Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win 7 Security 2012 Virus Removal [Closed]


  • This topic is locked This topic is locked

#1
Dragonkitteh

Dragonkitteh

    New Member

  • Member
  • Pip
  • 8 posts
Hello, I recently had my computer cleaned from the "Privacy Protector" malware, and now, about a week or so later, this virus "Win 7 Security 2012" closes my Firefox, and starts scanning. It's obviously fake, but the tricky part is that It won't allow me to open almost any program, even in safe mode. It seems that even in safe mode it pops up and tries to scan and closes all of my programs. My Malwarebytes and my Combofix trials have expired, and when I try to reinstall with a new key, "Win 7 Security 2012" immediately closes it. I notice in the task manager that whenever I try to run a program, a program called "obf.exe" immediately starts (as i can see in the processes of the task manager) and closes my program. The only thing I was able to run in safe mode was OTL, and here is my log. I really hope you can help, this is getting very frustrating! :(

OTL logfile created on: 11/28/2011 3:28:41 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nils\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 7.28 Gb Available Physical Memory | 91.35% Memory free
15.93 Gb Paging File | 15.26 Gb Available in Paging File | 95.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.85 Gb Total Space | 520.31 Gb Free Space | 56.38% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.63% Space Free | Partition Type: FAT32

Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/28 15:01:09 | 000,331,264 | ---- | M] () -- C:\Users\Nils\AppData\Local\obf.exe
PRC - [2011/11/10 16:05:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/28 15:01:09 | 000,331,264 | ---- | M] () -- C:\Users\Nils\AppData\Local\obf.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 06:46:50 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/02/11 00:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/09/29 12:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/09/27 06:52:38 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/27 06:46:44 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/06 15:32:58 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 15:32:52 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 00:31:32 | 000,146,680 | ---- | M] (Sase Sham, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch)
SRV - [2011/01/11 18:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/07/06 10:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/02 12:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/06 15:33:18 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 11:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/11 18:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/01/11 18:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/07/09 23:28:06 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/15 06:45:28 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/02/11 02:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/24 00:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S7500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/29 12:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 12:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 11:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2011/01/11 18:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/11/29 18:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111001
IE - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111001&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/23 22:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 20:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/23 22:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/28 22:29:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 20:45:57 | 000,000,000 | ---D | M]

[2010/07/09 08:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Extensions
[2011/11/24 20:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions
[2010/11/01 07:47:37 | 000,000,000 | ---D | M] (Tip.It MicroHelper) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{1d7ecda9-3b7e-4934-a2a1-f65f372068c1}
[2011/11/24 20:02:33 | 000,000,000 | ---D | M] (RuneScape Community Toolbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2010/07/09 08:58:06 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011/09/30 20:30:27 | 000,001,945 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\bing-zugo.xml
[2010/06/08 10:28:50 | 000,000,929 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\conduit.xml
[2010/11/18 08:55:43 | 000,002,059 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\daemon-search.xml
[2011/11/20 18:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D5QRQNKD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: DAEMON Search ()
CHR - default_search_provider: search_url = http://www.daemon-se...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - Extension: Babylon Chrome OCR = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: DivX HiQ = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/11/10 17:01:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MiniEvony Toolbar) - {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (MiniEvony Toolbar) - {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\..\Toolbar\WebBrowser: (MiniEvony Toolbar) - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001..\Run: [2987775566] C:\Users\Nils\AppData\Local\obf.exe ()
O4 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001..\Run: [MurGee.com Auto Keyboard] C:\Program Files (x86)\Auto Keyboard\AutoKeyboard.exe (MurGee.com)
O4 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001..\Run: [Spyware Doctor with AntiVirus] C:\Users\Nils\Desktop\sdasetup_revwire207.exe ()
O4 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Nils2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3C8DAD2-13FE-4C8F-9CAA-935D5897EBE5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001..exefile [open] -- "C:\Users\Nils\AppData\Local\obf.exe" -a "%1" %* ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\...exe [@ = exefile] -- "C:\Users\Nils\AppData\Local\obf.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 15:27:33 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\setup.exe
[2011/11/28 15:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/25 19:47:18 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\SKIDROW
[2011/11/25 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\My Games
[2011/11/25 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2011/11/25 10:59:37 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\Sid Meiers Civilization V-SKIDROW
[2011/11/24 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\saves
[2011/11/24 00:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/23 19:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/23 19:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/23 19:39:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/11/23 19:39:47 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\explorer.exe.exe
[2011/11/23 13:09:45 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\SmitfraudFix
[2011/11/20 18:12:12 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\Conduit
[2011/11/20 18:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniEvony
[2011/11/18 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\mcnostalgia
[2011/11/18 12:08:26 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\November 18
[2011/11/13 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\app
[2011/11/13 17:11:08 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\AnkamaCertificates
[2011/11/13 16:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dofus 2
[2011/11/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dofus 2
[2011/11/12 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\Skyrim
[2011/11/12 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\My Games
[2011/11/12 13:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/12 13:00:01 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/11/12 13:00:01 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/11/12 13:00:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/11/12 13:00:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/11/12 13:00:01 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/11/12 13:00:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/11/12 13:00:01 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/11/12 13:00:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/11/12 13:00:00 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/11/12 13:00:00 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/11/12 13:00:00 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/11/12 12:59:59 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/11/12 12:59:59 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/11/12 12:59:59 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/11/12 12:59:59 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/11/12 12:59:58 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/11/12 12:59:58 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/11/12 12:59:57 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/11/12 12:59:57 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/11/12 12:59:57 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/11/12 12:59:57 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011/11/12 12:59:57 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/11/12 12:59:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011/11/12 12:59:56 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/11/12 12:59:56 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/11/12 12:59:55 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/11/12 12:59:55 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/11/12 12:59:55 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/11/12 12:59:55 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/11/12 12:59:55 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/11/12 12:59:55 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/11/12 12:59:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/11/12 12:59:54 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/11/12 12:59:54 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/11/12 12:59:54 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/11/12 12:59:54 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/11/12 12:59:53 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/11/12 12:59:53 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/11/12 12:59:53 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/11/12 12:59:53 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/11/12 12:59:53 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/11/12 12:59:53 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/11/12 12:59:53 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/11/12 12:59:53 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/11/12 12:59:53 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/11/12 12:59:53 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/11/12 12:59:52 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/11/12 12:59:52 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/11/12 12:59:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/11/12 12:59:52 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/11/12 12:59:52 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/11/12 12:59:52 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/11/12 12:59:51 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/11/12 12:59:51 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/11/12 12:59:51 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/11/12 12:59:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/11/12 12:59:50 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/11/12 12:59:50 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/11/12 12:59:49 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/11/12 12:59:49 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/11/12 12:59:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/11/12 12:59:49 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/11/12 12:59:49 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/11/12 12:59:49 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/11/12 12:59:49 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/11/12 12:59:49 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/11/12 12:59:48 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/11/12 12:59:48 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/11/12 12:59:48 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/11/12 12:59:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/11/12 12:59:47 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/11/12 12:59:47 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/11/12 12:59:47 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/11/12 12:59:47 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/11/12 12:59:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/11/12 12:59:47 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/11/12 12:59:46 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/11/12 12:59:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/11/12 12:59:46 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/11/12 12:59:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/11/12 12:59:46 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/11/12 12:59:46 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/11/12 12:59:45 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/11/12 12:59:45 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/11/12 12:59:45 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/11/12 12:59:45 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/11/12 12:59:44 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/11/12 12:59:44 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/11/12 12:59:44 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/11/12 12:59:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/11/12 12:59:43 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/11/12 12:59:43 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/11/12 12:59:43 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/11/12 12:59:43 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/11/12 12:59:42 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/11/12 12:59:42 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/11/12 12:59:42 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/11/12 12:59:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/11/12 12:59:40 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/11/12 12:59:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/11/12 12:59:40 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/11/12 12:59:40 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/11/12 12:59:40 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/11/12 12:59:40 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/11/12 12:59:39 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/11/12 12:59:39 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/11/12 12:59:39 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/11/12 12:59:39 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/11/12 12:59:38 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/11/12 12:59:38 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/11/12 12:59:38 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/11/12 12:59:38 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/11/12 12:59:37 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/11/12 12:59:37 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/11/12 12:59:36 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/11/12 12:59:36 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/11/12 12:59:36 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/11/12 12:59:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/11/12 12:59:35 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/11/12 12:59:35 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/11/12 12:59:35 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/11/12 12:59:35 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/11/12 12:59:34 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/11/12 12:59:34 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/11/12 12:59:34 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/11/12 12:59:34 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/11/12 12:59:33 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/11/12 12:59:33 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/11/12 12:59:33 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/11/12 12:59:33 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/11/12 12:59:32 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/11/12 12:59:32 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/11/12 12:59:32 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/11/12 12:59:32 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/11/12 12:59:32 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/11/12 12:59:32 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/11/12 12:59:31 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/11/12 12:59:31 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/11/12 12:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2011/11/12 10:12:37 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\EE5.4
[2011/11/12 10:11:56 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\backup
[2011/11/11 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\The_Elder_Scrolls_V_Skyrim-Razor1911
[2011/11/11 20:59:27 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\tune up utilities 2011
[2011/11/10 21:03:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\1.8.1 mods
[2011/11/10 18:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/11/10 17:36:04 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Malwarebytes
[2011/11/10 17:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/10 17:35:58 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/10 17:28:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe
[2011/11/10 17:01:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/10 16:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/10 16:41:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/07 20:05:00 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit-64bit
[2011/11/07 20:04:59 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\MCEdit-64bit
[2011/11/06 14:49:23 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\technic3
[2011/11/06 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\technic4
[2011/11/05 20:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4chan Image Downloader
[2011/11/05 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4chan Image Downloader
[2011/11/05 16:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Keyboard
[2011/11/05 16:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto Keyboard
[2011/11/05 16:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/11/05 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/11/05 13:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
[2011/11/05 13:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2011/11/04 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2011/11/04 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Downloads
[2011/11/04 21:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Automatic Clicker
[2011/11/04 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Automatic Clicker
[2011/11/04 21:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aarons Cliker
[2011/11/04 21:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AARONS CLIKER
[2011/11/03 19:44:27 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\save
[2011/11/03 19:42:16 | 072,106,372 | ---- | C] ( ) -- C:\Users\Nils\Desktop\iwbtgbeta(fs).exe
[2010/07/10 16:32:17 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/28 15:31:09 | 002,259,214 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/28 15:31:09 | 000,669,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/28 15:31:09 | 000,006,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/28 15:28:33 | 000,008,918 | -HS- | M] () -- C:\Users\Nils\AppData\Local\5n80nt8p31r817
[2011/11/28 15:28:33 | 000,008,918 | -HS- | M] () -- C:\ProgramData\5n80nt8p31r817
[2011/11/28 15:25:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/28 15:24:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 15:24:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 15:22:20 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 15:16:42 | 000,512,992 | ---- | M] () -- C:\Users\Nils\Desktop\sdasetup_revwire207.exe
[2011/11/28 15:06:06 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\setup.exe
[2011/11/28 15:01:09 | 000,331,264 | ---- | M] () -- C:\Users\Nils\AppData\Local\obf.exe
[2011/11/28 14:53:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 12:06:57 | 000,000,008 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_2
[2011/11/25 12:02:17 | 000,000,173 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\D2Info0
[2011/11/25 11:48:51 | 000,000,922 | ---- | M] () -- C:\Users\Nils\Desktop\Sid Meiers Civilization V.lnk
[2011/11/25 11:30:53 | 3329,425,408 | ---- | M] () -- C:\Users\Nils\Documents\sr-civ5.iso
[2011/11/24 16:54:25 | 000,002,239 | ---- | M] () -- C:\Users\Nils\Documents\mcedit.ini
[2011/11/24 00:53:41 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/23 19:40:23 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 19:39:52 | 000,000,624 | ---- | M] () -- C:\Users\Nils\Desktop\ComboFix - Shortcut.lnk
[2011/11/20 20:11:15 | 000,121,284 | ---- | M] () -- C:\Users\Nils\Documents\Skrillex.jpg
[2011/11/20 20:08:51 | 000,092,178 | ---- | M] () -- C:\Users\Nils\Documents\skrillex_graphic_01.jpg
[2011/11/19 14:11:24 | 000,000,008 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_1
[2011/11/13 16:35:42 | 000,001,074 | ---- | M] () -- C:\Users\Nils\Desktop\Dofus 2.lnk
[2011/11/13 11:54:50 | 000,915,942 | ---- | M] () -- C:\Users\Nils\Documents\google.png
[2011/11/13 08:42:48 | 000,457,414 | ---- | M] () -- C:\Users\Nils\Documents\d69a9cf0669c4e44a0439f939b0dd0c9jpg.jpeg
[2011/11/13 08:41:58 | 000,622,954 | ---- | M] () -- C:\Users\Nils\Documents\Cman21_1080p_Hi10_r2074_8091276435.png
[2011/11/12 11:54:44 | 1205,698,559 | ---- | M] () -- C:\Users\Nils\Documents\rzr-skrm.iso
[2011/11/12 03:04:25 | 005,012,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/11 21:01:37 | 000,002,708 | ---- | M] () -- C:\Users\Nils\Documents\rzr-skrm.nfo
[2011/11/10 18:00:44 | 000,002,054 | ---- | M] () -- C:\Users\Nils\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/10 18:00:37 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/10 17:27:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\explorer.exe.exe
[2011/11/10 17:01:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/10 16:05:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe
[2011/11/10 16:00:36 | 000,000,691 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\GetValue.vbs
[2011/11/10 16:00:36 | 000,000,035 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\SetValue.bat
[2011/11/10 15:43:00 | 001,884,866 | ---- | M] () -- C:\Users\Nils\Desktop\SmitfraudFix.exe
[2011/11/09 21:47:21 | 000,001,077 | ---- | M] () -- C:\Users\Nils\Desktop\Documents - Shortcut.lnk
[2011/11/07 20:05:00 | 000,002,097 | ---- | M] () -- C:\Users\Nils\Desktop\MCEdit-64bit.lnk
[2011/11/07 13:12:59 | 000,006,782 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/05 20:17:05 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\4chan Image Downloader.lnk
[2011/11/05 16:44:09 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Auto Keyboard.lnk
[2011/11/05 16:43:06 | 000,001,351 | ---- | M] () -- C:\Users\Nils\Documents\AutoHotkey.ahk
[2011/11/05 15:59:26 | 000,000,129 | ---- | M] () -- C:\Users\Nils\jagex_runescape_preferences2.dat
[2011/11/05 15:57:56 | 000,000,046 | ---- | M] () -- C:\Users\Nils\jagex_runescape_preferences.dat
[2011/11/05 15:57:55 | 000,000,032 | ---- | M] () -- C:\Users\Nils\jagex_cl_runescape_LIVE.dat
[2011/11/05 13:58:27 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2011/11/04 21:09:51 | 000,001,081 | ---- | M] () -- C:\Users\Nils\Desktop\Automatic Clicker.lnk
[2011/11/04 21:09:05 | 000,001,008 | ---- | M] () -- C:\Users\Nils\Desktop\Aarons Cliker.lnk
[2011/11/03 19:43:08 | 072,106,372 | ---- | M] ( ) -- C:\Users\Nils\Desktop\iwbtgbeta(fs).exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/28 15:23:05 | 000,512,992 | ---- | C] () -- C:\Users\Nils\Desktop\sdasetup_revwire207.exe
[2011/11/28 15:01:14 | 000,008,918 | -HS- | C] () -- C:\Users\Nils\AppData\Local\5n80nt8p31r817
[2011/11/28 15:01:14 | 000,008,918 | -HS- | C] () -- C:\ProgramData\5n80nt8p31r817
[2011/11/28 15:01:09 | 000,331,264 | ---- | C] () -- C:\Users\Nils\AppData\Local\obf.exe
[2011/11/25 11:48:50 | 000,000,922 | ---- | C] () -- C:\Users\Nils\Desktop\Sid Meiers Civilization V.lnk
[2011/11/25 10:59:37 | 3329,425,408 | ---- | C] () -- C:\Users\Nils\Documents\sr-civ5.iso
[2011/11/24 14:19:09 | 000,009,808 | ---- | C] () -- C:\Users\Nils\Desktop\TMIUtils.class
[2011/11/24 14:19:09 | 000,007,049 | ---- | C] () -- C:\Users\Nils\Desktop\TMIConfig.class
[2011/11/24 00:53:41 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/23 19:40:23 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 19:39:52 | 000,000,624 | ---- | C] () -- C:\Users\Nils\Desktop\ComboFix - Shortcut.lnk
[2011/11/20 20:11:14 | 000,121,284 | ---- | C] () -- C:\Users\Nils\Documents\Skrillex.jpg
[2011/11/20 20:08:50 | 000,092,178 | ---- | C] () -- C:\Users\Nils\Documents\skrillex_graphic_01.jpg
[2011/11/13 16:35:42 | 000,001,074 | ---- | C] () -- C:\Users\Nils\Desktop\Dofus 2.lnk
[2011/11/13 11:54:50 | 000,915,942 | ---- | C] () -- C:\Users\Nils\Documents\google.png
[2011/11/13 08:42:48 | 000,457,414 | ---- | C] () -- C:\Users\Nils\Documents\d69a9cf0669c4e44a0439f939b0dd0c9jpg.jpeg
[2011/11/13 08:41:56 | 000,622,954 | ---- | C] () -- C:\Users\Nils\Documents\Cman21_1080p_Hi10_r2074_8091276435.png
[2011/11/11 21:01:37 | 000,002,708 | ---- | C] () -- C:\Users\Nils\Documents\rzr-skrm.nfo
[2011/11/11 21:00:31 | 1205,698,559 | ---- | C] () -- C:\Users\Nils\Documents\rzr-skrm.iso
[2011/11/10 15:56:06 | 000,000,691 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\GetValue.vbs
[2011/11/10 15:56:06 | 000,000,035 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\SetValue.bat
[2011/11/10 15:44:35 | 001,884,866 | ---- | C] () -- C:\Users\Nils\Desktop\SmitfraudFix.exe
[2011/11/09 21:47:21 | 000,001,077 | ---- | C] () -- C:\Users\Nils\Desktop\Documents - Shortcut.lnk
[2011/11/07 20:05:00 | 000,002,097 | ---- | C] () -- C:\Users\Nils\Desktop\MCEdit-64bit.lnk
[2011/11/05 20:17:05 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\4chan Image Downloader.lnk
[2011/11/05 16:44:09 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Auto Keyboard.lnk
[2011/11/05 16:43:06 | 000,001,351 | ---- | C] () -- C:\Users\Nils\Documents\AutoHotkey.ahk
[2011/11/05 15:57:55 | 000,000,032 | ---- | C] () -- C:\Users\Nils\jagex_cl_runescape_LIVE.dat
[2011/11/05 13:58:27 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2011/11/04 21:09:51 | 000,001,081 | ---- | C] () -- C:\Users\Nils\Desktop\Automatic Clicker.lnk
[2011/11/04 21:09:05 | 000,001,008 | ---- | C] () -- C:\Users\Nils\Desktop\Aarons Cliker.lnk
[2011/10/13 20:42:29 | 000,200,193 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 20:42:29 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/10/13 20:25:40 | 000,200,314 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:25:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/04/19 21:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/11/02 10:18:42 | 000,006,782 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/23 13:40:47 | 000,000,080 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\RSBot_Accounts.ini
[2010/10/12 16:55:59 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_3
[2010/09/28 14:08:34 | 000,149,196 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/17 19:47:54 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_1
[2010/09/17 19:46:31 | 000,000,173 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\D2Info0
[2010/09/17 19:46:31 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_2
[2010/09/16 15:55:43 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/09/15 15:51:45 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/13 18:01:33 | 000,000,678 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2010/09/01 19:52:52 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/01 19:52:52 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/01 19:52:40 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/01 19:52:40 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/01 19:52:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/01 19:52:40 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2010/09/01 19:52:03 | 000,000,290 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/13 21:10:16 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/13 18:08:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/24 12:45:43 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010/07/24 12:44:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2010/07/24 12:44:03 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010/07/24 12:43:22 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/07/10 18:09:50 | 000,000,165 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\RSBot Accounts.ini
[2010/07/09 09:27:49 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010/06/30 16:38:04 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002/05/13 04:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

< End of report >
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {326E768D-4182-46FD-9C16-1449A49795F4} - No CLSID value found.
    O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
    O4 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001..\Run: [2987775566] C:\Users\Nils\AppData\Local\obf.exe ()
    O35 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001..exefile [open] -- "C:\Users\Nils\AppData\Local\obf.exe" -a "%1" %* ()
    O37 - HKU\S-1-5-21-3905903554-1187458485-2898989122-1001\...exe [@ = exefile] -- "C:\Users\Nils\AppData\Local\obf.exe" -a "%1" %* ()
    [2011/11/28 15:28:33 | 000,008,918 | -HS- | M] () -- C:\Users\Nils\AppData\Local\5n80nt8p31r817
    [2011/11/28 15:28:33 | 000,008,918 | -HS- | M] () -- C:\ProgramData\5n80nt8p31r817
    [2011/11/28 15:01:09 | 000,331,264 | ---- | M] () -- C:\Users\Nils\AppData\Local\obf.exe
    [2011/11/03 19:43:08 | 072,106,372 | ---- | M] ( ) -- C:\Users\Nils\Desktop\iwbtgbeta(fs).exe
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces


Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
Dragonkitteh

Dragonkitteh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the response!
Here is the OTL log:

OTL logfile created on: 11/28/2011 5:02:20 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nils\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.39 Gb Available Physical Memory | 80.20% Memory free
15.93 Gb Paging File | 14.23 Gb Available in Paging File | 89.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.85 Gb Total Space | 521.68 Gb Free Space | 56.53% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.63% Space Free | Partition Type: FAT32

Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/28 15:16:42 | 000,512,992 | ---- | M] () -- C:\Users\Nils\Desktop\sdasetup_revwire207.exe
PRC - [2011/11/10 16:05:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/29 13:01:02 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 00:31:32 | 000,146,680 | ---- | M] (Sase Sham, Inc.) -- C:\Program Files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs
PRC - [2011/04/01 22:09:28 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/03/03 13:06:32 | 000,040,960 | ---- | M] (MurGee.com) -- C:\Program Files (x86)\Auto Keyboard\AutoKeyboard.exe
PRC - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/07/06 10:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/28 15:16:42 | 000,512,992 | ---- | M] () -- C:\Users\Nils\Desktop\sdasetup_revwire207.exe
MOD - [2011/06/29 13:01:02 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 06:46:50 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/02/11 00:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/09/29 12:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/09/27 06:52:38 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/27 06:46:44 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/06 15:32:58 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 15:32:52 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 00:31:32 | 000,146,680 | ---- | M] (Sase Sham, Inc.) [Auto | Running] -- C:\Program Files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch)
SRV - [2011/01/11 18:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/07/06 10:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/02 12:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/06 15:33:18 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 11:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/11 18:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/01/11 18:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/07/09 23:28:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/15 06:45:28 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/02/11 02:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/24 00:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S7500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/29 12:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 12:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 11:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2011/01/11 18:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/11/29 18:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111001
IE - HKCU\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111001&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/23 22:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 20:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/23 22:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/28 22:29:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 20:45:57 | 000,000,000 | ---D | M]

[2010/07/09 08:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Extensions
[2011/11/24 20:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions
[2010/11/01 07:47:37 | 000,000,000 | ---D | M] (Tip.It MicroHelper) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{1d7ecda9-3b7e-4934-a2a1-f65f372068c1}
[2011/11/24 20:02:33 | 000,000,000 | ---D | M] (RuneScape Community Toolbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2010/07/09 08:58:06 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011/09/30 20:30:27 | 000,001,945 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\bing-zugo.xml
[2010/06/08 10:28:50 | 000,000,929 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\conduit.xml
[2010/11/18 08:55:43 | 000,002,059 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\daemon-search.xml
[2011/11/20 18:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D5QRQNKD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: DAEMON Search ()
CHR - default_search_provider: search_url = http://www.daemon-se...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - Extension: Babylon Chrome OCR = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: DivX HiQ = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/11/10 17:01:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MiniEvony Toolbar) - {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (MiniEvony Toolbar) - {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MiniEvony Toolbar) - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [MurGee.com Auto Keyboard] C:\Program Files (x86)\Auto Keyboard\AutoKeyboard.exe (MurGee.com)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3C8DAD2-13FE-4C8F-9CAA-935D5897EBE5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 16:56:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 15:27:33 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\setup.exe
[2011/11/28 15:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/25 19:47:18 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\SKIDROW
[2011/11/25 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\My Games
[2011/11/25 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2011/11/25 10:59:37 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\Sid Meiers Civilization V-SKIDROW
[2011/11/24 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\saves
[2011/11/24 00:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/23 19:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/23 19:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/23 19:39:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/11/23 19:39:47 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\explorer.exe.exe
[2011/11/23 13:09:45 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\SmitfraudFix
[2011/11/20 18:12:12 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\Conduit
[2011/11/20 18:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniEvony
[2011/11/18 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\mcnostalgia
[2011/11/18 12:08:26 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\November 18
[2011/11/13 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\app
[2011/11/13 17:11:08 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\AnkamaCertificates
[2011/11/13 16:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dofus 2
[2011/11/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dofus 2
[2011/11/12 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\Skyrim
[2011/11/12 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\My Games
[2011/11/12 13:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/12 12:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2011/11/12 10:12:37 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\EE5.4
[2011/11/12 10:11:56 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\backup
[2011/11/11 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\The_Elder_Scrolls_V_Skyrim-Razor1911
[2011/11/11 20:59:27 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\tune up utilities 2011
[2011/11/10 21:03:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\1.8.1 mods
[2011/11/10 18:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/11/10 17:36:04 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Malwarebytes
[2011/11/10 17:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/10 17:35:58 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/10 17:28:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe
[2011/11/10 17:01:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/10 16:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/10 16:41:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/07 20:05:00 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit-64bit
[2011/11/07 20:04:59 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\MCEdit-64bit
[2011/11/06 14:49:23 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\technic3
[2011/11/06 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\technic4
[2011/11/05 20:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4chan Image Downloader
[2011/11/05 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4chan Image Downloader
[2011/11/05 16:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Keyboard
[2011/11/05 16:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto Keyboard
[2011/11/05 16:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/11/05 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/11/05 13:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
[2011/11/05 13:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2011/11/04 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2011/11/04 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Downloads
[2011/11/04 21:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Automatic Clicker
[2011/11/04 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Automatic Clicker
[2011/11/04 21:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aarons Cliker
[2011/11/04 21:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AARONS CLIKER
[2011/11/03 19:44:27 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\save
[2010/07/10 16:32:17 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

========== Files - Modified Within 30 Days ==========

[2011/11/28 17:02:39 | 002,271,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/28 17:02:39 | 000,673,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/28 17:02:39 | 000,006,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/28 17:00:29 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 17:00:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/28 15:24:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 15:24:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 15:06:06 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\setup.exe
[2011/11/28 14:53:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 12:06:57 | 000,000,008 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_2
[2011/11/25 12:02:17 | 000,000,173 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\D2Info0
[2011/11/25 11:48:51 | 000,000,922 | ---- | M] () -- C:\Users\Nils\Desktop\Sid Meiers Civilization V.lnk
[2011/11/25 11:30:53 | 3329,425,408 | ---- | M] () -- C:\Users\Nils\Documents\sr-civ5.iso
[2011/11/24 16:54:25 | 000,002,239 | ---- | M] () -- C:\Users\Nils\Documents\mcedit.ini
[2011/11/24 00:53:41 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/23 19:40:23 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 19:39:52 | 000,000,624 | ---- | M] () -- C:\Users\Nils\Desktop\ComboFix - Shortcut.lnk
[2011/11/20 20:11:15 | 000,121,284 | ---- | M] () -- C:\Users\Nils\Documents\Skrillex.jpg
[2011/11/20 20:08:51 | 000,092,178 | ---- | M] () -- C:\Users\Nils\Documents\skrillex_graphic_01.jpg
[2011/11/19 14:11:24 | 000,000,008 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_1
[2011/11/13 16:35:42 | 000,001,074 | ---- | M] () -- C:\Users\Nils\Desktop\Dofus 2.lnk
[2011/11/13 11:54:50 | 000,915,942 | ---- | M] () -- C:\Users\Nils\Documents\google.png
[2011/11/13 08:42:48 | 000,457,414 | ---- | M] () -- C:\Users\Nils\Documents\d69a9cf0669c4e44a0439f939b0dd0c9jpg.jpeg
[2011/11/13 08:41:58 | 000,622,954 | ---- | M] () -- C:\Users\Nils\Documents\Cman21_1080p_Hi10_r2074_8091276435.png
[2011/11/12 11:54:44 | 1205,698,559 | ---- | M] () -- C:\Users\Nils\Documents\rzr-skrm.iso
[2011/11/12 03:04:25 | 005,012,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/11 21:01:37 | 000,002,708 | ---- | M] () -- C:\Users\Nils\Documents\rzr-skrm.nfo
[2011/11/10 18:00:44 | 000,002,054 | ---- | M] () -- C:\Users\Nils\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/10 18:00:37 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/10 17:27:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\explorer.exe.exe
[2011/11/10 17:01:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/10 16:05:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe
[2011/11/10 16:00:36 | 000,000,691 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\GetValue.vbs
[2011/11/10 16:00:36 | 000,000,035 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\SetValue.bat
[2011/11/10 15:43:00 | 001,884,866 | ---- | M] () -- C:\Users\Nils\Desktop\SmitfraudFix.exe
[2011/11/09 21:47:21 | 000,001,077 | ---- | M] () -- C:\Users\Nils\Desktop\Documents - Shortcut.lnk
[2011/11/07 20:05:00 | 000,002,097 | ---- | M] () -- C:\Users\Nils\Desktop\MCEdit-64bit.lnk
[2011/11/07 13:12:59 | 000,006,782 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/05 20:17:05 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\4chan Image Downloader.lnk
[2011/11/05 16:44:09 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Auto Keyboard.lnk
[2011/11/05 16:43:06 | 000,001,351 | ---- | M] () -- C:\Users\Nils\Documents\AutoHotkey.ahk
[2011/11/05 15:59:26 | 000,000,129 | ---- | M] () -- C:\Users\Nils\jagex_runescape_preferences2.dat
[2011/11/05 15:57:56 | 000,000,046 | ---- | M] () -- C:\Users\Nils\jagex_runescape_preferences.dat
[2011/11/05 15:57:55 | 000,000,032 | ---- | M] () -- C:\Users\Nils\jagex_cl_runescape_LIVE.dat
[2011/11/05 13:58:27 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2011/11/04 21:09:51 | 000,001,081 | ---- | M] () -- C:\Users\Nils\Desktop\Automatic Clicker.lnk
[2011/11/04 21:09:05 | 000,001,008 | ---- | M] () -- C:\Users\Nils\Desktop\Aarons Cliker.lnk

========== Files Created - No Company Name ==========

[2011/11/25 11:48:50 | 000,000,922 | ---- | C] () -- C:\Users\Nils\Desktop\Sid Meiers Civilization V.lnk
[2011/11/25 10:59:37 | 3329,425,408 | ---- | C] () -- C:\Users\Nils\Documents\sr-civ5.iso
[2011/11/24 14:19:09 | 000,009,808 | ---- | C] () -- C:\Users\Nils\Desktop\TMIUtils.class
[2011/11/24 14:19:09 | 000,007,049 | ---- | C] () -- C:\Users\Nils\Desktop\TMIConfig.class
[2011/11/24 00:53:41 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/23 19:40:23 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 19:39:52 | 000,000,624 | ---- | C] () -- C:\Users\Nils\Desktop\ComboFix - Shortcut.lnk
[2011/11/20 20:11:14 | 000,121,284 | ---- | C] () -- C:\Users\Nils\Documents\Skrillex.jpg
[2011/11/20 20:08:50 | 000,092,178 | ---- | C] () -- C:\Users\Nils\Documents\skrillex_graphic_01.jpg
[2011/11/13 16:35:42 | 000,001,074 | ---- | C] () -- C:\Users\Nils\Desktop\Dofus 2.lnk
[2011/11/13 11:54:50 | 000,915,942 | ---- | C] () -- C:\Users\Nils\Documents\google.png
[2011/11/13 08:42:48 | 000,457,414 | ---- | C] () -- C:\Users\Nils\Documents\d69a9cf0669c4e44a0439f939b0dd0c9jpg.jpeg
[2011/11/13 08:41:56 | 000,622,954 | ---- | C] () -- C:\Users\Nils\Documents\Cman21_1080p_Hi10_r2074_8091276435.png
[2011/11/11 21:01:37 | 000,002,708 | ---- | C] () -- C:\Users\Nils\Documents\rzr-skrm.nfo
[2011/11/11 21:00:31 | 1205,698,559 | ---- | C] () -- C:\Users\Nils\Documents\rzr-skrm.iso
[2011/11/10 15:56:06 | 000,000,691 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\GetValue.vbs
[2011/11/10 15:56:06 | 000,000,035 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\SetValue.bat
[2011/11/10 15:44:35 | 001,884,866 | ---- | C] () -- C:\Users\Nils\Desktop\SmitfraudFix.exe
[2011/11/09 21:47:21 | 000,001,077 | ---- | C] () -- C:\Users\Nils\Desktop\Documents - Shortcut.lnk
[2011/11/07 20:05:00 | 000,002,097 | ---- | C] () -- C:\Users\Nils\Desktop\MCEdit-64bit.lnk
[2011/11/05 20:17:05 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\4chan Image Downloader.lnk
[2011/11/05 16:44:09 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Auto Keyboard.lnk
[2011/11/05 16:43:06 | 000,001,351 | ---- | C] () -- C:\Users\Nils\Documents\AutoHotkey.ahk
[2011/11/05 15:57:55 | 000,000,032 | ---- | C] () -- C:\Users\Nils\jagex_cl_runescape_LIVE.dat
[2011/11/05 13:58:27 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2011/11/04 21:09:51 | 000,001,081 | ---- | C] () -- C:\Users\Nils\Desktop\Automatic Clicker.lnk
[2011/11/04 21:09:05 | 000,001,008 | ---- | C] () -- C:\Users\Nils\Desktop\Aarons Cliker.lnk
[2011/10/13 20:42:29 | 000,200,193 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 20:42:29 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/10/13 20:25:40 | 000,200,314 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:25:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/04/19 21:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/11/02 10:18:42 | 000,006,782 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/23 13:40:47 | 000,000,080 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\RSBot_Accounts.ini
[2010/10/12 16:55:59 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_3
[2010/09/28 14:08:34 | 000,149,196 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/17 19:47:54 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_1
[2010/09/17 19:46:31 | 000,000,173 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\D2Info0
[2010/09/17 19:46:31 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_2
[2010/09/16 15:55:43 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/09/15 15:51:45 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/13 18:01:33 | 000,000,678 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2010/09/01 19:52:52 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/01 19:52:52 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/01 19:52:40 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/01 19:52:40 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/01 19:52:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/01 19:52:40 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2010/09/01 19:52:03 | 000,000,290 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/13 21:10:16 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/13 18:08:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/24 12:45:43 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010/07/24 12:44:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2010/07/24 12:44:03 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010/07/24 12:43:22 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/07/10 18:09:50 | 000,000,165 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\RSBot Accounts.ini
[2010/07/09 09:27:49 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010/06/30 16:38:04 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002/05/13 04:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

========== LOP Check ==========

[2011/11/24 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\.minecraft
[2011/11/13 17:11:08 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\AnkamaCertificates
[2011/11/13 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\app
[2010/09/17 19:48:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2011/06/15 23:38:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Audacity
[2011/11/23 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Beerowser
[2010/07/23 17:36:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canon
[2010/07/09 23:32:40 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DAEMON Tools Lite
[2010/11/15 19:30:19 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dev-Cpp
[2011/11/19 13:10:17 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dofus 2
[2010/09/17 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/12 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/09/17 19:47:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/26 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Downloaded Installations
[2010/09/25 08:55:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FOG Downloader
[2010/07/12 22:01:40 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Foxit Software
[2011/11/04 21:17:23 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2011/07/16 10:26:18 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\go
[2010/11/18 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2011/02/20 12:41:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Guitar Pro 6
[2011/11/10 18:09:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Gygan
[2011/06/07 15:13:18 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ijjigame
[2011/11/09 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Jagex
[2010/07/10 10:08:55 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2010/07/24 13:06:40 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2011/03/24 19:40:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\NeopleLauncherDFO
[2011/09/13 14:30:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\pymclevel
[2010/09/17 19:46:35 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/11/14 19:39:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Spotify
[2011/05/06 19:11:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\SystemRequirementsLab
[2010/08/27 02:33:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Tanuki Soft
[2010/08/23 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TeamViewer
[2011/03/13 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Temp
[2010/09/13 18:01:34 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Template
[2011/05/29 10:37:56 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011/11/28 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\uTorrent
[2011/07/01 19:27:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\WinBatch
[2011/09/25 11:02:00 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Here is the MalwareBytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8261

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/28/2011 5:13:25 PM
mbam-log-2011-11-28 (17-13-25).txt

Scan type: Quick scan
Objects scanned: 197659
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Nils\AppData\Local\obf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Nils\AppData\Local\obf.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Nils\AppData\Local\obf.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
Dragonkitteh

Dragonkitteh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The obf.exe issue has been removed from my computer, and my computer ran fine without any issues for about 50 minutes, when all of my programs closed and "Win 7 Security 2012" re-opened again. Under the processes it now starts and closes programs under the name, "yaj.exe *32" with the description as "Windows Presentation Foundation Host", It was just created 3 minutes ago, and is obviously the new program that the malware is using to shut down my processes.

Here's an OTL quick scan log:

OTL logfile created on: 11/28/2011 6:20:30 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nils\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 83.34% Memory free
15.93 Gb Paging File | 14.65 Gb Available in Paging File | 91.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.85 Gb Total Space | 521.55 Gb Free Space | 56.52% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.63% Space Free | Partition Type: FAT32

Computer Name: NILS-PC | User Name: Nils | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 16:05:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 06:46:50 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/02/11 00:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/09/29 12:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/09/27 06:52:38 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/27 06:46:44 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/07/06 15:32:58 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/06 15:32:52 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 00:31:32 | 000,146,680 | ---- | M] (Sase Sham, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs -- (Wireless_AutoSwitch)
SRV - [2011/01/11 18:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/07/06 10:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/02 12:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/06 15:33:18 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 11:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/11 18:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/01/11 18:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/07/09 23:28:06 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/15 06:45:28 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/02/11 02:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/24 00:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S7500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/29 12:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 12:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 11:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2011/01/11 18:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/11/29 18:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/01/04 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111001
IE - HKCU\..\URLSearchHook: {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111001&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/23 22:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 20:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/23 22:22:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/28 22:29:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 20:45:57 | 000,000,000 | ---D | M]

[2010/07/09 08:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Extensions
[2011/11/24 20:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions
[2010/11/01 07:47:37 | 000,000,000 | ---D | M] (Tip.It MicroHelper) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{1d7ecda9-3b7e-4934-a2a1-f65f372068c1}
[2011/11/24 20:02:33 | 000,000,000 | ---D | M] (RuneScape Community Toolbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2010/07/09 08:58:06 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011/09/30 20:30:27 | 000,001,945 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\bing-zugo.xml
[2010/06/08 10:28:50 | 000,000,929 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\conduit.xml
[2010/11/18 08:55:43 | 000,002,059 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\d5qrqnkd.default\searchplugins\daemon-search.xml
[2011/11/20 18:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\NILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D5QRQNKD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: DAEMON Search ()
CHR - default_search_provider: search_url = http://www.daemon-se...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - Extension: Babylon Chrome OCR = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: DivX HiQ = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/11/10 17:01:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MiniEvony Toolbar) - {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (MiniEvony Toolbar) - {1aec5771-fcd6-4537-a6b7-5f1935fd527c} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MiniEvony Toolbar) - {1AEC5771-FCD6-4537-A6B7-5F1935FD527C} - C:\Program Files (x86)\MiniEvony\prxtbMini.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [3496870343] C:\Users\Nils\AppData\Local\yaj.exe ()
O4 - HKCU..\Run: [MurGee.com Auto Keyboard] C:\Program Files (x86)\Auto Keyboard\AutoKeyboard.exe (MurGee.com)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3C8DAD2-13FE-4C8F-9CAA-935D5897EBE5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Users\Nils\AppData\Local\yaj.exe" -a "%1" %* ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Nils\AppData\Local\yaj.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 17:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/28 16:56:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 15:27:33 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\setup.exe
[2011/11/28 15:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/25 19:47:18 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\SKIDROW
[2011/11/25 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\My Games
[2011/11/25 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2011/11/25 10:59:37 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\Sid Meiers Civilization V-SKIDROW
[2011/11/24 09:25:36 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\saves
[2011/11/24 00:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/23 19:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/23 19:39:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/11/23 19:39:47 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\explorer.exe.exe
[2011/11/23 13:09:45 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\SmitfraudFix
[2011/11/20 18:12:12 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\Conduit
[2011/11/20 18:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniEvony
[2011/11/18 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\mcnostalgia
[2011/11/18 12:08:26 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\November 18
[2011/11/13 18:53:00 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\app
[2011/11/13 17:11:08 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\AnkamaCertificates
[2011/11/13 16:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dofus 2
[2011/11/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dofus 2
[2011/11/12 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\Skyrim
[2011/11/12 13:03:33 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\My Games
[2011/11/12 13:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/12 12:55:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2011/11/12 10:12:37 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\EE5.4
[2011/11/12 10:11:56 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\backup
[2011/11/11 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\The_Elder_Scrolls_V_Skyrim-Razor1911
[2011/11/11 20:59:27 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\tune up utilities 2011
[2011/11/10 21:03:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\1.8.1 mods
[2011/11/10 18:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/11/10 17:36:04 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Malwarebytes
[2011/11/10 17:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/10 17:35:58 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/10 17:28:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe
[2011/11/10 17:01:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/10 16:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/10 16:41:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/07 20:05:00 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit-64bit
[2011/11/07 20:04:59 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Local\MCEdit-64bit
[2011/11/06 14:49:23 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\technic3
[2011/11/06 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\technic4
[2011/11/05 20:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4chan Image Downloader
[2011/11/05 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4chan Image Downloader
[2011/11/05 16:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Keyboard
[2011/11/05 16:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auto Keyboard
[2011/11/05 16:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/11/05 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/11/05 13:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
[2011/11/05 13:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2011/11/04 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2011/11/04 21:15:55 | 000,000,000 | ---D | C] -- C:\Users\Nils\Documents\Downloads
[2011/11/04 21:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Automatic Clicker
[2011/11/04 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Automatic Clicker
[2011/11/04 21:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aarons Cliker
[2011/11/04 21:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AARONS CLIKER
[2011/11/03 19:44:27 | 000,000,000 | ---D | C] -- C:\Users\Nils\Desktop\save
[2010/07/10 16:32:17 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

========== Files - Modified Within 30 Days ==========

[2011/11/28 18:20:25 | 000,008,512 | -HS- | M] () -- C:\Users\Nils\AppData\Local\aimecy0p4fih5vft0wpy5r551b4d
[2011/11/28 18:20:25 | 000,008,512 | -HS- | M] () -- C:\ProgramData\aimecy0p4fih5vft0wpy5r551b4d
[2011/11/28 18:19:48 | 002,296,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/28 18:19:48 | 000,681,956 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/28 18:19:48 | 000,006,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/28 18:16:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/28 18:06:48 | 000,333,312 | ---- | M] () -- C:\Users\Nils\AppData\Local\yaj.exe
[2011/11/28 17:53:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/28 17:22:23 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 17:22:23 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/28 17:15:55 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 17:09:51 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/28 15:06:06 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\setup.exe
[2011/11/25 12:06:57 | 000,000,008 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_2
[2011/11/25 12:02:17 | 000,000,173 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\D2Info0
[2011/11/25 11:48:51 | 000,000,922 | ---- | M] () -- C:\Users\Nils\Desktop\Sid Meiers Civilization V.lnk
[2011/11/25 11:30:53 | 3329,425,408 | ---- | M] () -- C:\Users\Nils\Documents\sr-civ5.iso
[2011/11/24 16:54:25 | 000,002,239 | ---- | M] () -- C:\Users\Nils\Documents\mcedit.ini
[2011/11/24 00:53:41 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/23 19:39:52 | 000,000,624 | ---- | M] () -- C:\Users\Nils\Desktop\ComboFix - Shortcut.lnk
[2011/11/20 20:11:15 | 000,121,284 | ---- | M] () -- C:\Users\Nils\Documents\Skrillex.jpg
[2011/11/20 20:08:51 | 000,092,178 | ---- | M] () -- C:\Users\Nils\Documents\skrillex_graphic_01.jpg
[2011/11/19 14:11:24 | 000,000,008 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_1
[2011/11/13 16:35:42 | 000,001,074 | ---- | M] () -- C:\Users\Nils\Desktop\Dofus 2.lnk
[2011/11/13 11:54:50 | 000,915,942 | ---- | M] () -- C:\Users\Nils\Documents\google.png
[2011/11/13 08:42:48 | 000,457,414 | ---- | M] () -- C:\Users\Nils\Documents\d69a9cf0669c4e44a0439f939b0dd0c9jpg.jpeg
[2011/11/13 08:41:58 | 000,622,954 | ---- | M] () -- C:\Users\Nils\Documents\Cman21_1080p_Hi10_r2074_8091276435.png
[2011/11/12 11:54:44 | 1205,698,559 | ---- | M] () -- C:\Users\Nils\Documents\rzr-skrm.iso
[2011/11/12 03:04:25 | 005,012,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/11 21:01:37 | 000,002,708 | ---- | M] () -- C:\Users\Nils\Documents\rzr-skrm.nfo
[2011/11/10 18:00:44 | 000,002,054 | ---- | M] () -- C:\Users\Nils\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/10 18:00:37 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/10 17:27:24 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nils\Desktop\explorer.exe.exe
[2011/11/10 17:01:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/10 16:05:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nils\Desktop\OTL.exe
[2011/11/10 16:00:36 | 000,000,691 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\GetValue.vbs
[2011/11/10 16:00:36 | 000,000,035 | ---- | M] () -- C:\Users\Nils\AppData\Roaming\SetValue.bat
[2011/11/10 15:43:00 | 001,884,866 | ---- | M] () -- C:\Users\Nils\Desktop\SmitfraudFix.exe
[2011/11/09 21:47:21 | 000,001,077 | ---- | M] () -- C:\Users\Nils\Desktop\Documents - Shortcut.lnk
[2011/11/07 20:05:00 | 000,002,097 | ---- | M] () -- C:\Users\Nils\Desktop\MCEdit-64bit.lnk
[2011/11/07 13:12:59 | 000,006,782 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/05 20:17:05 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\4chan Image Downloader.lnk
[2011/11/05 16:44:09 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Auto Keyboard.lnk
[2011/11/05 16:43:06 | 000,001,351 | ---- | M] () -- C:\Users\Nils\Documents\AutoHotkey.ahk
[2011/11/05 15:59:26 | 000,000,129 | ---- | M] () -- C:\Users\Nils\jagex_runescape_preferences2.dat
[2011/11/05 15:57:56 | 000,000,046 | ---- | M] () -- C:\Users\Nils\jagex_runescape_preferences.dat
[2011/11/05 15:57:55 | 000,000,032 | ---- | M] () -- C:\Users\Nils\jagex_cl_runescape_LIVE.dat
[2011/11/05 13:58:27 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2011/11/04 21:09:51 | 000,001,081 | ---- | M] () -- C:\Users\Nils\Desktop\Automatic Clicker.lnk
[2011/11/04 21:09:05 | 000,001,008 | ---- | M] () -- C:\Users\Nils\Desktop\Aarons Cliker.lnk

========== Files Created - No Company Name ==========

[2011/11/28 18:06:53 | 000,008,512 | -HS- | C] () -- C:\Users\Nils\AppData\Local\aimecy0p4fih5vft0wpy5r551b4d
[2011/11/28 18:06:53 | 000,008,512 | -HS- | C] () -- C:\ProgramData\aimecy0p4fih5vft0wpy5r551b4d
[2011/11/28 18:06:48 | 000,333,312 | ---- | C] () -- C:\Users\Nils\AppData\Local\yaj.exe
[2011/11/28 17:09:51 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/25 11:48:50 | 000,000,922 | ---- | C] () -- C:\Users\Nils\Desktop\Sid Meiers Civilization V.lnk
[2011/11/25 10:59:37 | 3329,425,408 | ---- | C] () -- C:\Users\Nils\Documents\sr-civ5.iso
[2011/11/24 14:19:09 | 000,009,808 | ---- | C] () -- C:\Users\Nils\Desktop\TMIUtils.class
[2011/11/24 14:19:09 | 000,007,049 | ---- | C] () -- C:\Users\Nils\Desktop\TMIConfig.class
[2011/11/24 00:53:41 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/23 19:39:52 | 000,000,624 | ---- | C] () -- C:\Users\Nils\Desktop\ComboFix - Shortcut.lnk
[2011/11/20 20:11:14 | 000,121,284 | ---- | C] () -- C:\Users\Nils\Documents\Skrillex.jpg
[2011/11/20 20:08:50 | 000,092,178 | ---- | C] () -- C:\Users\Nils\Documents\skrillex_graphic_01.jpg
[2011/11/13 16:35:42 | 000,001,074 | ---- | C] () -- C:\Users\Nils\Desktop\Dofus 2.lnk
[2011/11/13 11:54:50 | 000,915,942 | ---- | C] () -- C:\Users\Nils\Documents\google.png
[2011/11/13 08:42:48 | 000,457,414 | ---- | C] () -- C:\Users\Nils\Documents\d69a9cf0669c4e44a0439f939b0dd0c9jpg.jpeg
[2011/11/13 08:41:56 | 000,622,954 | ---- | C] () -- C:\Users\Nils\Documents\Cman21_1080p_Hi10_r2074_8091276435.png
[2011/11/11 21:01:37 | 000,002,708 | ---- | C] () -- C:\Users\Nils\Documents\rzr-skrm.nfo
[2011/11/11 21:00:31 | 1205,698,559 | ---- | C] () -- C:\Users\Nils\Documents\rzr-skrm.iso
[2011/11/10 15:56:06 | 000,000,691 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\GetValue.vbs
[2011/11/10 15:56:06 | 000,000,035 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\SetValue.bat
[2011/11/10 15:44:35 | 001,884,866 | ---- | C] () -- C:\Users\Nils\Desktop\SmitfraudFix.exe
[2011/11/09 21:47:21 | 000,001,077 | ---- | C] () -- C:\Users\Nils\Desktop\Documents - Shortcut.lnk
[2011/11/07 20:05:00 | 000,002,097 | ---- | C] () -- C:\Users\Nils\Desktop\MCEdit-64bit.lnk
[2011/11/05 20:17:05 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\4chan Image Downloader.lnk
[2011/11/05 16:44:09 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Auto Keyboard.lnk
[2011/11/05 16:43:06 | 000,001,351 | ---- | C] () -- C:\Users\Nils\Documents\AutoHotkey.ahk
[2011/11/05 15:57:55 | 000,000,032 | ---- | C] () -- C:\Users\Nils\jagex_cl_runescape_LIVE.dat
[2011/11/05 13:58:27 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2011/11/04 21:09:51 | 000,001,081 | ---- | C] () -- C:\Users\Nils\Desktop\Automatic Clicker.lnk
[2011/11/04 21:09:05 | 000,001,008 | ---- | C] () -- C:\Users\Nils\Desktop\Aarons Cliker.lnk
[2011/10/13 20:42:29 | 000,200,193 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 20:42:29 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/10/13 20:25:40 | 000,200,314 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:25:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/04/19 21:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/11/02 10:18:42 | 000,006,782 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/23 13:40:47 | 000,000,080 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\RSBot_Accounts.ini
[2010/10/12 16:55:59 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_3
[2010/09/28 14:08:34 | 000,149,196 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/17 19:47:54 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_1
[2010/09/17 19:46:31 | 000,000,173 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\D2Info0
[2010/09/17 19:46:31 | 000,000,008 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\DofusAppId0_2
[2010/09/16 15:55:43 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/09/15 15:51:45 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/13 18:01:33 | 000,000,678 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\wklnhst.dat
[2010/09/01 19:52:52 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/01 19:52:52 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/01 19:52:40 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/01 19:52:40 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/01 19:52:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/01 19:52:40 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2010/09/01 19:52:03 | 000,000,290 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/13 21:10:16 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/13 18:08:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/24 12:45:43 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010/07/24 12:44:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2010/07/24 12:44:03 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010/07/24 12:43:22 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/07/10 18:09:50 | 000,000,165 | ---- | C] () -- C:\Users\Nils\AppData\Roaming\RSBot Accounts.ini
[2010/07/09 09:27:49 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
[2010/06/30 16:38:04 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2002/05/13 04:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

========== LOP Check ==========

[2011/11/24 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\.minecraft
[2011/11/13 17:11:08 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\AnkamaCertificates
[2011/11/13 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\app
[2010/09/17 19:48:16 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Atari
[2011/06/15 23:38:53 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Audacity
[2011/11/23 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Beerowser
[2010/07/23 17:36:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Canon
[2010/07/09 23:32:40 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\DAEMON Tools Lite
[2010/11/15 19:30:19 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dev-Cpp
[2011/11/19 13:10:17 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dofus 2
[2010/09/17 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/12 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/09/17 19:47:54 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/26 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Downloaded Installations
[2010/09/25 08:55:41 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\FOG Downloader
[2010/07/12 22:01:40 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Foxit Software
[2011/11/04 21:17:23 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2011/07/16 10:26:18 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\go
[2010/11/18 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\gtk-2.0
[2011/02/20 12:41:26 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Guitar Pro 6
[2011/11/10 18:09:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Gygan
[2011/06/07 15:13:18 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\ijjigame
[2011/11/09 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Jagex
[2010/07/10 10:08:55 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Leadertech
[2010/07/24 13:06:40 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\MAGIX
[2011/03/24 19:40:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\NeopleLauncherDFO
[2011/09/13 14:30:59 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\pymclevel
[2010/09/17 19:46:35 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/11/14 19:39:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Spotify
[2011/05/06 19:11:10 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\SystemRequirementsLab
[2010/08/27 02:33:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Tanuki Soft
[2010/08/23 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TeamViewer
[2011/03/13 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Temp
[2010/09/13 18:01:34 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Template
[2011/05/29 10:37:56 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2011/11/28 18:14:34 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\uTorrent
[2011/07/01 19:27:32 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\WinBatch
[2011/09/25 11:02:00 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#5
Dragonkitteh

Dragonkitteh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Now it seems like there's more trouble. I wanted to see if I could remove the malware by deleting "yaj.exe" from the Appdata/local folder.
The malware no longer starts up, but neither does anything with the ".exe" extenstion, windows just asks for with what program to open them with. It seems that I can no longer open OTL or "mbam" to run anything.
Help would be appreciated, thanks!
  • 0

#6
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download this OTL to your Desktop

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [3496870343] C:\Users\Nils\AppData\Local\yaj.exe ()
    O35 - HKCU\..exefile [open] -- "C:\Users\Nils\AppData\Local\yaj.exe" -a "%1" %* ()
    O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Nils\AppData\Local\yaj.exe" -a "%1" %* ()
    [2011/11/28 18:20:25 | 000,008,512 | -HS- | M] () -- C:\Users\Nils\AppData\Local\aimecy0p4fih5vft0wpy5r551b4d
    [2011/11/28 18:20:25 | 000,008,512 | -HS- | M] () -- C:\ProgramData\aimecy0p4fih5vft0wpy5r551b4d
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Things I would like to see in your reply:
  • OTL log
  • Combofix.txt

  • 0

#7
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP