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2011/10/20 06:31:37 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/10/13 21:16:30 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/01 23:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/05/24 22:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/23 11:42:52 | 001,516,888 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe
PRC - [2011/03/03 15:14:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/22 03:30:06 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/09/17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
PRC - [2010/09/17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
PRC - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
PRC - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2010/09/14 16:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/30 16:11:56 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2010/01/20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2009/08/12 15:07:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
PRC - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/21 16:53:33 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/13 21:16:30 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/03/03 15:14:49 | 001,016,280 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/03/02 11:11:18 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detoured.dll
MOD - [2011/02/06 11:31:58 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/17 14:16:34 | 000,324,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2010/10/14 21:25:48 | 000,202,024 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\VideoSrc.dll
MOD - [2010/10/14 21:25:44 | 000,496,936 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/07/30 16:11:56 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
MOD - [2010/01/20 17:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2009/08/12 15:07:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
MOD - [1998/10/31 05:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/27 19:21:12 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 07:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2011/10/17 13:42:25 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/10/11 23:07:26 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/24 22:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/27 19:24:40 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 19:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/09/14 16:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2010/09/14 16:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 11:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2009/11/24 09:35:21 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/29 16:57:03 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/10/29 16:20:12 | 000,526,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/24 22:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/10/13 04:12:04 | 001,244,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/09/07 06:52:29 | 000,051,280 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/09/07 06:52:09 | 000,121,936 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/09/07 06:47:49 | 000,028,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/09/07 06:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/09/07 06:47:10 | 000,020,048 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/20 10:42:20 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 12:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/10/07 14:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/03/16 11:11:20 | 000,015,648 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...25v135r4501s216

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:1.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marzi Wolfen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/09 02:07:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/01 12:10:40 | 000,000,000 | ---D | M]

[2011/10/05 17:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Extensions
[2011/03/29 02:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/05 17:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/30 10:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions
[2011/06/02 11:48:21 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2010/12/04 03:13:29 | 000,000,000 | ---D | M] (4chan) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/05/27 14:27:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/06/09 15:43:53 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/06/02 11:48:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/27 14:27:32 | 000,000,000 | ---D | M] (Better Kongregate) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions\[email protected]
[2011/04/08 11:59:06 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions\[email protected]
[2011/02/18 19:11:54 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\extensions\[email protected]
[2010/12/22 17:23:04 | 000,000,941 | ---- | M] () -- C:\Users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\searchplugins\conduit.xml
[2011/10/30 10:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/27 08:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/06/21 13:55:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/26 09:13:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/10/30 15:19:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [tsnp2uvc] C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{511B96E3-41C2-4D22-9831-1192DA547D1F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 14:43:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/30 14:43:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/30 14:43:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/30 14:43:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/30 14:43:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 17:15:56 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\Documents\capcom
[2011/10/29 16:57:03 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/10/29 16:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/10/29 16:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/10/29 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CAPCOM
[2011/10/29 16:20:12 | 000,526,392 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011/10/28 18:33:01 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/28 18:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/28 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/10/28 14:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/10/27 17:34:57 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Roaming\AtomZombieData
[2011/10/27 17:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atom Zombie Smasher
[2011/10/27 17:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atom Zombie Smasher
[2011/10/27 12:12:36 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\Documents\SEGA
[2011/10/27 09:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[2011/10/26 09:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CraftBukkit Server
[2011/10/26 09:14:31 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\Documents\CraftBukkit Server
[2011/10/26 09:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/26 09:12:54 | 010,189,806 | ---- | C] (Fateful Productions) -- C:\Users\Marzi Wolfen\Documents\CraftBukkit_Installer_Windows.exe
[2011/10/26 07:51:59 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\.tectonicus
[2011/10/26 07:51:01 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\Minetographer
[2011/10/26 07:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (x64)
[2011/10/26 07:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Firebird
[2011/10/26 07:14:05 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
[2011/10/26 07:08:38 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Local\SpacialAudio
[2011/10/25 16:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APC
[2011/10/25 16:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\APC
[2011/10/23 07:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011/10/23 07:04:03 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\Documents\Guild Wars
[2011/10/21 15:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011/10/21 15:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011/10/21 15:50:12 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Roaming\Leadertech
[2011/10/21 15:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/10/21 15:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/10/21 15:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2011/10/21 15:48:32 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Local\Downloaded Installations
[2011/10/21 15:30:52 | 000,375,808 | ---- | C] (Sonix) -- C:\Windows\SysNative\vsnp2uvc.dll
[2011/10/21 15:30:52 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011/10/21 15:30:52 | 000,238,080 | ---- | C] ( ) -- C:\Windows\SysNative\rsnp2uvc.dll
[2011/10/21 15:30:51 | 000,662,016 | ---- | C] (Sonix) -- C:\Windows\vsnp2uvc.exe
[2011/10/21 15:30:51 | 000,306,176 | ---- | C] (Sonix) -- C:\Windows\SysWow64\vsnp2uvc.dll
[2011/10/21 15:30:51 | 000,306,176 | ---- | C] ( ) -- C:\Windows\SysNative\csnp2uvc.dll
[2011/10/21 15:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Video Device
[2011/10/21 15:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SNP2UVC
[2011/10/21 13:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/10/21 13:55:35 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Local\PAYDAY
[2011/10/20 01:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
[2011/10/20 01:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trendy Entertainment
[2011/10/13 22:44:59 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Roaming\wargaming.net
[2011/10/13 22:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2011/10/12 07:27:37 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Roaming\savedata
[2011/10/12 07:27:12 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\Documents\G-Senjou no Maou English Savedata
[2011/10/12 07:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AKABEiSOFT2
[2011/10/12 07:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AKABEiSOFT2
[2011/10/11 02:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IONCROSS Freelancer Character Editor
[2011/10/10 01:45:23 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Local\Freelancer
[2011/10/06 15:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KnuckleCracker
[2011/10/06 15:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KnuckleCracker
[2011/10/05 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Roaming\Prism
[2011/10/05 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Local\Prism
[2011/10/03 11:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011/10/02 19:57:01 | 000,000,000 | ---D | C] -- C:\Users\Marzi Wolfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fallout New Vegas
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/30 16:04:14 | 000,793,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/30 16:04:14 | 000,669,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/30 16:04:14 | 000,125,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/30 15:26:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 15:26:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 15:19:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/30 15:18:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/30 15:18:17 | 536,371,199 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/30 11:25:47 | 000,869,125 | ---- | M] () -- C:\Users\Marzi Wolfen\AppData\Local\census.cache
[2011/10/30 11:23:02 | 000,145,166 | ---- | M] () -- C:\Users\Marzi Wolfen\AppData\Local\ars.cache
[2011/10/30 10:29:54 | 000,786,938 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/30 09:59:28 | 000,000,036 | ---- | M] () -- C:\Users\Marzi Wolfen\AppData\Local\housecall.guid.cache
[2011/10/30 09:44:15 | 000,245,492 | ---- | M] () -- C:\Windows\SysNative\oem25.inf
[2011/10/30 05:41:02 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/10/29 17:12:21 | 000,002,485 | ---- | M] () -- C:\Users\Public\Desktop\Hunted The Demons Forge.lnk
[2011/10/29 16:57:03 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/10/29 16:20:12 | 000,526,392 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011/10/29 15:56:50 | 000,225,209 | ---- | M] () -- C:\Users\Marzi Wolfen\Documents\1319924664329.jpg
[2011/10/28 20:26:41 | 001,666,359 | ---- | M] () -- C:\Users\Marzi Wolfen\Documents\WillowTree#Beta9r6.zip
[2011/10/28 14:09:29 | 001,351,800 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/10/28 14:05:42 | 000,512,992 | ---- | M] () -- C:\Users\Marzi Wolfen\Desktop\sdsetup_revwire207.exe
[2011/10/27 17:34:53 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\Play Atom Zombie Smasher.lnk
[2011/10/27 12:23:26 | 000,020,039 | ---- | M] () -- C:\Users\Marzi Wolfen\Documents\dxgi.zip
[2011/10/26 12:35:23 | 000,008,495 | ---- | M] () -- C:\Users\Marzi Wolfen\Documents\SAM_Broadcaster_4.2.2_(cracked)___reg_key.4668529.TPB.torrent
[2011/10/26 10:03:14 | 000,639,390 | ---- | M] () -- C:\Users\Marzi Wolfen\Documents\hwmonitor_1.18-64bit.zip
[2011/10/26 09:16:03 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\CraftBukkit Server.lnk
[2011/10/26 09:13:20 | 010,189,806 | ---- | M] (Fateful Productions) -- C:\Users\Marzi Wolfen\Documents\CraftBukkit_Installer_Windows.exe
[2011/10/26 08:46:36 | 000,068,983 | ---- | M] () -- C:\Users\Marzi Wolfen\Documents\runecraft_latest.zip
[2011/10/26 07:52:05 | 004,342,421 | ---- | M] () -- C:\Users\Marzi Wolfen\Documents\Minetographer0.7.3.zip
[2011/10/26 07:14:05 | 000,002,025 | ---- | M] () -- C:\Users\Marzi Wolfen\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2011/10/26 07:14:05 | 000,002,001 | ---- | M] () -- C:\Users\Marzi Wolfen\Desktop\SAM Broadcaster.lnk
[2011/10/25 16:32:57 | 000,001,048 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
[2011/10/25 16:31:59 | 006,918,144 | ---- | M] () -- C:\Users\Marzi Wolfen\PCPE_3.0.msi
[2011/10/25 14:38:28 | 003,932,184 | ---- | M] () -- C:\snp2uvc-001.raw
[2011/10/20 01:43:12 | 000,002,519 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Defenders.lnk
[2011/10/04 14:33:17 | 000,001,266 | ---- | M] () -- C:\Users\Marzi Wolfen\Desktop\Space Pirates and Zombies.lnk
[2011/10/03 11:12:03 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Mercenaries 2 World in Flames™.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/30 14:43:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/30 14:43:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/30 14:43:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/30 14:43:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/30 14:43:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/30 11:25:47 | 000,869,125 | ---- | C] () -- C:\Users\Marzi Wolfen\AppData\Local\census.cache
[2011/10/30 11:23:02 | 000,145,166 | ---- | C] () -- C:\Users\Marzi Wolfen\AppData\Local\ars.cache
[2011/10/30 09:59:28 | 000,000,036 | ---- | C] () -- C:\Users\Marzi Wolfen\AppData\Local\housecall.guid.cache
[2011/10/30 09:44:53 | 000,245,492 | ---- | C] () -- C:\Windows\SysNative\oem25.inf
[2011/10/29 17:12:21 | 000,002,485 | ---- | C] () -- C:\Users\Public\Desktop\Hunted The Demons Forge.lnk
[2011/10/29 15:56:50 | 000,225,209 | ---- | C] () -- C:\Users\Marzi Wolfen\Documents\1319924664329.jpg
[2011/10/28 20:26:37 | 001,666,359 | ---- | C] () -- C:\Users\Marzi Wolfen\Documents\WillowTree#Beta9r6.zip
[2011/10/28 14:09:23 | 001,351,800 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/10/28 14:05:54 | 000,512,992 | ---- | C] () -- C:\Users\Marzi Wolfen\Desktop\sdsetup_revwire207.exe
[2011/10/27 17:34:53 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\Play Atom Zombie Smasher.lnk
[2011/10/27 12:23:26 | 000,020,039 | ---- | C] () -- C:\Users\Marzi Wolfen\Documents\dxgi.zip
[2011/10/26 12:35:20 | 000,008,495 | ---- | C] () -- C:\Users\Marzi Wolfen\Documents\SAM_Broadcaster_4.2.2_(cracked)___reg_key.4668529.TPB.torrent
[2011/10/26 10:03:14 | 000,639,390 | ---- | C] () -- C:\Users\Marzi Wolfen\Documents\hwmonitor_1.18-64bit.zip
[2011/10/26 09:14:36 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\CraftBukkit Server.lnk
[2011/10/26 08:46:36 | 000,068,983 | ---- | C] () -- C:\Users\Marzi Wolfen\Documents\runecraft_latest.zip
[2011/10/26 07:50:41 | 004,342,421 | ---- | C] () -- C:\Users\Marzi Wolfen\Documents\Minetographer0.7.3.zip
[2011/10/26 07:14:05 | 000,002,025 | ---- | C] () -- C:\Users\Marzi Wolfen\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2011/10/26 07:07:09 | 000,002,001 | ---- | C] () -- C:\Users\Marzi Wolfen\Desktop\SAM Broadcaster.lnk
[2011/10/25 16:32:58 | 536,371,199 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/25 16:32:57 | 000,001,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
[2011/10/25 16:31:59 | 006,918,144 | ---- | C] () -- C:\Users\Marzi Wolfen\PCPE_3.0.msi
[2011/10/21 15:33:00 | 003,932,184 | ---- | C] () -- C:\snp2uvc-001.raw
[2011/10/21 15:30:51 | 003,531,136 | ---- | C] () -- C:\Windows\SysNative\drivers\snp2uvc.sys
[2011/10/21 15:30:51 | 000,035,456 | ---- | C] () -- C:\Windows\SysNative\drivers\sncduvc.sys
[2011/10/21 15:30:51 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/10/21 15:30:51 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src
[2011/10/20 01:43:12 | 000,002,519 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Defenders.lnk
[2011/10/03 11:12:03 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Mercenaries 2 World in Flames™.lnk
[2011/09/16 18:10:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/09/16 17:13:59 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/07/27 10:21:20 | 000,000,100 | ---- | C] () -- C:\Users\Marzi Wolfen\AppData\Local\fusioncache.dat
[2011/06/24 18:59:55 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/08 02:55:34 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/04 19:44:20 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/18 17:45:41 | 000,786,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/06 14:13:55 | 126,511,184 | ---- | C] () -- C:\Users\Marzi Wolfen\AppData\Roaming\.minecraft.rar
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/08 05:48:24 | 000,000,184 | ---- | C] () -- C:\Users\Marzi Wolfen\AppData\Roaming\120dc7d6.dat
[2011/04/05 22:35:42 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/03/03 09:05:34 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010/12/22 11:08:32 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/12/22 11:05:44 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2010/12/22 11:05:35 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/12/22 11:05:27 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2010/12/22 11:05:19 | 000,002,836 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2010/12/22 11:05:11 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2010/12/22 11:05:01 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2010/12/22 11:04:51 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2010/12/22 11:04:40 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2010/12/22 11:02:22 | 000,014,645 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/12/10 11:46:17 | 000,011,005 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/12/10 11:46:02 | 000,869,608 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/11/13 18:59:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/08 02:47:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/04 07:11:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/11/03 21:21:55 | 000,000,940 | ---- | C] () -- C:\Users\Marzi Wolfen\AppData\Roaming\wklnhst.dat
[2010/11/02 02:22:43 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/11/01 03:37:16 | 000,000,613 | ---- | C] () -- C:\Windows\wininit.ini
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:31:49 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\getmacc.exe
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 17:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/26 15:52:27 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\.minecraft
[2011/05/14 13:13:33 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Ableton
[2011/10/27 17:48:26 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\AtomZombieData
[2011/07/18 02:29:24 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Beat Hazard
[2011/10/19 01:41:47 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\calibre
[2011/07/23 09:55:14 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Chan Thread Watch
[2011/02/02 00:15:06 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\CreeperWorld
[2011/03/01 02:38:26 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1
[2011/10/07 07:44:59 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\CreeperWorld2
[2011/06/13 19:47:32 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2011/07/06 04:44:13 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\CrystalApp
[2011/07/06 04:43:49 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\CrystalSpace
[2010/11/01 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\DAEMON Tools Lite
[2011/07/28 05:03:56 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Day 1 Studios
[2011/06/01 19:03:50 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\dBpoweramp
[2011/03/14 18:58:07 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Dropbox
[2011/08/31 21:38:13 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Gatling Gears
[2011/01/22 15:14:22 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\GetRightToGo
[2011/08/11 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\gtk-2.0
[2011/05/13 01:03:53 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Guitar Pro 6
[2011/06/22 00:31:30 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Helios
[2011/07/02 16:55:58 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Hi-Rez Studios
[2011/08/01 07:29:43 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Hive Cluster
[2011/06/30 21:34:39 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\IMVU
[2011/06/30 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\IMVUClient
[2011/06/02 13:11:45 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\InfraRecorder
[2011/06/17 19:00:54 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Kalypso Media
[2011/07/23 21:12:43 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Key Metric Software
[2011/10/21 15:50:12 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Leadertech
[2011/04/09 11:56:01 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\LolClient
[2010/12/01 13:38:39 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\ManyCam
[2011/06/08 02:55:54 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\MinMaxGames
[2011/03/09 08:44:00 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\nerxy
[2011/07/09 18:21:18 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Nitroplus
[2011/02/06 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Notepad++
[2011/07/21 18:46:23 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Obsidium
[2011/08/02 02:52:39 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Opera
[2011/07/06 05:33:10 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\PlaneShift
[2011/10/05 17:00:34 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Prism
[2011/06/04 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Rainmeter
[2011/09/26 03:55:26 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\RenPy
[2011/02/06 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\runic games
[2011/10/12 07:30:36 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\savedata
[2011/08/17 11:23:48 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\ShanghaiAlice
[2010/12/02 05:34:16 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Stardock
[2011/02/25 19:07:07 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\System
[2011/09/01 08:04:50 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\SystemRequirementsLab
[2010/10/27 20:45:22 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Template
[2011/02/28 07:29:18 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Thinstall
[2010/11/09 00:38:41 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\TuneUp Software
[2010/11/13 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\TuneUpMedia
[2011/01/09 13:39:28 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\UDP Software
[2011/03/31 23:55:45 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Unity
[2011/10/30 16:14:42 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\uTorrent
[2011/07/09 07:06:40 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Valusoft
[2011/03/29 02:40:02 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\Vivox
[2011/10/13 22:46:45 | 000,000,000 | ---D | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\wargaming.net
[2011/05/13 12:27:09 | 000,000,000 | -HSD | M] -- C:\Users\Marzi Wolfen\AppData\Roaming\wyUpdate AU
[2011/10/30 05:41:02 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/10/28 16:30:59 | 000,029,222 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2004/03/10 13:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
[2004/07/01 13:20:20 | 000,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe


< MD5 for: EXPLORER.EXE >
[2009/10/05 22:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\W7SOC\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/10/05 22:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/05 22:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/05 21:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Files - Unicode (All) ==========
[2011/07/25 12:55:58 | 000,000,000 | ---D | M](C:\Users\Marzi Wolfen\Documents\??????) -- C:\Users\Marzi Wolfen\Documents\みなとそふと
[2011/07/25 12:55:58 | 000,000,000 | ---D | C](C:\Users\Marzi Wolfen\Documents\??????) -- C:\Users\Marzi Wolfen\Documents\みなとそふと
(C:\Users\Marzi Wolfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\Marzi Wolfen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\みなとそふと

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Attached Files

  • Attached File  log.txt   25.34KB   55 downloads
  • Attached File  OTL.Txt   129.33KB   51 downloads

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A few more bits to remove, then a sweep for orphans... Are you experiencing any further problems ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

    :Files
    ipconfig /flushdns /c
    c:\windows\SysWOW64\getmacc.exe
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
GeluMarzipan

GeluMarzipan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebytes didn't seem to pick anything up still. Also it took me a bit to re-find the log because I thought I saved it to the desktop, but somehow didn't. I'm just glad I found it in the OTL folder.

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OTL did not take properly could you run it again please and ensure that everything in the box is copied :) Once run can you let me know of any remaining problems please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    c:\windows\SysWOW64\getmacc.exe
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
GeluMarzipan

GeluMarzipan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's just the OTL log.

Edit: And here's the Malwarebytes log. Still doesn't say it detected anything, then again not sure if it's supposed to find something.
EditEdit: Completely forgot to attach the MWB log. > . >

Attached Files


Edited by GeluMarzipan, 01 November 2011 - 08:20 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope it was my intent that it should find nothing :)

How is the computer behaving now ?
  • 0

#9
GeluMarzipan

GeluMarzipan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
It's been behaving like it normally does. There haven't been any warnings popping up about it being denied access. Thanks for the help.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :yes:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP