Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Random name].exe trojan?

Started by Dan Enders , Nov 06 2011 12:05 PM

  • Please log in to reply

#1
Dan Enders
Posted 06 November 2011 - 12:05 PM

Dan Enders

    New Member

  • Member
  • Pip
  • 4 posts
so it started at about 6 pm nov 5th i got a virus alert from avast free version. avast said it moved the virus to chest upon which windows asked if adobe would be allowed to start i said no but it would just pop up again the only thing i could do was a hard shut down after which i checked processes in task manager i found [Random name].exe (before the restart it had a different name)after some searching i found it is located in appdata/local/temp now when i restart my computer it gets renamed but when i log out and log back in theres another [Random name].exe file avast no longer gives me warning but im sure its still there so far i have been unable to remove it or find any reference to it in the registry im pretty sure i got it from a popup add on some site(not sure where i use stumbleupon firefox addon) any help or suggestions would be much appreciated
  • 0

Advertisements

#2
WhiteHat
Posted 06 November 2011 - 12:10 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello Dan Enders and welcome to GeeksToGo :)

I'm GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

Edited by GLeobas, 06 November 2011 - 12:12 PM.

  • 0

#3
Dan Enders
Posted 06 November 2011 - 12:16 PM

Dan Enders

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you for a quick response the only things ive tried is removing the files in appdata/local/temp to no avail and shutting down the process which is currently running again ive done a full system scan with avast as well as a boot time scan with avast the boot time scan picks up one virus but is unable to remove it
  • 0

#4
Dan Enders
Posted 06 November 2011 - 12:57 PM

Dan Enders

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Oh just something extra i noticed the [random name].exe description says Systray .exe stub
noticed its odd cause of the space between systray and .exe
  • 0

#5
WhiteHat
Posted 06 November 2011 - 07:25 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



# Step 2 #


  • Run OTL
  • Copy the lines in red

    /md5start
    userinit.exe
    explorer.exe
    winlogon.exe
    /md5stop
    %appdata%\*.*
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav
  • Back to the program and paste the text in red in the text box "Custom Scan / Fixes"
  • Click on Run Scan button
  • The examination takes a while, be patient.
  • Copy the entire contents of the log OTL.txt and post in your next reply

  • 0

#6
Dan Enders
Posted 07 November 2011 - 10:50 AM

Dan Enders

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
so far so good all went better than expected
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8103

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06/11/2011 7:05:02 PM
mbam-log-2011-11-06 (19-05-02).txt

Scan type: Full scan (C:\|D:\|G:\|)
Objects scanned: 388191
Time elapsed: 1 hour(s), 0 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Dale\AppData\Local\Temp\msimg32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAx.Info (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAx.Info.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AWF7W0A6DLVMEB (Trojan.Spyeyes) -> Value: 4Y3Y0C3AWF7W0A6DLVMEB -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service Communications (Backdoor.Agent) -> Value: Windows Service Communications -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.HotBar) -> Value: [email protected] -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Dale\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.363.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.363.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.363.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.363.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Dale\AppData\Local\Temp\msimg32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\zoo digital publishing\Psi Ops\asx-po.fix.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\Dale\AppData\Local\Temp\~!#2331.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dale\Desktop\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
c:\Users\Dale\Desktop\terraria.v1.0.6.1.cracked-theta\nfoviewer.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\Users\Dale\downloads\ilividsetupv1.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
d:\program files (x86)\volition inc\red faction guerrilla\red faction guerrilla v1.0.0.1 + 10 trainer.exe (HackTool.GamesCheat) -> Quarantined and deleted successfully.
d:\U#DRIVE\USBHACK\WIP\CMD\netpass.exe (PUP.NetworkPasswordTool) -> Quarantined and deleted successfully.
d:\U#DRIVE\USBHACK\WIP\CMD\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
c:\Users\Dale\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\Recycle.Bin\b6232f3ad5d.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Recycle.Bin\9b9ab8ef10a23e1 (Trojan.Spyeyes) -> Quarantined and deleted successfully.




and the OTL results
------------------------
OTL logfile created on: 11/7/2011 8:23:54 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dale\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 49.60% Memory free
7.93 Gb Paging File | 5.81 Gb Available in Paging File | 73.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 37.84 Gb Free Space | 19.37% Space Free | Partition Type: NTFS
Drive D: | 182.89 Gb Total Space | 43.00 Gb Free Space | 23.51% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 70.35 Mb Free Space | 70.35% Space Free | Partition Type: NTFS

Computer Name: DALE-PC | User Name: Dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/06 09:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
PRC - [2011/11/06 06:41:22 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/10/18 23:39:30 | 002,962,376 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe
PRC - [2011/10/02 01:53:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/01 09:32:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/03 03:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/01 15:24:36 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/12 11:51:50 | 003,416,576 | ---- | M] (Jumi Technologies) -- C:\Program Files (x86)\Jumi\jumi.exe
PRC - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011/02/14 00:55:08 | 000,586,752 | ---- | M] (App Dynamic) -- C:\Program Files (x86)\Remote HD\Remote Helper\RemoteHelper.exe
PRC - [2011/01/13 00:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/20 14:26:26 | 000,119,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
PRC - [2004/05/25 18:47:44 | 001,757,264 | ---- | M] (None) -- C:\Users\Dale\Desktop\roms\VisualBoyAdvance.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/06 06:41:22 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/11/06 06:41:17 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011/11/06 06:41:17 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/11/06 06:41:17 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/11/06 06:41:17 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/10/12 02:24:11 | 012,067,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\cb875f219b526fe6c21c259e6e4c267e\System.Web.ni.dll
MOD - [2011/10/12 02:23:39 | 001,879,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e4170d99fa426bdf8f689754009f4a23\System.Deployment.ni.dll
MOD - [2011/10/12 02:23:24 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\bf5ca252df4083e6c48dc3e9f3273cf5\System.Xaml.ni.dll
MOD - [2011/10/12 02:09:09 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9565982f271da74fd952906f9b6a88c9\PresentationFramework.ni.dll
MOD - [2011/10/12 02:08:58 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d08e6e917f08ef674373576016969a20\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:08:50 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0d5d26ed41c8fa0c7feb00ef5343299a\PresentationCore.ni.dll
MOD - [2011/10/12 02:08:46 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\05db47b74c512b4929a136101629d042\System.Data.ni.dll
MOD - [2011/10/12 02:08:39 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2807b771372137d41fb8d392a878d0c7\System.Drawing.ni.dll
MOD - [2011/10/12 02:08:38 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a4a330e92cbd3457b3f00ae367a4bc5f\WindowsBase.ni.dll
MOD - [2011/10/12 02:08:32 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\acf4f694ab9c0b1802e83e5cd726812f\System.Core.ni.dll
MOD - [2011/10/12 02:08:29 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1924bdaf130f882ceaf9d7b880602d22\System.Xml.ni.dll
MOD - [2011/10/12 02:08:25 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\096f1b3839e7d6dfe2598941329c08dc\System.Configuration.ni.dll
MOD - [2011/10/12 02:08:21 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f477a17590634925c583632d171e2726\System.ni.dll
MOD - [2011/10/12 02:08:12 | 014,408,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
MOD - [2011/10/02 01:53:41 | 001,015,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/05/12 11:50:20 | 001,991,680 | ---- | M] () -- C:\Program Files (x86)\Jumi\PreloadedProducts.dll
MOD - [2011/02/16 15:56:08 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/14 00:55:08 | 000,023,602 | ---- | M] () -- C:\Program Files (x86)\Remote HD\Remote Helper\natpmp.dll
MOD - [2011/02/14 00:55:06 | 000,037,769 | ---- | M] () -- C:\Program Files (x86)\Remote HD\Remote Helper\miniupnp.dll
MOD - [2011/02/06 10:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/06/04 04:54:24 | 001,236,480 | ---- | M] () -- C:\Program Files (x86)\Jumi\libvorbis.dll
MOD - [2010/06/04 04:54:22 | 000,223,744 | ---- | M] () -- C:\Program Files (x86)\Jumi\libtheora.dll
MOD - [2010/06/04 04:54:22 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Jumi\libogg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/26 08:33:26 | 000,087,040 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2011/01/13 00:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/02/23 06:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/06 06:41:22 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/01 09:32:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/03 03:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/09 12:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2011/02/15 08:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011/02/08 09:30:00 | 004,067,472 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 06:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/11/06 12:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/19 12:08:18 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/05/10 01:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/05 21:02:12 | 000,070,952 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RAMDiskVE.sys -- (RAMDiskVE)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/15 08:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/13 00:41:44 | 000,273,488 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/01/13 00:40:20 | 000,051,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/01/13 00:37:34 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/01/13 00:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/01/13 00:37:12 | 000,020,560 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/06/03 07:07:18 | 000,015,160 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)
DRV:64bit: - [2010/05/20 14:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/09/15 12:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011/10/18 23:39:36 | 000,029,400 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\AntiLogger\AntiLog64.sys -- (AntiLog32)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 19:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14196
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 88 A1 68 2C CE CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название компании>)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Conduit Engine Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.66.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.4
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.8
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dale\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/17 23:11:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/02 01:53:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/06 00:35:40 | 000,000,000 | ---D | M]

[2011/02/16 15:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Extensions
[2011/11/07 00:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions
[2011/07/22 17:40:09 | 000,000,000 | ---D | M] (FacebookJS) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
[2011/08/09 02:34:24 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2011/07/15 15:10:31 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/08/12 19:45:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/09 02:35:38 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/10/03 18:55:43 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\[email protected]
[2011/08/09 02:34:24 | 000,000,000 | ---D | M] (SQL Inject Me) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\[email protected]
[2011/08/13 23:31:48 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\[email protected]
[2011/08/09 02:34:23 | 000,000,000 | ---D | M] (XSS Me) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\[email protected]
[2011/10/11 12:44:35 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\4zp0umzc.default\extensions\[email protected]
[2011/11/06 00:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/06 13:10:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/17 23:11:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/10/06 13:10:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2002/11/20 11:00:36 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPHapPlugin411.dll

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: HBLite Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
CHR - plugin: Haptek Netscape Plugin support (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPHapPlugin411.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dale\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название компании>)
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\Dale\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe (Jumi Technologies)
O4 - HKCU..\Run: [Pinnacle Game Profiler] C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe (PowerUp Software, LLC)
O4 - HKCU..\Run: [RemoteHelper] C:\Program Files (x86)\Remote HD\Remote Helper\RemoteHelper.exe (App Dynamic)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Facebook - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll (TODO: <Company name>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4390B060-71D3-43D8-9D6A-085C3CA88B3F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A33DE40A-E4AF-418F-97F1-A6628DE20420}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{11e1aea9-5fb6-11e0-8065-00247e9cac85}\Shell - "" = AutoRun
O33 - MountPoints2\{11e1aea9-5fb6-11e0-8065-00247e9cac85}\Shell\AutoRun\command - "" = H:\PcOptions.exe
O33 - MountPoints2\{16531659-85ef-11e0-afba-00247e9cac85}\Shell - "" = AutoRun
O33 - MountPoints2\{16531659-85ef-11e0-afba-00247e9cac85}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{3585f6b8-656c-11e0-b3f2-00247e9cac85}\Shell - "" = AutoRun
O33 - MountPoints2\{3585f6b8-656c-11e0-b3f2-00247e9cac85}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 08:25:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/06 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{8DC9D879-B4D7-4DD5-9DFE-7465D8AE59D4}
[2011/11/06 20:38:09 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{C152EFC2-3BA0-4166-9871-562B146E678A}
[2011/11/06 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{5F7366DD-59E8-4ACC-9E58-6B1C82B22740}
[2011/11/06 19:09:23 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{592683E0-7B7A-4970-9F4D-617A167E6B77}
[2011/11/06 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Malwarebytes
[2011/11/06 18:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/06 18:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/06 18:00:51 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/06 18:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/06 09:54:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
[2011/11/06 09:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/06 09:41:09 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/06 09:33:12 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{81662E72-AF60-4C13-9DEA-D33EBD2EC4C9}
[2011/11/06 09:32:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{25E80F83-5006-49DE-8387-20EB56CE5F94}
[2011/11/06 09:05:08 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{F63C2615-9E33-49CB-9A45-B8EDEB87FC6F}
[2011/11/06 09:04:47 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{2B4A8AAE-64E5-47E2-BA72-0205745274C0}
[2011/11/06 08:55:34 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{3A7E9B82-95FC-4FBB-8737-E202377CD9B6}
[2011/11/06 08:55:19 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{548275B8-BEEB-48DB-B04D-DCEA808B39A7}
[2011/11/06 06:41:47 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{49E6ED5C-870A-4EAD-A2C1-9A5A164F4393}
[2011/11/06 06:41:34 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{7177D876-B9BC-43D0-A5D1-3680A1376954}
[2011/11/05 23:51:38 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{F6C9DDD9-E4B6-47BC-973E-DFD04E36F778}
[2011/11/05 22:46:00 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jaadu
[2011/11/05 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jugaari
[2011/11/05 22:21:19 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\RemoteHelper
[2011/11/05 22:20:19 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Remote HD
[2011/11/05 22:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remote HD
[2011/11/05 19:27:37 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{C0A8B56D-3B7E-4ECB-9F0F-351FA7B7BC48}
[2011/11/05 19:27:08 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{550E64B0-4394-401F-9634-A4BBD45B1E28}
[2011/11/05 15:22:38 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{DCABE2CC-049D-4169-8C66-B8D9C92D4C12}
[2011/11/04 12:46:33 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{5EEB8B24-CD28-4CB9-AFD5-5577916F9E0A}
[2011/11/04 12:46:07 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{7DCB0069-64C8-440B-AAC7-AC2ED8B152A5}
[2011/11/04 00:13:58 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria
[2011/11/04 00:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Terraria
[2011/11/04 00:13:26 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\Terraria.v1.0.6.1.cracked-THETA
[2011/11/03 23:12:54 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\Terraria 1.0.6
[2011/11/02 16:02:35 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{4C841F3A-FC01-479E-BEA0-CB6BBF860BD2}
[2011/11/02 16:02:13 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{00B312EA-1FD6-4C75-9A07-7F96FD14E0E2}
[2011/11/01 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\roms
[2011/11/01 17:36:53 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{BC0D50F6-3164-4853-915A-A373A650FD16}
[2011/11/01 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{9D7CA8B9-887B-464E-85F6-49E7F11EEA07}
[2011/11/01 16:31:09 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TibEd
[2011/11/01 16:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TibEd
[2011/10/31 21:45:57 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{491D943E-2F95-405E-B6C8-6EB2FF2423E2}
[2011/10/31 21:45:33 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{6193F719-E4AA-4F93-913D-F99A454EF4E4}
[2011/10/31 13:31:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{20CA92E8-F033-46A2-86C2-AE37F511310F}
[2011/10/31 13:30:41 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{DAA78684-69C1-4445-8FB6-AA501B72A833}
[2011/10/31 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{79C4E047-2C71-46EA-A9C4-78A970824AEF}
[2011/10/31 09:59:50 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{10038B4C-0018-4B3F-9DD0-39C0D199FF0F}
[2011/10/30 17:13:15 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{936E0232-4F57-4BB2-9F2A-6F2F3DDC6799}
[2011/10/30 17:09:13 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{2001F136-3E42-4F00-BBB4-E1B68750CA72}
[2011/10/28 23:06:45 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\Project Zomboid
[2011/10/28 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2011/10/25 21:17:49 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{83772F5D-F2DF-45E9-A841-A19B8DC76C31}
[2011/10/25 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{69F3402C-BCA4-4106-A82D-4E5C19B053EC}
[2011/10/24 18:20:14 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{4137AC16-E64A-4DC6-B16B-8859BC9C5CF1}
[2011/10/24 18:19:50 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{F0F9C4F2-BFF4-4AA4-907E-8EF8C18CE91D}
[2011/10/24 17:25:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74C839EA-2796-4223-8C11-81A29F465536}
[2011/10/24 17:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
[2011/10/24 17:19:12 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{876A3A32-9EDC-44B5-9E51-37E0CEA6D6BD}
[2011/10/24 17:18:57 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{AF1F60D0-325F-46E2-BB05-ACC94C3EEDB3}
[2011/10/24 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{67F4C038-DFC3-4655-BC10-274A4E7E4D96}
[2011/10/23 10:19:36 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{DE761F1F-163B-47F9-991D-D35376285535}
[2011/10/23 10:19:13 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{D547A3C2-489A-47D1-8376-3631C9AD67E5}
[2011/10/22 02:33:48 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{8379CF2A-0409-48B9-A60F-6A2C3CC3FE94}
[2011/10/22 02:33:26 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{1B291D36-5C6A-460E-A078-F7D956D63F6E}
[2011/10/22 02:17:58 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\ArmA 2 Other Profiles
[2011/10/20 21:32:05 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{324E3DB7-9BA6-4EB5-BC86-40BF2ED0451F}
[2011/10/20 21:31:43 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{0AB0074D-A5B8-4E18-A171-F3CA968B9AB0}
[2011/10/20 21:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2011/10/20 21:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/10/20 21:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/10/20 21:19:19 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{81C98CA1-69B3-4241-85F1-84B05094B1ED}
[2011/10/20 21:18:58 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{27342C2A-FBA2-4C98-93E5-A11B731F3680}
[2011/10/20 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\ArmA 2
[2011/10/20 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\ArmA 2 Free
[2011/10/20 17:18:44 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/10/20 17:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2011/10/20 17:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2011/10/20 02:23:47 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{6CE3FE05-2DB9-4D65-81C2-5BEDA13BC192}
[2011/10/20 02:23:25 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{F11718F0-AB52-426B-B29C-5B0DCDB8A804}
[2011/10/20 02:22:33 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\PowerUp Software
[2011/10/20 02:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PowerUp Software
[2011/10/20 02:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
[2011/10/20 02:15:31 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2011/10/20 02:15:30 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dx7vb.dll
[2011/10/20 02:15:30 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2011/10/20 02:15:30 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2011/10/20 02:15:30 | 000,094,208 | R-S- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2011/10/20 02:15:30 | 000,091,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsofile.dll
[2011/10/20 02:15:30 | 000,045,056 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\NTSVC.ocx
[2011/10/20 02:15:30 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2011/10/20 02:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerUp Software
[2011/10/19 23:32:23 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{C5706B98-3E54-4E04-BD1B-AAD89F6902A2}
[2011/10/19 23:31:59 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{08264ED4-AE01-4BBB-A367-86E389CDDCA3}
[2011/10/19 09:07:07 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{4F8189DB-717E-4E58-8E25-8DDFE3630018}
[2011/10/19 09:06:44 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{821D7153-121E-440E-B940-5B7A2AC0B104}
[2011/10/19 07:49:27 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{54693A5B-9C7A-4711-9A13-B9DF49E06884}
[2011/10/19 07:49:15 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{8564C22C-6C26-450A-B2BF-592C53C70AA4}
[2011/10/18 22:47:16 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{FD1F303D-8E44-4CEB-8BA0-4CFE8AFFB50E}
[2011/10/18 22:47:02 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{4EB2D067-FFAA-4FC4-872A-FF2AB736FF92}
[2011/10/18 22:00:58 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\workshitz
[2011/10/18 21:56:45 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
[2011/10/18 21:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinuxLive USB Creator
[2011/10/18 16:04:39 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{4906FD33-A392-4C04-B453-91A726EF4975}
[2011/10/18 16:04:15 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{DE1272CF-9A6A-4ACB-8FCD-665BA2443DCE}
[2011/10/18 00:17:22 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\LazyNewbPack[0.31.25][V9.2]
[2011/10/17 23:13:38 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\DDMSettings
[2011/10/17 20:55:40 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Sammsoft
[2011/10/16 10:56:09 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{A32AE5FB-6060-41CE-8B79-6CF669881392}
[2011/10/16 10:55:45 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{E4C54593-CB32-4321-86F9-2214E693EB38}
[2011/10/16 10:37:12 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Kalypso Media
[2011/10/16 10:31:04 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/10/16 10:31:04 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/10/16 10:31:04 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/10/16 10:31:04 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/10/16 10:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/10/16 10:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2011/10/16 10:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elements of War
[2011/10/15 17:07:23 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{F4484C01-BB49-45B4-97F1-53E90BF94A71}
[2011/10/15 17:07:12 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{28BAFF5F-6C80-4F59-84DA-E6B9E6B5D0E5}
[2011/10/15 15:45:55 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\Square Enix
[2011/10/14 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\Dale\Documents\Rainmeter
[2011/10/14 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Rainmeter
[2011/10/14 11:18:25 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rainmeter
[2011/10/14 11:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2011/10/14 11:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2011/10/14 11:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2011/10/14 01:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/13 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey
[2011/10/13 19:12:51 | 000,000,000 | ---D | C] -- C:\Prey
[2011/10/13 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{0E394F34-323D-4D2A-AFA6-3F02D44F1893}
[2011/10/13 17:29:06 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{C8229553-B102-4A82-9B71-02A020BB986D}
[2011/10/13 17:08:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/11 23:23:23 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{8CFE3CDB-FB02-4C62-BDDF-DD7F80A46B24}
[2011/10/11 23:22:48 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{F136D41F-D6D8-41F9-BF8D-8D8443A2DB0E}
[2011/10/11 18:28:12 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{67F8D148-7582-46DA-B2B7-8AA6437C6C1F}
[2011/10/11 18:26:35 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{CC533AF7-C095-40CF-B5C4-8DA09B991433}
[2011/10/11 15:41:12 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\Cranium
[2011/10/11 15:40:31 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\Cranium_Consulting_and_Cu
[2011/10/11 15:39:50 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneBrowser
[2011/10/11 15:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhoneBrowser
[2011/10/11 11:43:21 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/11 11:43:20 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/11 11:43:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/11 11:43:19 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/10/11 11:43:17 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/11 11:43:17 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/11 11:43:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/11 11:43:15 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/10/11 11:43:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/11 11:43:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/11 11:43:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/11 11:43:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/10/11 11:43:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/11 11:43:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/11 11:43:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/10/11 11:38:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/11 11:38:51 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/11 11:38:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/11 11:38:50 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/11 11:38:50 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/10/11 11:38:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/10/11 11:38:49 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/10/11 11:38:49 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/10/11 11:38:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/11 11:38:48 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/11 11:38:44 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/11 11:38:43 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/10 10:29:14 | 000,000,000 | ---D | C] -- C:\Users\Dale\Desktop\world
[2011/10/09 18:37:41 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{71631C7A-0D82-471E-BFA9-9C10FF9059D2}
[2011/10/09 18:36:29 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{3F90C9B5-F92B-4A22-9E00-F6A761D11359}
[2011/10/08 11:23:42 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{03FB9418-BE68-43D7-9193-78A5A942CC9F}
[2011/10/08 11:23:26 | 000,000,000 | ---D | C] -- C:\Users\Dale\AppData\Local\{EF0E5F76-56A7-4693-8224-3CB6D64EE380}

========== Files - Modified Within 30 Days ==========

[2011/11/07 08:25:07 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/07 08:17:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 08:10:27 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2011/11/07 00:17:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/06 22:30:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/06 20:44:41 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 20:44:41 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 20:42:43 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/06 20:42:43 | 000,664,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/06 20:42:43 | 000,125,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/06 20:37:31 | 000,002,541 | ---- | M] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/06 20:36:08 | 3195,424,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 19:06:21 | 262,144,000 | ---- | M] () -- C:\RAMDisk.img
[2011/11/06 18:00:55 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 09:54:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dale\Desktop\OTL.exe
[2011/11/06 09:41:09 | 000,002,971 | ---- | M] () -- C:\Users\Dale\Desktop\HiJackThis.lnk
[2011/11/06 02:41:49 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2011/11/05 22:21:14 | 000,000,600 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\winscp.rnd
[2011/11/05 14:33:20 | 004,373,892 | ---- | M] () -- C:\Users\Dale\Desktop\kernelcache.release.n72
[2011/11/05 14:32:52 | 000,100,676 | ---- | M] () -- C:\Users\Dale\Desktop\iBSS.n72ap
[2011/11/04 00:13:58 | 000,001,007 | ---- | M] () -- C:\Users\Dale\Desktop\Terraria.lnk
[2011/11/01 16:31:17 | 000,000,949 | ---- | M] () -- C:\Users\Dale\Desktop\TibEd.lnk
[2011/10/31 21:00:01 | 000,000,987 | ---- | M] () -- C:\Users\Dale\Desktop\magicJack.lnk
[2011/10/31 09:52:52 | 262,144,000 | ---- | M] () -- C:\RAMDisk.img.bak
[2011/10/31 03:18:58 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/28 23:06:55 | 000,001,602 | ---- | M] () -- C:\Users\Dale\Desktop\Project Zomboid.lnk
[2011/10/24 17:25:02 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiLogger.lnk
[2011/10/20 21:27:33 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/10/20 21:27:33 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011/10/20 17:19:15 | 000,001,279 | ---- | M] () -- C:\Users\Dale\Desktop\Launch ARMA 2 Free.lnk
[2011/10/20 02:15:44 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2011/10/17 23:11:23 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/10/17 23:11:23 | 000,001,607 | ---- | M] () -- C:\Users\Dale\Desktop\DivX Movies.lnk
[2011/10/17 23:10:52 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/10/16 21:18:30 | 005,760,054 | ---- | M] () -- C:\Users\Dale\Desktop\background mod 1.bmp
[2011/10/16 21:18:16 | 005,760,054 | ---- | M] () -- C:\Users\Dale\Desktop\Desktop Background.bmp
[2011/10/16 20:49:48 | 000,009,259 | ---- | M] () -- C:\Users\Dale\Desktop\base_1134914207.jpg
[2011/10/16 10:31:04 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/10/16 10:31:04 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/10/16 10:31:04 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/10/16 10:31:04 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/10/16 10:26:54 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Elements of War.lnk
[2011/10/15 00:43:17 | 000,002,268 | ---- | M] () -- C:\Users\Dale\Documents\mcedit.ini
[2011/10/14 11:18:25 | 000,001,730 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2011/10/14 01:14:58 | 000,042,770 | ---- | M] () -- C:\Users\Dale\Desktop\197172_10150098824636615_700781614_6848720_3357568_n.jpg
[2011/10/13 17:11:53 | 000,270,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/11 22:58:14 | 000,101,426 | ---- | M] () -- C:\Users\Dale\Documents\Document 2.rns
[2011/10/11 09:54:50 | 363,553,480 | R--- | M] () -- C:\Users\Dale\Desktop\iPod2,1_4.2.1_8C148_Restore.ipsw

========== Files Created - No Company Name ==========

[2011/11/06 18:00:55 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 09:41:09 | 000,002,971 | ---- | C] () -- C:\Users\Dale\Desktop\HiJackThis.lnk
[2011/11/04 00:13:58 | 000,001,007 | ---- | C] () -- C:\Users\Dale\Desktop\Terraria.lnk
[2011/11/01 16:31:17 | 000,000,949 | ---- | C] () -- C:\Users\Dale\Desktop\TibEd.lnk
[2011/10/28 23:02:55 | 000,001,602 | ---- | C] () -- C:\Users\Dale\Desktop\Project Zomboid.lnk
[2011/10/20 21:27:33 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/10/20 21:27:33 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011/10/20 17:19:15 | 000,001,279 | ---- | C] () -- C:\Users\Dale\Desktop\Launch ARMA 2 Free.lnk
[2011/10/20 02:15:44 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Game Profiler.lnk
[2011/10/20 02:15:29 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2011/10/20 02:15:29 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2011/10/20 02:15:29 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2011/10/17 23:10:52 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/10/16 21:18:29 | 005,760,054 | ---- | C] () -- C:\Users\Dale\Desktop\background mod 1.bmp
[2011/10/16 20:49:46 | 000,009,259 | ---- | C] () -- C:\Users\Dale\Desktop\base_1134914207.jpg
[2011/10/16 20:44:06 | 005,760,054 | ---- | C] () -- C:\Users\Dale\Desktop\Desktop Background.bmp
[2011/10/16 10:26:54 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Elements of War.lnk
[2011/10/14 11:18:25 | 000,001,730 | ---- | C] () -- C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2011/10/14 01:58:44 | 000,002,541 | ---- | C] () -- C:\Users\Dale\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/14 01:58:44 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/14 01:15:12 | 000,042,770 | ---- | C] () -- C:\Users\Dale\Desktop\197172_10150098824636615_700781614_6848720_3357568_n.jpg
[2011/10/13 19:15:01 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2011/10/11 22:58:12 | 000,101,426 | ---- | C] () -- C:\Users\Dale\Documents\Document 2.rns
[2011/10/11 11:14:56 | 004,373,892 | ---- | C] () -- C:\Users\Dale\Desktop\kernelcache.release.n72
[2011/10/11 11:14:39 | 000,100,676 | ---- | C] () -- C:\Users\Dale\Desktop\iBSS.n72ap
[2011/10/11 10:47:50 | 363,553,480 | R--- | C] () -- C:\Users\Dale\Desktop\iPod2,1_4.2.1_8C148_Restore.ipsw
[2011/10/11 10:44:36 | 005,298,620 | ---- | C] () -- C:\Users\Dale\Desktop\greenpois0n.exe
[2011/09/23 21:03:08 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/09/23 21:03:08 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/08/14 01:29:29 | 000,000,041 | ---- | C] () -- C:\Windows\lz_tcm.ini
[2011/08/13 02:35:27 | 000,000,096 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/08/12 15:25:51 | 000,000,600 | ---- | C] () -- C:\Users\Dale\AppData\Roaming\winscp.rnd
[2011/07/20 19:38:44 | 000,003,584 | ---- | C] () -- C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 04:01:17 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/27 04:01:17 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/20 00:29:20 | 000,000,013 | ---- | C] () -- C:\Users\Dale\AppData\Roaming\Update.cfg
[2011/05/04 07:15:27 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/09 15:30:00 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/09 15:29:55 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/17 11:24:58 | 000,765,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/20 13:51:10 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\kcpp.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/01/10 05:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\SysWow64\SSCProt.dll

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 22:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 21:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 21:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 22:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %appdata%\*.* >
[2011/05/20 00:29:20 | 000,000,013 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\Update.cfg
[2011/11/05 22:21:14 | 000,000,600 | ---- | M] () -- C:\Users\Dale\AppData\Roaming\winscp.rnd

< %SYSTEMDRIVE%\*.* >
[2010/03/16 16:34:35 | 000,000,555 | ---- | M] () -- C:\BnetLog.txt
[2011/11/06 20:36:08 | 3195,424,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 22:14:29 | 000,063,030 | ---- | M] () -- C:\Jumi.Log
[2011/06/06 22:46:48 | 000,015,166 | -H-- | M] () -- C:\Jumi.Log.Run
[2011/11/06 20:36:09 | 4260,569,088 | -HS- | M] () -- C:\pagefile.sys
[2011/11/06 19:06:21 | 262,144,000 | ---- | M] () -- C:\RAMDisk.img
[2011/10/31 09:52:52 | 262,144,000 | ---- | M] () -- C:\RAMDisk.img.bak
[2011/08/13 02:16:17 | 000,000,000 | ---- | M] () -- C:\saftey.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17

< End of report >
  • 0

#7
WhiteHat
Posted 08 November 2011 - 06:19 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • Ask.com
  • Conduit Engine or Conduit Toolbar
  • uTorrent toolbar
  • MinibarBHO or Minibar

# Step 2 #

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14196
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Conduit Engine Customized Web Search"
FF - prefs.js..browser.search.defaulturl:  "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (MrFroggy Class) - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} -  C:\Program Files (x86)\Minibar\Froggy.dll (TODO: <название  компании>)
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll (KangoExtensions)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}  - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) -  {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files  (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) -  {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files  (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) -  {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files  (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)


:Commands
[purity]
[resethosts]
[EMPTYTEMP]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP