Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan/Malware - infected Chrome, USB folders are turned to shortcuts

Started by Mr. Jack , Dec 14 2011 08:51 PM

  • Please log in to reply

#1
Mr. Jack
Posted 14 December 2011 - 08:51 PM

Mr. Jack

    Member

  • Member
  • PipPip
  • 92 posts
Hey guys,

I've been dealing with this Malware infection for quite some time, and after a long time of not being able to figure it out, I decided to come to all of you for help.

Anyway, I got this 2 months ago. For starters, any USB drive that is plugged into my computer has all of it's folders turned to shortcuts that run an "explorer.exe" which is also on the USB drive.

The first thing that happens is every time I open up Chrome, open a new tab, or open a new window in Chrome, I get this. It doesn't crash the browser. But it is particularly frustrating to deal with. After that, dialog boxes that say "Ok" with the only open to click an "Ok" button. After that, capitalist radio stations will automatically turn on and play through windows media player. There are many more problems than this, but these are just the few that come to mind.

Here's the OTL log.


OTL logfile created on: 12/14/2011 8:36:25 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ryan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 48.46% Memory free
8.00 Gb Paging File | 5.85 Gb Available in Paging File | 73.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 521.75 Gb Free Space | 37.34% Space Free | Partition Type: NTFS
Drive I: | 3.75 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32
Drive L: | 465.76 Gb Total Space | 8.15 Gb Free Space | 1.75% Space Free | Partition Type: NTFS

Computer Name: USB-SLAYER | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 20:36:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.com
PRC - [2011/11/29 19:06:54 | 013,223,936 | ---- | M] (Google Inc.) -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2011/11/29 03:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/11/06 02:18:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/21 17:39:20 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/27 06:22:28 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/09/05 11:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
PRC - [2011/03/21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
PRC - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2009/03/30 10:19:50 | 000,569,344 | ---- | M] (Progoth.com) -- C:\Program Files (x86)\iSnooze\iSnooze.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 05:16:28 | 000,411,192 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 05:16:27 | 003,767,864 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 05:14:56 | 000,122,952 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 05:14:55 | 000,222,280 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 05:14:53 | 001,746,504 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 01:22:33 | 008,593,056 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/11/29 18:57:12 | 000,344,064 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2011/11/29 18:57:02 | 000,346,624 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2011/11/29 18:56:16 | 000,363,520 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2011/11/29 18:56:06 | 000,198,656 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2011/11/08 14:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/07 14:54:44 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/10/27 17:21:12 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/01/07 10:16:32 | 000,218,112 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/29 03:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/06 02:18:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/27 17:24:40 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 17:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/29 10:54:36 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/07 14:54:38 | 002,173,552 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/15 21:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 21:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 21:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2010/06/17 03:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/02/04 09:14:20 | 000,304,232 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010/01/13 11:15:54 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2009/09/23 13:23:08 | 000,032,352 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2009/07/16 10:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/03/18 10:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/10/07 12:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/01/29 05:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 C9 79 BC CD BA CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/15 14:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/27 18:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 02:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/04 17:16:16 | 000,000,000 | ---D | M]

[2011/11/08 23:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/11/08 23:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/23 15:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/23 15:38:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/12/12 02:55:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/12 02:55:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_0\
CHR - Extension: GrooveBud = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpbffgdfhnhloelamgiofephdchgkle\0.0.3_0\
CHR - Extension: reddit companion = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.1_0\
CHR - Extension: reddit companion = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.1_0\.orig
CHR - Extension: TooManyTabs for Chrome = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.8.1_0\
CHR - Extension: MeasureIt! = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Web Developer = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
CHR - Extension: ActiveGS = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba\3.5.704_0\
CHR - Extension: Silver Bird = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.4_0\
CHR - Extension: GIF Scrubber = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp\2.22_0\
CHR - Extension: AdBlock = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.6_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1_0\
CHR - Extension: Eye Dropper = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.5.1_0\
CHR - Extension: Lock Tab = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnikalcnjojfkpleicbncjmnieimjlfe\0.8.2_0\
CHR - Extension: Stylebot Social = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaifpdafpkbjghohkfkfmkcfcmmnbnaa\1_0\
CHR - Extension: TabCounter = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kibiopnambcddkfkkefcopfpbljphchi\1.1_0\
CHR - Extension: StayFocusd = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.2.0.15_0\
CHR - Extension: Skype Click to Call = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\
CHR - Extension: Poppit = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Session Manager = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.3.1_0\
CHR - Extension: MuteTab = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc\1.1.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Surplus = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\3.5.6_0\
CHR - Extension: Plus Minus = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidkbnhjgdngcfcaikoocdanfijkgdli\1.4.3_0\

O1 HOSTS File: ([2011/12/14 20:01:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [iSnooze] C:\Program Files (x86)\iSnooze\iSnooze.exe (Progoth.com)
O4 - HKCU..\Run: [MusicManager] C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCC3F43A-B32E-4F11-9831-A2C6A9C162D0}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 20:07:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/14 20:02:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/14 19:50:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/14 19:50:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/14 19:50:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/14 19:49:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/14 19:47:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/14 19:41:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\virus
[2011/12/12 17:21:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Old School Projects
[2011/12/12 01:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/12 01:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/12/11 20:21:13 | 000,070,344 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\CBDisk.sys
[2011/12/11 20:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacDrive 8
[2011/12/11 20:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2011/12/11 20:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2011/12/11 20:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Mediafour
[2011/12/11 20:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mediafour
[2011/12/11 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediafour
[2011/12/10 19:29:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Razer
[2011/12/10 19:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2011/12/10 19:28:03 | 000,093,696 | ---- | C] (Razer Inc.) -- C:\Windows\SysNative\Lycosa.cpl
[2011/12/10 19:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2011/12/10 19:27:57 | 000,013,312 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\VKbms.sys
[2011/12/10 19:27:57 | 000,006,656 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
[2011/12/10 19:27:54 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Lycosa.cpl
[2011/12/10 19:27:54 | 000,028,928 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysNative\drivers\Lycosa.sys
[2011/12/10 19:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2011/12/10 19:27:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\InstallShield
[2011/12/10 16:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/12/10 15:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Suite 5 Production Premium
[2011/12/10 15:29:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Production Premium
[2011/12/09 00:43:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2011/12/09 00:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/09 00:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/09 00:41:56 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/09 00:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/08 01:28:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\tsmuxer
[2011/12/06 22:52:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/06 22:07:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Physics Project (Dec 2011)
[2011/12/05 01:04:21 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2011/12/05 01:04:21 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2011/12/05 01:04:21 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011/12/05 01:04:21 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2011/12/05 01:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011/12/05 00:54:10 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2011/12/05 00:54:10 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2011/12/05 00:54:10 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2011/12/05 00:54:10 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2011/12/05 00:54:10 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2011/12/05 00:54:10 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2011/12/05 00:54:10 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2011/12/05 00:54:10 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2011/12/05 00:54:10 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2011/12/05 00:54:10 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2011/12/05 00:54:10 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2011/12/05 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER ©
[2011/12/05 00:54:09 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2011/12/05 00:54:09 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2011/12/05 00:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTDSETUP
[2011/12/04 22:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2011/12/04 17:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/03 18:15:38 | 000,000,000 | ---D | C] -- C:\Twixtor5AEManual
[2011/12/03 18:13:54 | 000,000,000 | ---D | C] -- C:\SmoothKit3AEManual
[2011/12/03 17:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2011/12/03 16:54:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Aiseesoft Studio
[2011/12/03 16:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Aiseesoft Studio
[2011/12/03 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
[2011/12/03 15:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Aiseesoft Studio
[2011/12/03 15:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aiseesoft Studio
[2011/12/03 07:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/12/01 02:17:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\TeamViewer
[2011/11/26 13:57:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/24 01:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
[2011/11/24 01:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISO to USB
[2011/11/23 15:37:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Skype
[2011/11/23 15:37:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/11/23 15:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/23 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/11/23 01:26:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Skyrim
[2011/11/23 01:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/23 01:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2011/11/21 00:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/21 00:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/21 00:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/16 16:46:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/14 20:01:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/14 20:01:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/14 20:01:35 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/14 19:43:28 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/14 19:43:28 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/14 19:43:28 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/14 03:29:29 | 000,000,221 | ---- | M] () -- C:\Users\Ryan\Desktop\Audiosurf.url
[2011/12/14 01:24:45 | 000,002,398 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk
[2011/12/13 22:35:00 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/12 11:30:16 | 1240,836,703 | ---- | M] () -- C:\Users\Ryan\Desktop\FINAL_VREMYA_ISAI.mov
[2011/12/11 20:52:01 | 004,982,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/09 00:42:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/03 17:11:14 | 000,002,569 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts - Copy
[2011/12/03 17:11:14 | 000,002,569 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts - Copy (2)
[2011/12/03 16:53:20 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/03 15:37:04 | 000,002,334 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft MTS Converter.lnk
[2011/12/03 15:37:04 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Aiseesoft MTS Converter.lnk
[2011/12/03 06:26:24 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2011/12/01 02:18:50 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2011/11/27 18:52:11 | 000,085,867 | ---- | M] () -- C:\Users\Ryan\Desktop\letter_of_recommendation-filled.pdf
[2011/11/27 18:40:21 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2011/11/25 23:28:20 | 000,001,584 | ---- | M] () -- C:\Users\Ryan\Desktop\index.html
[2011/11/23 15:37:35 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/21 00:28:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 19:50:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/14 19:50:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/14 19:50:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/14 19:50:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/14 19:50:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/14 03:29:29 | 000,000,221 | ---- | C] () -- C:\Users\Ryan\Desktop\Audiosurf.url
[2011/12/12 22:32:49 | 1240,836,703 | ---- | C] () -- C:\Users\Ryan\Desktop\FINAL_VREMYA_ISAI.mov
[2011/12/09 00:42:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 01:04:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/12/05 00:54:10 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2011/12/05 00:54:10 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2011/12/05 00:54:10 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011/12/05 00:54:10 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2011/12/05 00:54:10 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2011/12/05 00:54:10 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2011/12/05 00:54:09 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2011/12/05 00:54:09 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2011/12/05 00:54:09 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2011/12/05 00:54:09 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2011/12/03 16:53:18 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/03 15:37:04 | 000,002,334 | ---- | C] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft MTS Converter.lnk
[2011/12/03 15:37:04 | 000,002,310 | ---- | C] () -- C:\Users\Public\Desktop\Aiseesoft MTS Converter.lnk
[2011/12/01 02:18:50 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011/12/01 02:18:50 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2011/11/27 18:52:11 | 000,085,867 | ---- | C] () -- C:\Users\Ryan\Desktop\letter_of_recommendation-filled.pdf
[2011/11/27 18:40:21 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2011/11/25 23:24:59 | 000,001,584 | ---- | C] () -- C:\Users\Ryan\Desktop\index.html
[2011/11/23 15:37:35 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/21 00:28:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/06 02:02:13 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/10/25 00:22:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/10/23 16:02:13 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/09 01:57:36 | 000,007,597 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2011/10/08 23:07:00 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/08 23:06:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/05/11 14:48:24 | 000,534,016 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/29 08:14:02 | 000,000,000 | ---- | C] () -- C:\Windows\BorisFX BCC XML.ini
[2009/04/09 11:50:14 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\MSL_All-DLL80_x86.dll
[2008/10/23 11:58:22 | 000,000,000 | ---- | C] () -- C:\Windows\BorisFX BCC7.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptTO7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptSP7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptLD7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptJS7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptES7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptEP7.0.ini
[2008/09/16 08:48:52 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptET7.0.ini

========== LOP Check ==========

[2011/10/14 11:45:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\.minecraft
[2011/10/15 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Ableton
[2011/12/06 22:52:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/27 18:53:39 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Dropbox
[2011/11/25 23:37:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\FileZilla
[2011/11/08 23:08:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Greyfirst
[2011/10/08 16:46:44 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Origin
[2011/10/25 00:22:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PACE Anti-Piracy
[2011/12/10 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Razer
[2011/10/25 00:25:15 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/21 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Stardock
[2011/12/01 02:28:14 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TeamViewer
[2011/10/10 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Thunderbird
[2011/10/08 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TuneUp Software
[2011/12/14 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2009/07/13 23:08:49 | 000,008,416 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1172 bytes -> C:\ProgramData\Microsoft:3VQICBrOF32vcGBD9qhf1ooh
@Alternate Data Stream - 1069 bytes -> C:\Program Files\Common Files\Microsoft Shared:hvpqNwEMdMyFyrcfLqWTxNly
@Alternate Data Stream - 1054 bytes -> C:\ProgramData\Microsoft:bYFid3KUPzb5eZbGpOz7B2

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 15 December 2011 - 09:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. Make sure that the column with the partition size is visible.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
Mr. Jack
Posted 17 December 2011 - 09:54 PM

Mr. Jack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
I ran ComboFix multiple time in multiple different ways after checking all my AV software was turned off, and yet I still have this happen when I run CF. Any ideas?

Edited by Mr. Jack, 17 December 2011 - 09:55 PM.

  • 0

#4
RKinner
Posted 18 December 2011 - 01:23 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Never saw that before. Have asked the designer of Combofix. Go on and try the other programs - see if they will run. Also add DDS to the mix:

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
  • 0

#5
RKinner
Posted 18 December 2011 - 10:54 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Designer asks what version of Combofix you have (right click and select Properties then Details. Look for "File version" ) Also how far does it get before you get this error?
  • 0

#6
Mr. Jack
Posted 19 December 2011 - 02:38 PM

Mr. Jack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
DDS.TXT

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Ryan at 14:34:39 on 2011-12-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2628 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\iSnooze\iSnooze.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WerFault.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [iSnooze] C:\Program Files (x86)\iSnooze\iSnooze.exe
uRun: [MusicManager] "C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [MusicManager] "C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{BCC3F43A-B32E-4F11-9831-A2C6A9C162D0} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{C2002059-1719-49C1-90B6-A6D1E4C7E6DD} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\cwe6vcoo.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-9 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-8 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-1 2916736]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-19 20:34:05 331 ----a-w- C:\Start_.cmd
2011-12-19 20:34:05 -------- d-----w- C:\ComboFix
2011-12-19 20:21:42 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-18 04:51:28 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-18 04:38:48 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3275A92-66A1-416F-97DF-B120D34A7DFF}\offreg.dll
2011-12-15 01:50:23 98816 ----a-w- C:\Windows\sed.exe
2011-12-15 01:50:23 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-15 01:50:23 256000 ----a-w- C:\Windows\PEV.exe
2011-12-15 01:50:23 208896 ----a-w- C:\Windows\MBR.exe
2011-12-12 02:21:13 70344 ----a-w- C:\Windows\System32\drivers\CBDisk.sys
2011-12-12 02:20:23 32352 ----a-w- C:\Windows\System32\drivers\MDPMGRNT.SYS
2011-12-12 02:20:17 -------- d-----w- C:\Program Files\Mediafour
2011-12-12 02:20:17 -------- d-----w- C:\Program Files\Common Files\Mediafour
2011-12-12 02:20:17 -------- d-----w- C:\Program Files (x86)\Common Files\Mediafour
2011-12-12 02:20:16 -------- d-----w- C:\ProgramData\Mediafour
2011-12-12 02:18:41 -------- d-----w- C:\Program Files (x86)\Mediafour
2011-12-11 01:29:03 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Razer
2011-12-11 01:28:03 93696 ----a-w- C:\Windows\System32\Lycosa.cpl
2011-12-11 01:27:57 6656 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys
2011-12-11 01:27:57 13312 ----a-w- C:\Windows\System32\drivers\VKbms.sys
2011-12-11 01:27:54 65536 ----a-w- C:\Windows\SysWow64\Lycosa.cpl
2011-12-11 01:27:54 28928 ----a-w- C:\Windows\System32\drivers\Lycosa.sys
2011-12-10 22:02:58 -------- d-----w- C:\ProgramData\ALM
2011-12-09 06:43:02 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2011-12-09 06:42:05 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-09 06:41:56 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-09 06:41:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-07 04:52:12 -------- d-----w- C:\Users\Ryan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-05 07:04:21 719872 ----a-w- C:\Windows\SysWow64\devil.dll
2011-12-05 07:04:21 70656 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2011-12-05 07:04:21 70656 ----a-w- C:\Windows\SysWow64\i420vfw.dll
2011-12-05 07:04:21 369152 ----a-w- C:\Windows\SysWow64\avisynth.dll
2011-12-05 07:04:21 32256 ----a-w- C:\Windows\SysWow64\AVSredirect.dll
2011-12-05 07:04:21 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2011-12-05 06:53:50 -------- d-----w- C:\Program Files (x86)\YTDSETUP
2011-12-05 04:04:51 -------- d-----w- C:\Program Files (x86)\eRightSoft
2011-12-04 23:16:16 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-12-04 23:16:16 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-12-04 23:16:16 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-12-04 23:16:16 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-12-04 23:16:16 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-12-04 23:16:16 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-12-04 23:16:16 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-12-04 00:15:38 -------- d-----w- C:\Twixtor5AEManual
2011-12-04 00:13:54 -------- d-----w- C:\SmoothKit3AEManual
2011-12-03 22:54:25 -------- d-----w- C:\Users\Ryan\AppData\Local\Aiseesoft Studio
2011-12-03 21:36:59 -------- d-----w- C:\ProgramData\Aiseesoft Studio
2011-12-03 21:36:59 -------- d-----w- C:\Program Files (x86)\Aiseesoft Studio
2011-12-01 08:17:41 -------- d-----w- C:\Users\Ryan\AppData\Roaming\TeamViewer
2011-11-24 07:28:31 -------- d-----w- C:\Program Files (x86)\ISO to USB
2011-11-23 21:37:35 -------- d-----r- C:\Program Files (x86)\Skype
2011-11-23 07:26:42 -------- d-----w- C:\Users\Ryan\AppData\Local\Skyrim
2011-11-23 07:17:51 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-11-23 07:17:51 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-11-23 07:17:51 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-11-23 07:17:51 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-11-23 07:17:50 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2011-11-23 07:17:50 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-11-23 07:17:50 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-11-23 07:17:50 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2011-11-23 07:09:17 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
.
==================== Find3M ====================
.
2011-12-14 09:19:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-08 09:04:43 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-08 09:04:43 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-08 08:54:36 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-11-07 21:25:35 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-11-06 08:18:54 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-06 08:02:20 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 05:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-10-08 23:46:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-08 22:06:35 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-10-08 22:06:35 14848 ----a-w- C:\Windows\System32\slwga.dll
2011-10-08 22:06:35 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2011-10-08 22:06:34 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-10-08 22:06:34 1008640 ----a-w- C:\Windows\System32\user32.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-28 23:45:42 15453832 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-09-28 23:45:42 13642888 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2006-05-03 18:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 19:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 21:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 06:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 14:36:25.77 ===============







ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/8/2011 5:06:41 PM
System Uptime: 12/19/2011 2:21:24 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A785-M
Processor: AMD Phenom™ 9750 Quad-Core Processor | AM2 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 505.588 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP54: 12/16/2011 10:46:46 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5 Master Collection
Adobe Creative Suite 5 Production Premium
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Shockwave Player 11.6
Adobe Story
Adobe Widget Browser
Aiseesoft MTS Converter 6.2.16
Apple Application Support
Apple Software Update
Audiosurf
Battlefield 3™
Battlefield 3™ Open Beta
Battlefield: Bad Company 2
Battlelog Web Plugins
Celtx (2.9.1)
Counter-Strike: Source
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Driver Genius Professional Edition
Dropbox
ESN Sonar
Fences
FileZilla Client 3.5.2
Final Draft
Google Chrome
Grand Theft Auto IV
Grand Theft Auto: Vice City
iSnooze 1.3.3
ISO to USB
Java Auto Updater
Java™ 6 Update 27
L.A. Noire
Left 4 Dead 2
Live 8.2.2
Magic Bullet Looks
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 8.0.1 (x86 en-US)
Mozilla Thunderbird (8.0)
Music Manager
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
PDF Settings CS5
Platform
PunkBuster Services
PxMergeModule
QuickTime
Razer Lycosa
Red Giant Text Anarchy
Rockstar Games Social Club
Sanctum
Skype Click to Call
Skype™ 5.5
SpeedFan (remove only)
Steam
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
swMSM
TeamViewer 7
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Veetle TV
VIA Platform Device Manager
VLC media player 1.1.11
.
==== Event Viewer Messages From Past Week ========
.
12/19/2011 2:22:37 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/17/2011 9:18:10 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
12/17/2011 10:34:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/16/2011 5:21:05 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/14/2011 3:16:56 AM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: HyperTransport Watchdog Timeout Error Processor ID: 0 The details view of this entry contains further information.
12/14/2011 3:16:40 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa80058256f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\121411-19375-01.dmp. Report Id: 121411-19375-01.
12/14/2011 2:20:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================
  • 0

#7
Mr. Jack
Posted 19 December 2011 - 02:39 PM

Mr. Jack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
As far as ComboFix goes, I am using 11.12.16.3. And the first window pops up (looks like an install screen with a black background and green text). Then right after that finished, nothing happens for 3-4 seconds, then it starts giving me these errors.
  • 0

#8
RKinner
Posted 19 December 2011 - 07:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Can you uninstall MacDrive 8?

I don't see it listed in the the uninstall section but perhaps there is an uninstaller in Start, (All) Programs, MacDrive 8.

Can you run any of the other programs? (TDSSKiller, aswMBR, MBAM)
  • 0

#9
Mr. Jack
Posted 19 December 2011 - 10:52 PM

Mr. Jack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Okay. I was able to run ComboFix after it updated. Also, MacDrive was uninstalled.

Here is all of the information requested from earlier:


COMBOFIX:

ComboFix 11-12-19.03 - Ryan 12/19/2011 19:59:17.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2586 [GMT -6:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 02:05 . 2011-12-20 02:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-20 02:05 . 2011-12-20 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 20:35 . 2011-12-19 20:35 -------- d-----w- c:\program files\iTunes
2011-12-19 20:35 . 2011-12-19 20:35 -------- d-----w- c:\program files (x86)\iTunes
2011-12-19 20:35 . 2011-12-19 20:35 -------- d-----w- c:\program files\iPod
2011-12-18 04:51 . 2011-12-18 04:56 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-14 20:48 . 2011-08-16 22:04 83456 ------w- c:\users\Ryan\AppData\Roaming\Cyagai.exe
2011-12-12 07:22 . 2011-12-12 07:22 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-12 03:18 . 2011-12-15 02:07 -------- d-----w- c:\users\Mason
2011-12-12 02:21 . 2010-01-13 17:15 70344 ----a-w- c:\windows\system32\drivers\CBDisk.sys
2011-12-12 02:20 . 2009-09-23 19:23 32352 ----a-w- c:\windows\system32\drivers\MDPMGRNT.SYS
2011-12-12 02:20 . 2011-12-12 02:20 -------- d-----w- c:\program files (x86)\Common Files\Mediafour
2011-12-12 02:20 . 2011-12-12 02:20 -------- d-----w- c:\program files\Common Files\Mediafour
2011-12-12 02:20 . 2011-12-12 02:20 -------- d-----w- c:\program files\Mediafour
2011-12-12 02:20 . 2011-12-12 02:20 -------- d-----w- c:\programdata\Mediafour
2011-12-11 01:29 . 2011-12-11 01:29 -------- d-----w- c:\users\Ryan\AppData\Roaming\Razer
2011-12-11 01:28 . 2011-12-11 01:28 -------- d-----w- c:\programdata\Razer
2011-12-11 01:28 . 2007-09-28 00:07 93696 ----a-w- c:\windows\system32\Lycosa.cpl
2011-12-11 01:27 . 2010-10-01 06:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-12-11 01:27 . 2010-09-30 02:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-12-11 01:27 . 2010-09-08 17:01 28928 ----a-w- c:\windows\system32\drivers\Lycosa.sys
2011-12-11 01:27 . 2007-09-28 01:44 65536 ----a-w- c:\windows\SysWow64\Lycosa.cpl
2011-12-11 01:27 . 2011-12-11 01:27 -------- d-----w- c:\program files (x86)\Razer
2011-12-11 01:27 . 2011-12-11 01:27 -------- d-----w- c:\users\Ryan\AppData\Roaming\InstallShield
2011-12-10 22:02 . 2011-12-10 22:02 -------- d-----w- c:\programdata\ALM
2011-12-09 06:43 . 2011-12-09 06:43 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2011-12-09 06:42 . 2011-12-09 06:42 -------- d-----w- c:\programdata\Malwarebytes
2011-12-09 06:41 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 06:41 . 2011-12-09 06:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-07 04:52 . 2011-12-07 04:52 -------- d-----w- c:\users\Ryan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-05 07:04 . 2011-12-05 07:04 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2011-12-05 07:04 . 2009-09-27 15:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll
2011-12-05 07:04 . 2005-07-14 18:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll
2011-12-05 07:04 . 2004-02-22 16:11 719872 ----a-w- c:\windows\SysWow64\devil.dll
2011-12-05 07:04 . 2004-01-25 06:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-12-05 07:04 . 2004-01-25 06:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-12-04 00:15 . 2011-12-04 00:15 -------- d-----w- C:\Twixtor5AEManual
2011-12-04 00:13 . 2011-12-04 00:13 -------- d-----w- C:\SmoothKit3AEManual
2011-12-03 22:54 . 2011-12-03 22:54 -------- d-----w- c:\users\Ryan\AppData\Local\Aiseesoft Studio
2011-12-03 21:36 . 2011-12-03 21:36 -------- d-----w- c:\programdata\Aiseesoft Studio
2011-12-03 21:36 . 2011-12-03 21:36 -------- d-----w- c:\program files (x86)\Aiseesoft Studio
2011-12-03 13:00 . 2011-12-03 13:00 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-12-01 08:17 . 2011-12-01 08:28 -------- d-----w- c:\users\Ryan\AppData\Roaming\TeamViewer
2011-11-24 07:28 . 2011-11-24 07:28 -------- d-----w- c:\program files (x86)\ISO to USB
2011-11-23 21:37 . 2011-11-26 20:06 -------- d-----w- c:\users\Ryan\AppData\Roaming\Skype
2011-11-23 21:37 . 2011-11-23 21:38 -------- d-----r- c:\program files (x86)\Skype
2011-11-23 21:37 . 2011-11-23 21:37 -------- d-----w- c:\programdata\Skype
2011-11-23 07:26 . 2011-11-23 07:26 -------- d-----w- c:\users\Ryan\AppData\Local\Skyrim
2011-11-23 07:17 . 2010-02-04 16:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-23 07:17 . 2010-02-04 16:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-11-23 07:17 . 2010-02-04 16:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-23 07:17 . 2010-02-04 16:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-11-23 07:17 . 2010-02-04 16:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-23 07:17 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-11-23 07:17 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-11-23 07:17 . 2010-02-04 16:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-23 07:09 . 2011-11-26 01:43 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 09:19 . 2011-10-09 07:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-08 09:04 . 2011-10-09 06:46 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-08 09:04 . 2011-10-09 05:07 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-08 08:54 . 2011-10-09 05:07 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-07 21:41 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-11-07 21:41 . 2009-08-18 17:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-07 21:25 . 2011-11-07 21:25 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-11-06 08:18 . 2011-10-09 05:06 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-06 08:02 . 2011-11-06 08:02 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-15 08:53 . 2011-10-26 00:08 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-26 00:08 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-10-26 00:08 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-10-26 00:08 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-26 00:08 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-10-26 00:08 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-26 00:08 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-26 00:08 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-10-26 00:08 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-10-26 00:08 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-10-26 00:08 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-10-26 00:08 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-10-09 06:55 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-10-09 06:55 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-08 22:56 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-10-08 22:56 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-10-08 22:56 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-10-08 22:56 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-10-08 22:56 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-10-08 22:56 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-10-08 22:56 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-10-08 22:56 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-10-08 22:56 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-10-08 22:56 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-10-08 22:56 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-10-08 22:56 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2009-07-13 21:59 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-08 23:46 . 2011-10-08 23:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-08 22:06 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2011-10-08 22:06 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-10-08 22:06 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-10-08 22:06 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-10-08 22:06 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2011-10-01 03:25 . 2011-10-13 21:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 21:14 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-28 23:45 . 2011-09-28 23:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll
2011-09-28 23:45 . 2011-09-28 23:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-09-21 14:00 . 2011-10-14 14:48 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3275A92-66A1-416F-97DF-B120D34A7DFF}\mpengine.dll
2006-05-03 18:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 19:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 21:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 06:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-10-08 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-10-08 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-12-15_02.02.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-12-18 04:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-18 04:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-18 04:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2011-12-18 04:37 37002 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-20 01:51 31678 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-17 03:02 . 2011-12-17 00:44 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2009-07-14 05:30 . 2011-12-18 03:44 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-12-11 01:28 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\drivers\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 41472 c:\windows\system32\drivers\rndismpx.sys
+ 2011-10-08 22:09 . 2011-12-20 02:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-08 22:09 . 2011-12-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-08 22:09 . 2011-12-20 02:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-08 22:09 . 2011-12-15 02:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-08 22:09 . 2011-12-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 22:09 . 2011-12-20 02:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 22:09 . 2011-12-20 02:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-08 22:09 . 2011-12-15 01:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-08 22:09 . 2011-12-20 02:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-08 22:09 . 2011-12-15 01:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 22:09 . 2011-12-20 01:51 9356 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2821252437-4125277900-2269453769-1001_UserData.bin
+ 2011-12-18 03:44 . 2011-12-18 03:44 9560 c:\windows\system32\NetworkList\Icons\{3E4BA57A-B1E6-49F1-9471-11D9B6A82960}_48.bin
+ 2011-12-18 03:44 . 2011-12-18 03:44 4280 c:\windows\system32\NetworkList\Icons\{3E4BA57A-B1E6-49F1-9471-11D9B6A82960}_32.bin
+ 2011-12-18 03:44 . 2011-12-18 03:44 2456 c:\windows\system32\NetworkList\Icons\{3E4BA57A-B1E6-49F1-9471-11D9B6A82960}_24.bin
+ 2011-12-19 20:22 . 2011-12-19 20:22 9560 c:\windows\system32\NetworkList\Icons\{367E51DC-7692-4222-9A4A-0907F47A73D6}_48.bin
+ 2011-12-19 20:22 . 2011-12-19 20:22 4280 c:\windows\system32\NetworkList\Icons\{367E51DC-7692-4222-9A4A-0907F47A73D6}_32.bin
+ 2011-12-19 20:22 . 2011-12-19 20:22 2456 c:\windows\system32\NetworkList\Icons\{367E51DC-7692-4222-9A4A-0907F47A73D6}_24.bin
+ 2011-12-20 02:06 . 2011-12-20 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-15 02:01 . 2011-12-15 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-20 02:06 . 2011-12-20 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-15 02:01 . 2011-12-15 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-18 03:18 . 2011-12-18 03:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2011-12-19 20:25 659580 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-15 01:43 659580 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-19 20:25 120508 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-15 01:43 120508 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-12-11 01:28 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-18 03:44 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:01 . 2011-12-20 02:05 483304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-15 02:00 483304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-19 20:35 . 2011-12-19 20:35 380928 c:\windows\Installer\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}\iTunesIco.exe
+ 2011-10-09 06:59 . 2011-12-20 02:05 8051704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821252437-4125277900-2269453769-1001-12288.dat
+ 2011-12-19 20:32 . 2011-12-19 20:32 44934656 c:\windows\Installer\a8df4.msi
+ 2011-12-19 20:32 . 2011-12-19 20:32 20304896 c:\windows\Installer\a824f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-21 641400]
"iSnooze"="c:\program files (x86)\iSnooze\iSnooze.exe" [2009-03-30 569344]
"MusicManager"="c:\users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-11-30 13223936]
"Cyagai"="c:\users\Ryan\AppData\Roaming\Cyagai.exe" [2011-08-16 83456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-09-14 4958320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 345688]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 151040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\cwe6vcoo.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2821252437-4125277900-2269453769-1001\Software\SecuROM\License information*]
"datasecu"=hex:a4,df,e9,73,0a,bb,ca,43,f3,fb,6d,fc,11,c0,50,4d,f4,80,4e,6c,ae,
6c,8d,ed,29,0a,e6,4e,fe,99,af,d9,09,07,92,cc,93,de,37,69,39,0a,fd,7c,97,b7,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:05,3c,43,02,0a,41,2a,13,f2,e3,3b,47,fb,50,04,04,fd,ec,a8,d3,96,
40,a8,10,bf,7b,e4,95,80,b3,7f,23,1e,42,b2,f9,9e,6b,27,b5,dc,fb,63,72,18,50,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:05,3c,43,02,0a,41,2a,13,f2,e3,3b,47,fb,50,04,04,fd,ec,a8,d3,96,
40,a8,10,bf,7b,e4,95,80,b3,7f,23,1e,42,b2,f9,9e,6b,27,b5,dc,fb,63,72,18,50,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2011-12-19 20:11:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 02:11
ComboFix2.txt 2011-12-18 04:40
ComboFix3.txt 2011-12-15 02:07
.
Pre-Run: 542,069,264,384 bytes free
Post-Run: 541,909,757,952 bytes free
.
- - End Of File - - 28B35808677D8070D5D04079885B190B







aswMBR:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-19 20:33:05
-----------------------------
20:33:05.550 OS Version: Windows x64 6.1.7601 Service Pack 1
20:33:05.550 Number of processors: 4 586 0x203
20:33:05.550 ComputerName: USB-SLAYER UserName: Ryan
20:33:07.156 Initialize success
20:33:18.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:33:18.728 Disk 0 Vendor: ST31500541AS CC34 Size: 1430799MB BusType: 3
20:33:18.743 Disk 0 MBR read successfully
20:33:18.743 Disk 0 MBR scan
20:33:18.759 Disk 0 Windows 7 default MBR code
20:33:18.759 Service scanning
20:33:20.101 Modules scanning
20:33:20.101 Scan finished successfully
20:33:28.228 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\virus\new\MBR.dat"
20:33:28.228 The log file has been saved successfully to "C:\Users\Ryan\Desktop\virus\new\aswMBR.txt"






MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8400

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/19/2011 9:50:20 PM
mbam-log-2011-12-19 (21-50-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 603012
Time elapsed: 1 hour(s), 16 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\YTDSETUP\trafficspace.exe (PUP.Zugo) -> Quarantined and deleted successfully.





OTL #2:

OTL logfile created on: 12/19/2011 10:45:39 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ryan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 51.39% Memory free
8.00 Gb Paging File | 5.90 Gb Available in Paging File | 73.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 504.43 Gb Free Space | 36.10% Space Free | Partition Type: NTFS

Computer Name: USB-SLAYER | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 20:34:51 | 004,010,160 | ---- | M] (Spotify Ltd) -- C:\Users\Ryan\AppData\Roaming\Spotify\spotify.exe
PRC - [2011/12/14 20:21:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe
PRC - [2011/12/12 02:55:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/29 19:06:54 | 013,223,936 | ---- | M] (Google Inc.) -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2011/11/29 03:50:03 | 010,826,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/11/29 03:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/11/29 03:33:26 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/11/06 02:18:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/21 17:39:20 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/05 11:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
PRC - [2011/03/21 21:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
PRC - [2009/03/30 10:19:50 | 000,569,344 | ---- | M] (Progoth.com) -- C:\Program Files (x86)\iSnooze\iSnooze.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/19 20:34:51 | 019,900,928 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2011/12/14 03:19:57 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/12 02:55:01 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/29 18:57:12 | 000,344,064 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2011/11/29 18:57:02 | 000,346,624 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2011/11/29 18:56:16 | 000,363,520 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2011/11/29 18:56:06 | 000,198,656 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2011/11/08 14:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/14 23:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/04/13 11:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/07 14:54:44 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/10/27 17:21:12 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/29 03:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/06 02:18:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/27 17:24:40 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/10/27 17:21:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/07 14:54:38 | 002,173,552 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/15 21:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 21:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 21:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/08 11:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2010/06/17 03:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/16 10:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/03/18 10:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/10/07 12:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/01/29 05:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 C0 25 14 CF BE CC 01 [binary data]
IE - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/15 14:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/27 18:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 02:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/04 17:16:16 | 000,000,000 | ---D | M]

[2011/11/08 23:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/11/08 23:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/23 15:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/23 15:38:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/11/08 23:04:46 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/12/12 02:55:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/12 02:55:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_0\
CHR - Extension: GrooveBud = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpbffgdfhnhloelamgiofephdchgkle\0.0.3_0\
CHR - Extension: reddit companion = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.1_0\
CHR - Extension: reddit companion = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.1_0\.orig
CHR - Extension: TooManyTabs for Chrome = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.8.1_0\
CHR - Extension: MeasureIt! = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Web Developer = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
CHR - Extension: ActiveGS = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba\3.5.704_0\
CHR - Extension: Silver Bird = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.4_0\
CHR - Extension: GIF Scrubber = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp\2.22_0\
CHR - Extension: AdBlock = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.7_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1_0\
CHR - Extension: Eye Dropper = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.5.1_0\
CHR - Extension: Lock Tab = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnikalcnjojfkpleicbncjmnieimjlfe\0.8.2_0\
CHR - Extension: Stylebot Social = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaifpdafpkbjghohkfkfmkcfcmmnbnaa\1_0\
CHR - Extension: TabCounter = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kibiopnambcddkfkkefcopfpbljphchi\1.1_0\
CHR - Extension: StayFocusd = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.2.0.15_0\
CHR - Extension: Skype Click to Call = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\
CHR - Extension: Poppit = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Session Manager = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.3.1_0\
CHR - Extension: MuteTab = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc\1.1.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Surplus = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\3.5.6_0\
CHR - Extension: Plus Minus = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidkbnhjgdngcfcaikoocdanfijkgdli\1.4.3_0\

O1 HOSTS File: ([2011/12/19 20:07:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001..\Run: [Cyagai] C:\Users\Ryan\AppData\Roaming\Cyagai.exe (Driver-Soft Inc. )
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001..\Run: [iSnooze] C:\Program Files (x86)\iSnooze\iSnooze.exe (Progoth.com)
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001..\Run: [MusicManager] C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001..\Run: [Spotify] C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCC3F43A-B32E-4F11-9831-A2C6A9C162D0}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2002059-1719-49C1-90B6-A6D1E4C7E6DD}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 22:37:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011/12/19 22:36:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/19 22:22:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/19 20:34:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Spotify
[2011/12/19 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Spotify
[2011/12/19 20:33:03 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2011/12/19 20:05:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/19 14:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/19 14:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/19 14:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/19 14:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/16 18:42:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.com
[2011/12/16 18:23:05 | 004,345,296 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2011/12/14 19:50:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/14 19:50:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/14 19:50:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/14 19:49:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/14 19:47:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/14 19:41:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\virus
[2011/12/14 14:48:31 | 000,083,456 | ---- | C] (Driver-Soft Inc. ) -- C:\Users\Ryan\AppData\Roaming\Cyagai.exe
[2011/12/12 17:21:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Old School Projects
[2011/12/12 01:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/12 01:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/12/10 19:29:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Razer
[2011/12/10 19:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2011/12/10 19:28:03 | 000,093,696 | ---- | C] (Razer Inc.) -- C:\Windows\SysNative\Lycosa.cpl
[2011/12/10 19:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2011/12/10 19:27:57 | 000,013,312 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\VKbms.sys
[2011/12/10 19:27:57 | 000,006,656 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
[2011/12/10 19:27:54 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Lycosa.cpl
[2011/12/10 19:27:54 | 000,028,928 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysNative\drivers\Lycosa.sys
[2011/12/10 19:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2011/12/10 19:27:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\InstallShield
[2011/12/10 16:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/12/10 15:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Suite 5 Production Premium
[2011/12/10 15:29:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Production Premium
[2011/12/09 00:43:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2011/12/09 00:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/09 00:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/09 00:41:56 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/09 00:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/06 22:52:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/06 22:07:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Physics Project (Dec 2011)
[2011/12/05 01:04:21 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2011/12/05 01:04:21 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2011/12/05 01:04:21 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011/12/05 01:04:21 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2011/12/05 01:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011/12/05 00:54:10 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2011/12/05 00:54:10 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2011/12/05 00:54:10 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2011/12/05 00:54:10 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2011/12/05 00:54:10 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2011/12/05 00:54:10 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2011/12/05 00:54:10 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2011/12/05 00:54:10 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2011/12/05 00:54:10 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2011/12/05 00:54:10 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2011/12/05 00:54:10 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2011/12/05 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER ©
[2011/12/05 00:54:09 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2011/12/05 00:54:09 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2011/12/05 00:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTDSETUP
[2011/12/04 22:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2011/12/04 17:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/03 18:15:38 | 000,000,000 | ---D | C] -- C:\Twixtor5AEManual
[2011/12/03 18:13:54 | 000,000,000 | ---D | C] -- C:\SmoothKit3AEManual
[2011/12/03 17:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2011/12/03 16:54:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Aiseesoft Studio
[2011/12/03 16:54:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Aiseesoft Studio
[2011/12/03 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
[2011/12/03 15:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Aiseesoft Studio
[2011/12/03 15:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aiseesoft Studio
[2011/12/03 07:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/12/01 02:17:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\TeamViewer
[2011/11/26 13:57:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/24 01:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
[2011/11/24 01:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISO to USB
[2011/11/23 15:37:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Skype
[2011/11/23 15:37:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/11/23 15:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/23 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/11/23 01:26:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Skyrim
[2011/11/23 01:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2011/11/23 01:17:51 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/11/23 01:17:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/11/23 01:17:51 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/11/23 01:17:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/11/23 01:17:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/11/23 01:17:50 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/11/23 01:17:50 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/11/23 01:17:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/11/23 01:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/19 22:21:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/19 22:21:50 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 20:34:51 | 000,001,802 | ---- | M] () -- C:\Users\Ryan\Desktop\Spotify.lnk
[2011/12/19 20:07:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/19 19:57:34 | 004,345,296 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2011/12/19 14:35:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/19 14:25:40 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/19 14:25:40 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/19 14:25:40 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/17 22:46:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2011/12/16 18:42:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.com
[2011/12/15 03:26:07 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/14 03:29:29 | 000,000,221 | ---- | M] () -- C:\Users\Ryan\Desktop\Audiosurf.url
[2011/12/14 03:19:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/14 01:24:45 | 000,002,398 | ---- | M] () -- C:\Users\Ryan\Desktop\Google Chrome.lnk
[2011/12/12 11:30:16 | 1240,836,703 | ---- | M] () -- C:\Users\Ryan\Desktop\FINAL_VREMYA_ISAI.mov
[2011/12/11 20:52:01 | 004,982,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/09 00:42:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/03 17:11:14 | 000,002,569 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts - Copy
[2011/12/03 17:11:14 | 000,002,569 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts - Copy (2)
[2011/12/03 16:53:20 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/03 15:37:04 | 000,002,334 | ---- | M] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft MTS Converter.lnk
[2011/12/03 15:37:04 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Aiseesoft MTS Converter.lnk
[2011/12/03 06:26:24 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2011/12/01 02:18:50 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2011/11/27 18:52:11 | 000,085,867 | ---- | M] () -- C:\Users\Ryan\Desktop\letter_of_recommendation-filled.pdf
[2011/11/27 18:40:21 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2011/11/25 23:28:20 | 000,001,584 | ---- | M] () -- C:\Users\Ryan\Desktop\index.html
[2011/11/23 15:37:35 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/19 20:34:51 | 000,001,802 | ---- | C] () -- C:\Users\Ryan\Desktop\Spotify.lnk
[2011/12/19 20:34:51 | 000,001,788 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/12/19 14:35:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/14 19:50:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/14 19:50:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/14 19:50:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/14 19:50:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/14 19:50:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/14 03:29:29 | 000,000,221 | ---- | C] () -- C:\Users\Ryan\Desktop\Audiosurf.url
[2011/12/12 22:32:49 | 1240,836,703 | ---- | C] () -- C:\Users\Ryan\Desktop\FINAL_VREMYA_ISAI.mov
[2011/12/09 00:42:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/05 01:04:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/12/05 00:54:10 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2011/12/05 00:54:10 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2011/12/05 00:54:10 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011/12/05 00:54:10 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2011/12/05 00:54:10 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2011/12/05 00:54:10 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2011/12/05 00:54:09 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2011/12/05 00:54:09 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2011/12/05 00:54:09 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2011/12/05 00:54:09 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2011/12/03 16:53:18 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/03 15:37:04 | 000,002,334 | ---- | C] () -- C:\Users\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft MTS Converter.lnk
[2011/12/03 15:37:04 | 000,002,310 | ---- | C] () -- C:\Users\Public\Desktop\Aiseesoft MTS Converter.lnk
[2011/12/01 02:18:50 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011/12/01 02:18:50 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2011/11/27 18:52:11 | 000,085,867 | ---- | C] () -- C:\Users\Ryan\Desktop\letter_of_recommendation-filled.pdf
[2011/11/27 18:40:21 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2011/11/25 23:24:59 | 000,001,584 | ---- | C] () -- C:\Users\Ryan\Desktop\index.html
[2011/11/23 15:37:35 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/06 02:02:13 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/10/25 00:22:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/10/23 16:02:13 | 000,000,132 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/09 01:57:36 | 000,007,597 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2011/10/08 23:07:00 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/08 23:06:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/05/11 14:48:24 | 000,534,016 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/29 08:14:02 | 000,000,000 | ---- | C] () -- C:\Windows\BorisFX BCC XML.ini
[2009/04/09 11:50:14 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\MSL_All-DLL80_x86.dll
[2008/10/23 11:58:22 | 000,000,000 | ---- | C] () -- C:\Windows\BorisFX BCC7.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptTO7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptSP7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptLD7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptJS7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptES7.0.ini
[2008/09/16 08:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptEP7.0.ini
[2008/09/16 08:48:52 | 000,000,000 | ---- | C] () -- C:\Windows\ScriptET7.0.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 1172 bytes -> C:\ProgramData\Microsoft:3VQICBrOF32vcGBD9qhf1ooh
@Alternate Data Stream - 1069 bytes -> C:\Program Files\Common Files\Microsoft Shared:hvpqNwEMdMyFyrcfLqWTxNly
@Alternate Data Stream - 1054 bytes -> C:\ProgramData\Microsoft:bYFid3KUPzb5eZbGpOz7B2

< End of report >





SCREENSHOT OF DATA MANAGEMENT WINDOW

Edited by Mr. Jack, 19 December 2011 - 10:53 PM.

  • 0

#10
RKinner
Posted 19 December 2011 - 11:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001..\Run: [Cyagai] C:\Users\Ryan\AppData\Roaming\Cyagai.exe (Driver-Soft Inc. )
O4 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2821252437-4125277900-2269453769-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
@Alternate Data Stream - 1172 bytes -> C:\ProgramData\Microsoft:3VQICBrOF32vcGBD9qhf1ooh
@Alternate Data Stream - 1069 bytes -> C:\Program Files\Common Files\Microsoft Shared:hvpqNwEMdMyFyrcfLqWTxNly
@Alternate Data Stream - 1054 bytes -> C:\ProgramData\Microsoft:bYFid3KUPzb5eZbGpOz7B2

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Run Combofix one more time and post the log.

You don't have an anti-virus.

Download and save the free Avast installer.
http://www.avast.com...ivirus-download

Install Avast. (Register when it asks you - they will try to talk you into buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
(Look in C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt or C:\ProgramData\Avast Software\Avast5\report\aswboot.txt for a text copy of the report. If it found anything and you can find the aswboot.txt file please copy and paste it.)

Are you still seeing a problem?

Ron
  • 0

#11
Mr. Jack
Posted 21 December 2011 - 12:49 PM

Mr. Jack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Avast! found no viruses. So I think we're in the clear. Thanks so much for your help. Here are the final logs that were requested.



COMBOFIX:

ComboFix 11-12-20.04 - Ryan 12/21/2011 1:22.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2707 [GMT -6:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 07:33 . 2011-12-21 07:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3275A92-66A1-416F-97DF-B120D34A7DFF}\offreg.dll
2011-12-21 07:29 . 2011-12-21 07:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-21 07:29 . 2011-12-21 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 07:22 . 2011-12-21 07:23 -------- d-----w- c:\users\Ryan\Dale-NookBackup
2011-12-20 05:55 . 2011-12-20 05:55 -------- d-----w- C:\_OTL
2011-12-20 04:37 . 2011-12-20 04:37 -------- d-----w- c:\windows\system32\appmgmt
2011-12-20 02:34 . 2011-12-21 07:41 -------- d-----w- c:\users\Ryan\AppData\Local\Spotify
2011-12-20 02:34 . 2011-12-21 06:55 -------- d-----w- c:\users\Ryan\AppData\Roaming\Spotify
2011-12-19 20:35 . 2011-12-19 20:35 -------- d-----w- c:\program files\iTunes
2011-12-19 20:35 . 2011-12-19 20:35 -------- d-----w- c:\program files (x86)\iTunes
2011-12-19 20:35 . 2011-12-19 20:35 -------- d-----w- c:\program files\iPod
2011-12-11 01:29 . 2011-12-11 01:29 -------- d-----w- c:\users\Ryan\AppData\Roaming\Razer
2011-12-11 01:28 . 2011-12-11 01:28 -------- d-----w- c:\programdata\Razer
2011-12-11 01:28 . 2007-09-28 00:07 93696 ----a-w- c:\windows\system32\Lycosa.cpl
2011-12-11 01:27 . 2010-10-01 06:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-12-11 01:27 . 2010-09-30 02:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-12-11 01:27 . 2010-09-08 17:01 28928 ----a-w- c:\windows\system32\drivers\Lycosa.sys
2011-12-11 01:27 . 2007-09-28 01:44 65536 ----a-w- c:\windows\SysWow64\Lycosa.cpl
2011-12-11 01:27 . 2011-12-11 01:27 -------- d-----w- c:\program files (x86)\Razer
2011-12-11 01:27 . 2011-12-11 01:27 -------- d-----w- c:\users\Ryan\AppData\Roaming\InstallShield
2011-12-10 22:02 . 2011-12-10 22:02 -------- d-----w- c:\programdata\ALM
2011-12-09 06:43 . 2011-12-09 06:43 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2011-12-09 06:42 . 2011-12-09 06:42 -------- d-----w- c:\programdata\Malwarebytes
2011-12-09 06:41 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 06:41 . 2011-12-09 06:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-07 04:52 . 2011-12-07 04:52 -------- d-----w- c:\users\Ryan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-05 07:04 . 2011-12-05 07:04 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2011-12-05 07:04 . 2009-09-27 15:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll
2011-12-05 07:04 . 2005-07-14 18:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll
2011-12-05 07:04 . 2004-02-22 16:11 719872 ----a-w- c:\windows\SysWow64\devil.dll
2011-12-05 07:04 . 2004-01-25 06:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-12-05 07:04 . 2004-01-25 06:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll
2011-12-05 06:53 . 2011-12-20 03:50 -------- d-----w- c:\program files (x86)\YTDSETUP
2011-12-05 04:04 . 2011-12-05 06:54 -------- d-----w- c:\program files (x86)\eRightSoft
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-12-04 23:16 . 2011-12-04 23:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-12-04 00:15 . 2011-12-04 00:15 -------- d-----w- C:\Twixtor5AEManual
2011-12-04 00:13 . 2011-12-04 00:13 -------- d-----w- C:\SmoothKit3AEManual
2011-12-03 22:54 . 2011-12-03 22:54 -------- d-----w- c:\users\Ryan\AppData\Local\Aiseesoft Studio
2011-12-03 21:36 . 2011-12-03 21:36 -------- d-----w- c:\programdata\Aiseesoft Studio
2011-12-03 21:36 . 2011-12-03 21:36 -------- d-----w- c:\program files (x86)\Aiseesoft Studio
2011-12-03 13:00 . 2011-12-03 13:00 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-12-01 08:17 . 2011-12-01 08:28 -------- d-----w- c:\users\Ryan\AppData\Roaming\TeamViewer
2011-11-24 07:28 . 2011-11-24 07:28 -------- d-----w- c:\program files (x86)\ISO to USB
2011-11-23 21:37 . 2011-11-26 20:06 -------- d-----w- c:\users\Ryan\AppData\Roaming\Skype
2011-11-23 21:37 . 2011-11-23 21:38 -------- d-----r- c:\program files (x86)\Skype
2011-11-23 21:37 . 2011-11-23 21:37 -------- d-----w- c:\programdata\Skype
2011-11-23 07:26 . 2011-11-23 07:26 -------- d-----w- c:\users\Ryan\AppData\Local\Skyrim
2011-11-23 07:17 . 2010-02-04 16:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-23 07:17 . 2010-02-04 16:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-11-23 07:17 . 2010-02-04 16:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-23 07:17 . 2010-02-04 16:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-11-23 07:17 . 2010-02-04 16:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-23 07:17 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-11-23 07:17 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-11-23 07:17 . 2010-02-04 16:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-23 07:09 . 2011-11-26 01:43 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 09:19 . 2011-10-09 07:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-08 09:04 . 2011-10-09 06:46 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-08 09:04 . 2011-10-09 05:07 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-08 08:54 . 2011-10-09 05:07 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-11-07 21:41 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-11-07 21:41 . 2009-08-18 17:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-07 21:25 . 2011-11-07 21:25 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-11-06 08:18 . 2011-10-09 05:06 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-06 08:02 . 2011-11-06 08:02 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-15 08:53 . 2011-10-26 00:08 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-26 00:08 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-10-26 00:08 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-10-26 00:08 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-26 00:08 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-10-26 00:08 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-26 00:08 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-26 00:08 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-10-26 00:08 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-10-26 00:08 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-10-26 00:08 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-10-26 00:08 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-10-09 06:55 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-10-09 06:55 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-08 22:56 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-10-08 22:56 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-10-08 22:56 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-10-08 22:56 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-10-08 22:56 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-10-08 22:56 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-10-08 22:56 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-10-08 22:56 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-10-08 22:56 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-10-08 22:56 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-10-08 22:56 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-10-08 22:56 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2009-07-13 21:59 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-08 23:46 . 2011-10-08 23:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:25 . 2011-10-13 21:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 21:14 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-28 23:45 . 2011-09-28 23:45 15453832 ----a-w- c:\windows\SysWow64\xlive.dll
2011-09-28 23:45 . 2011-09-28 23:45 13642888 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2006-05-03 18:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 19:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 21:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 06:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-15_02.02.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:23 . 2010-11-21 03:23 14336 c:\windows\SysWOW64\slwga.dll
- 2009-07-14 04:54 . 2009-07-14 04:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-21 05:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-21 05:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2009-07-14 04:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-21 05:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2011-12-20 07:00 38270 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-21 05:21 31988 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-08 22:09 . 2011-12-21 05:21 10344 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2821252437-4125277900-2269453769-1001_UserData.bin
+ 2010-11-21 03:24 . 2010-11-21 03:24 15360 c:\windows\system32\slwga.dll
+ 2011-12-17 03:02 . 2011-12-17 00:44 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-07-14 05:30 . 2011-12-11 01:28 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-12-18 03:44 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\drivers\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 41472 c:\windows\system32\drivers\rndismpx.sys
- 2011-10-08 22:09 . 2011-12-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-08 22:09 . 2011-12-21 07:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-08 22:09 . 2011-12-21 07:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-08 22:09 . 2011-12-15 02:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-08 22:09 . 2011-12-15 02:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 22:09 . 2011-12-21 07:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 22:09 . 2011-12-21 07:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-08 22:09 . 2011-12-15 01:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-08 22:09 . 2011-12-21 07:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-08 22:09 . 2011-12-15 01:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 21:53 . 2011-12-20 06:39 3196 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-21 05:46 . 2011-12-21 05:46 9560 c:\windows\system32\NetworkList\Icons\{4720413C-F0EA-49CD-B25D-C1FA85454803}_48.bin
+ 2011-12-21 05:46 . 2011-12-21 05:46 4280 c:\windows\system32\NetworkList\Icons\{4720413C-F0EA-49CD-B25D-C1FA85454803}_32.bin
+ 2011-12-21 05:46 . 2011-12-21 05:46 2456 c:\windows\system32\NetworkList\Icons\{4720413C-F0EA-49CD-B25D-C1FA85454803}_24.bin
+ 2011-12-18 03:44 . 2011-12-18 03:44 9560 c:\windows\system32\NetworkList\Icons\{3E4BA57A-B1E6-49F1-9471-11D9B6A82960}_48.bin
+ 2011-12-18 03:44 . 2011-12-18 03:44 4280 c:\windows\system32\NetworkList\Icons\{3E4BA57A-B1E6-49F1-9471-11D9B6A82960}_32.bin
+ 2011-12-18 03:44 . 2011-12-18 03:44 2456 c:\windows\system32\NetworkList\Icons\{3E4BA57A-B1E6-49F1-9471-11D9B6A82960}_24.bin
+ 2011-12-19 20:22 . 2011-12-19 20:22 9560 c:\windows\system32\NetworkList\Icons\{367E51DC-7692-4222-9A4A-0907F47A73D6}_48.bin
+ 2011-12-19 20:22 . 2011-12-19 20:22 4280 c:\windows\system32\NetworkList\Icons\{367E51DC-7692-4222-9A4A-0907F47A73D6}_32.bin
+ 2011-12-19 20:22 . 2011-12-19 20:22 2456 c:\windows\system32\NetworkList\Icons\{367E51DC-7692-4222-9A4A-0907F47A73D6}_24.bin
- 2011-12-15 02:01 . 2011-12-15 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-21 07:31 . 2011-12-21 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-21 07:31 . 2011-12-21 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-15 02:01 . 2011-12-15 02:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-11-21 03:24 . 2011-10-08 22:06 833024 c:\windows\SysWOW64\user32.dll
+ 2010-11-21 03:24 . 2010-11-21 03:24 833024 c:\windows\SysWOW64\user32.dll
+ 2009-06-10 21:38 . 2009-06-10 21:38 113629 c:\windows\SysWOW64\slmgr.vbs
+ 2011-12-18 03:18 . 2011-12-18 03:18 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-21 03:24 . 2010-11-21 03:24 419840 c:\windows\system32\systemcpl.dll
- 2010-11-21 03:24 . 2011-10-08 22:06 419840 c:\windows\system32\systemcpl.dll
+ 2009-06-10 20:59 . 2009-06-10 20:59 113629 c:\windows\system32\slmgr.vbs
- 2009-07-14 02:36 . 2011-12-15 01:43 659580 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-21 06:45 659580 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-21 06:45 120508 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-15 01:43 120508 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-12-18 03:44 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-12-11 01:28 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:01 . 2011-12-21 07:29 483304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-15 02:00 483304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-19 20:35 . 2011-12-19 20:35 380928 c:\windows\Installer\{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}\iTunesIco.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24 1008128 c:\windows\system32\user32.dll
+ 2011-10-09 06:59 . 2011-12-21 07:29 11412918 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2821252437-4125277900-2269453769-1001-12288.dat
+ 2011-12-19 20:32 . 2011-12-19 20:32 44934656 c:\windows\Installer\a8df4.msi
+ 2011-12-19 20:32 . 2011-12-19 20:32 20304896 c:\windows\Installer\a824f.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-21 641400]
"iSnooze"="c:\program files (x86)\iSnooze\iSnooze.exe" [2009-03-30 569344]
"MusicManager"="c:\users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-11-30 13223936]
"Spotify"="c:\users\Ryan\AppData\Roaming\Spotify\Spotify.exe" [2011-12-20 4010160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-09-14 4958320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\cwe6vcoo.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2821252437-4125277900-2269453769-1001\Software\SecuROM\License information*]
"datasecu"=hex:a4,df,e9,73,0a,bb,ca,43,f3,fb,6d,fc,11,c0,50,4d,f4,80,4e,6c,ae,
6c,8d,ed,29,0a,e6,4e,fe,99,af,d9,09,07,92,cc,93,de,37,69,39,0a,fd,7c,97,b7,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:05,3c,43,02,0a,41,2a,13,f2,e3,3b,47,fb,50,04,04,fd,ec,a8,d3,96,
40,a8,10,bf,7b,e4,95,80,b3,7f,23,1e,42,b2,f9,9e,6b,27,b5,dc,fb,63,72,18,50,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:05,3c,43,02,0a,41,2a,13,f2,e3,3b,47,fb,50,04,04,fd,ec,a8,d3,96,
40,a8,10,bf,7b,e4,95,80,b3,7f,23,1e,42,b2,f9,9e,6b,27,b5,dc,fb,63,72,18,50,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2011-12-21 01:45:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-21 07:45
ComboFix2.txt 2011-12-20 02:11
ComboFix3.txt 2011-12-18 04:40
ComboFix4.txt 2011-12-15 02:07
.
Pre-Run: 531,984,203,776 bytes free
Post-Run: 531,377,274,880 bytes free
.
- - End Of File - - 9A7095DB5A5B03DA1157EF98791AFF97



OTL:



========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2821252437-4125277900-2269453769-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Cyagai not found.
C:\Users\Ryan\AppData\Roaming\Cyagai.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2821252437-4125277900-2269453769-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2821252437-4125277900-2269453769-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2821252437-4125277900-2269453769-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
ADS C:\ProgramData\Microsoft:3VQICBrOF32vcGBD9qhf1ooh deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:hvpqNwEMdMyFyrcfLqWTxNly deleted successfully.
ADS C:\ProgramData\Microsoft:bYFid3KUPzb5eZbGpOz7B2 deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Ryan\Downloads\cmd.bat deleted successfully.
C:\Users\Ryan\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Ryan\Downloads\cmd.bat deleted successfully.
C:\Users\Ryan\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Ryan\Downloads\cmd.bat deleted successfully.
C:\Users\Ryan\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Ryan\Downloads\cmd.bat deleted successfully.
C:\Users\Ryan\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mason

User: Public

User: Ryan
->Flash cache emptied: 104185 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mason

User: Public

User: Ryan
->Java cache emptied: 857330 bytes

User: UpdatusUser

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12202011_003918

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





VEW:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/12/2011 1:18:02 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/12/2011 8:32:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/12/2011 5:46:24 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 21/12/2011 5:43:19 AM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{54B7EC69-D547-412C-839A-6C0EF30510E8}. The backup browser is stopping.

Log: 'System' Date/Time: 20/12/2011 8:34:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 20/12/2011 8:33:07 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:30:54 PM on ?12/?20/?2011 was unexpected.

Log: 'System' Date/Time: 20/12/2011 6:59:28 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/12/2011 5:42:18 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\SHINSVAKA93-PC on the network \Device\NetBT_Tcpip_{54B7EC69-D547-412C-839A-6C0EF30510E8}. Browser master: \\SHINSVAKA93-PC Network: \Device\NetBT_Tcpip_{54B7EC69-D547-412C-839A-6C0EF30510E8} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 21/12/2011 2:16:58 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 20/12/2011 9:47:39 PM
Type: Warning Category: 0
Event: 4227 Source: Tcpip
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

Log: 'System' Date/Time: 20/12/2011 6:58:13 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#12
RKinner
Posted 21 December 2011 - 01:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Log: 'System' Date/Time: 20/12/2011 9:47:39 PM
Type: Warning Category: 0
Event: 4227 Source: Tcpip
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.


I've never seen this one before. Not exactly sure what is going on.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#13
Mr. Jack
Posted 22 December 2011 - 06:36 PM

Mr. Jack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bff32fc391fb8f4d8083cbf252405b9a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 01:20:49
# local_time=2011-12-22 07:20:49 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 76079371 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=418968
# found=9
# cleaned=9
# scan_time=24126
C:\Users\Ryan\Downloads\MacDrive-v8.0.5.31-Keygen.included.zip probably a variant of Win32/Agent.MKFQGHY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Ryan\Downloads\Ultimate Plugins Pack for After Effects 1.0 (Sept) [MULTi][WwW.ZoNaTorrent.CoM].iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Ryan\ZOMBIE-DRIVE-BACKUP\Applications\Cracks\Windows Activation AIO 2010\Windows Activation AIO.exe Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Ryan\ZOMBIE-DRIVE-BACKUP\Applications\Install\IP.Anonymous.Tool.2009(2).rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Ryan\ZOMBIE-DRIVE-BACKUP\Applications\Install\3DSMax\Crack\xf-a2010-32bits.rar a variant of Win32/Keygen.BL application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Ryan\ZOMBIE-DRIVE-BACKUP\Applications\Install\3DSMax\Crack\xf-a2010-64bits.rar a variant of Win32/Keygen.BL application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Ryan\ZOMBIE-DRIVE-BACKUP\Collections\Games\Portable\20_20Flash_20Shooter_20Games_20Portable_day_20dream3r_.rar probably a variant of Win32/TrojanDropper.VB.HYDJMCN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\temp\unp262478913.tmp a variant of Win32/HackKMS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12202011_003918\C_Users\Ryan\AppData\Roaming\Cyagai.exe Win32/Dorkbot.A worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bff32fc391fb8f4d8083cbf252405b9a
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 11:58:17
# local_time=2011-12-22 05:58:17 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 76120497 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=276283
# found=0
# cleaned=0
# scan_time=21245





BIT-DEFENDER



QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Thu Dec 22 18:34:06 2011
Machine ID: 88D0B27B



No infection found.
-------------------



Processes
---------
avast! Antivirus 1368 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus 3932 C:\Program Files\AVAST Software\Avast\AvastUI.exe
Firefox 4504 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 4496 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
iSnooze 3816 C:\Program Files (x86)\iSnooze\iSnooze.exe
Malwarebytes' Anti-Malware 2940 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Microsoft Office 2010 4092 C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
MobileDeviceService 2012 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Music Manager 3864 C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
NVIDIA Update Components 2776 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PnkBstrA.exe 2180 C:\Windows\SysWOW64\PnkBstrA.exe
razerhid Application 3924 C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
razertra Application 4084 C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
Stereo Vision Control Panel API Server 808 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
TeamViewer 2144 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
TeamViewer 2236 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
TeamViewer 3376 C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
µTorrent 3704 C:\Program Files (x86)\uTorrent\uTorrent.exe


Network activity
----------------
Process AvastSvc.exe (1368) connected on port 80 (HTTP) --> 74.125.227.10
Process AvastSvc.exe (1368) connected on port 80 (HTTP) --> 69.171.228.12
Process AvastSvc.exe (1368) connected on port 80 (HTTP) --> 66.235.142.24
Process AvastSvc.exe (1368) connected on port 80 (HTTP) --> 74.125.227.10
Process TeamViewer_Service.exe (2236) connected on port 5938 --> 46.165.192.225
Process uTorrent.exe (3704) connected on port 6969 --> 194.54.80.150
Process uTorrent.exe (3704) connected on port 80 (HTTP) --> 95.211.88.54
Process uTorrent.exe (3704) connected on port 6969 --> 194.54.80.150
Process firefox.exe (4504) connected on port 443 (HTTP over SSL) --> 74.125.227.77

Process TeamViewer_Service.exe (2236) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 5938


Autoruns and critical files
---------------------------
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
HDAudioCPL C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
iSnooze C:\Program Files (x86)\iSnooze\iSnooze.exe
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft® Windows® Operating System C:\Windows\system32\ssText3d.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Music Manager C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
razerhid Application C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
µTorrent C:\Program Files (x86)\uTorrent\uTorrent.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
ActiveGS NPAPI Plugin C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba\3.5.704_0\npActiveGS.dll
ActiveGS NPAPI Plugin C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba\3.5.704_1\npActiveGS.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
Adobe PDF Toolbar for IE c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll
avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
BitDefender QuickScan C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\cwe6vcoo.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
ESN Launch Mozilla Plugin C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
ESN Sonar API C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
Google Update C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
Java™ Platform SE 6 U27 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U27 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
Microsoft® Windows Live ID c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows Live ID C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Skype Toolbars C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll
Veetle TV Core C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
Veetle TV Player C:\Program Files (x86)\Veetle\Player\npvlc.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
MD5: 92bf049d7c4455ba2d8d4046714a76d7 C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Office\PDFMOfficeAddin.dll
MD5: 933f0a05f124250a63eb286e81a9f64a C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
MD5: 5bfb2a4f72211f76951b7679fb189ddc C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 808d6dccdb22bd097c33e4aa8be7d1a5 c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll
MD5: 8c4ac22616e77925135c221c46dc6307 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MD5: 848bc9a0bb2361e549fd4c22d7548fb8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 152f8772d5a5cd7883305c3b8d28470e C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: d4c4092e92a86ac100ca4023c619521a C:\Program Files (x86)\Common Files\Microsoft Shared\office14\1033\MSOINTL.DLL
MD5: ffc54fa19fd67dde232cfc0a87b0b1a7 C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MD5: 022fef4e72936bc44f669559aca66891 C:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso.dll
MD5: 58153a61b24881c06685188e763e851d C:\Program Files (x86)\Common Files\Microsoft Shared\office14\riched20.dll
MD5: 1d9c3d7a1f8838e6280fa3f7d1fe4ed8 C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
MD5: c675b863f7f2b4b0f3ddaaaa99b3ce12 C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
MD5: fbfe36b870595b771284e0b2199f51c2 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: 2ab164e328b537809d4b136334d5538b C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 2cb82e9dbfc4914e07b0e4ce6b0c2d2d C:\Program Files (x86)\iSnooze\iSnooze.exe
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: 6f158c6029d841a5f37708cc2bbf3362 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
MD5: 41700402834f793a8c06731e5cfba62a C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: d8d95f3867c2c93d012660e59e80db20 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MD5: 0af0c0c737ee9ba80a1c0b72fe9022c8 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 94e920be59b9ab65d95e582dbaa136ac C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 12a688fc3476a9a3f723c2c4927b6f4a C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
MD5: af8857e76625f468ed44e3d22e0dbc8d C:\Program Files (x86)\Microsoft Office\Office14\gfx.dll
MD5: f4a711affa63bce84677971bc6a005b3 C:\Program Files (x86)\Microsoft Office\Office14\oart.dll
MD5: 36a0f250c766d27bfe5a953c1a65b696 c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
MD5: bd4c601a0c7c2b5e06753c77b0f15cec C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 25532414a7a088553527a75b31df0592 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: acdda9608d9e9374227ae3981305da74 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 8bb7bee59f0287a0ead64957db67b532 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: 54e853f7cbb2a7114da3763bf9abd4d5 C:\Program Files (x86)\Mozilla Firefox\MOZCPP19.dll
MD5: 37ef3bb68aea271b600a1d2eec58cd2a C:\Program Files (x86)\Mozilla Firefox\MOZCRT19.dll
MD5: 3a5236be0bc729a077a80e2e5a716843 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: 3481a993bbbcef7f83938d3bbcba53c3 C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: b18ac873044816fcd21f6c742eea4556 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: 3c840551b5baafc45b3f02c789d4fc77 C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 15032e6af825451b861f0f941c344932 C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: c45c19f159f02a7a050c840dfccac489 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: 4585bff270a7f0bac15c15f131012578 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: 3a6b10e1d909da39716dfbb921a4842c C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: f9375875aa40bf4756d66ff692393aac C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: 1cd878ffa3b97d9008fa0e723ed996cb C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 3cf277c305780ffeb8be2f80276a9e37 C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: c30f05f0faa9c826b8578d0159fa7c83 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: eda70aba6202a5a152c6d8b5c5874ce9 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: 49f6273082e0341ddd4af0be02394da9 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: d2f353297cdf9197dc322f4c930009c0 C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 6bf3b3b67fede52ba67b35cb57b51e32 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: b93ecdb31ab5da3bf131d393f0e0511d C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 70b72c2411153b71e79c36e120ae302a C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MD5: 0ff69503e2e1fbeaf57bccc5136e14e0 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
MD5: 9e1222c417291bc836210743624a8e5e C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: a621d67e4b3f278c8664641ebf070d0d C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
MD5: 7e22de30e222bfdfcec7e77032baf3cd C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
MD5: b680b25dc3ebb07d05c3334b761eb28b C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
MD5: 9b969a39a3dfba303c752ee86fb36de8 C:\Program Files (x86)\Razer\Razer Lycosa\razerlan.dll
MD5: a4b10240f584208826c81ccffe91dc65 C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
MD5: c498be5880a699a469bf1b4e8c68c0c6 c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
MD5: 99881f047ea83fc0debc07369ab3f0a6 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
MD5: d6019dec6e31c17e0911b7fd1d8011a1 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Resource_en.dll
MD5: de09282b3abef632917ebedc4dcdfb56 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
MD5: be6748fd583f81b335476d2cb751515b C:\Program Files (x86)\TeamViewer\Version7\tv_w32.dll
MD5: b76f6aa351f283e4f247ddfc9c87a08f C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
MD5: 967e6bb91c215f621bc6d83589929f9e C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
MD5: 9c6f3f69163133fb8e56ac4a6e163452 C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
MD5: bce1d8c2bfb38d9f26efc5464a033533 C:\Program Files (x86)\uTorrent\uTorrent.exe
MD5: 866b027053f3a40bc36126d265c78e96 C:\Program Files (x86)\Veetle\Player\npvlc.dll
MD5: 576c325a4edcf05787ab692a2be1ba68 C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
MD5: 612e58fd17bc95e4fd8f880329873e11 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
MD5: ffaa62e671f4604f729063640befd039 C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: cd76996b881fb8e96b4ec2210e6934b8 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 9e9898d12608f8fbbd3ab3b9cde010c6 C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: b0e0b1b2f651e3c3917d4bec88be57f4 C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 082901e36e49bdd5ebe1aceaccfcabae C:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: 7748d2c035541cc6119cbd0676065555 C:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: e656b9bb3650fdc261110b5791e15ac9 C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 9f91b0d0f39c087de9b0eadde33f49ec C:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: 5b63496b23e9d1eabc75947fe51aaa00 C:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: ea1cfd8098399e7ffebc5014c130729b C:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: 3a5e076cbff22e52e5bc29222437e6f2 C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 852369f350aa2563938ab02f0eb8b431 C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: ca4ddb5cb61b905a4407c5fb76527437 C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: 12ccfcb4bfb998647439adc8dd58a8c1 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: a958d494cbbce0dfa989d8bb3d1b1841 C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: b821ced9f11f12f5dff8e983fc32aea2 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: bef4f20a11c0fe612d2d521a502cca52 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: cd8e2ba308973659b224631349a2f039 C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: db542d64f17ce2a804581ad6ae207db6 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: 1d352baff5a4b2e5e163bb6e652daf49 C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 5a996ce86bda5ff1b628b21b9871287a C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: 85e7f7d95de30a2008c75726cfc3ad61 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 928f0fc896d10b099588a1d5aa46b1bf C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: bdf5080dc5de21a5f662e45d57926233 C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: 58bc0980941cb7ad218345adf24261d4 C:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: 09cb9ae8bbc2512d9818987e721abe32 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: c3f2f11d2db6436b638ffb3befe97009 C:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: 6e659799d1b14096c4da0717a9ab86a8 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: 4f91c0b574919537defdb406ffd94430 C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: aee62a34b70cbea34ebe384d529312cb C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: 388d8dd599c04577edff52e79c451bd7 C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: f9446590f30e954f9ada62dda89dc321 C:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: 99d5d540f154f29896c2f570938c6ceb C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 328bc79bc53ba7a284c818dde88945d7 c:\program files\avast software\avast\aswwebrepie.dll
MD5: 996e6d052438e8d8dfd501f31560b2e0 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: f7226aa410954185160067d5fa82f3f2 C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: c4b742a1bac5f35d9223619f94acb45f C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: c2f16a726576390863b7ef6a4da9a185 C:\Program Files\AVAST Software\Avast\defs\11122201\algo.dll
MD5: a4092d52bb4eec82abe1ab9bf66f002d C:\Program Files\AVAST Software\Avast\defs\11122201\aswCmnBS.dll
MD5: 5ef9ebf61e8138870d926a575e9da801 C:\Program Files\AVAST Software\Avast\defs\11122201\aswCmnIS.dll
MD5: 5940a7924d4292c1ee8b9aa9eab15326 C:\Program Files\AVAST Software\Avast\defs\11122201\aswCmnOS.dll
MD5: 05e2effcd53e32862ee09c1edca790e4 C:\Program Files\AVAST Software\Avast\defs\11122201\aswEngin.dll
MD5: 42875a76f43c9690f2bae44498a7debb C:\Program Files\AVAST Software\Avast\defs\11122201\aswFiDb.dll
MD5: 1c9f1f1039b64327fa18becbb443cf67 C:\Program Files\AVAST Software\Avast\defs\11122201\aswRep.dll
MD5: 73ceedc12ee347b4894222c6f143ea4c C:\Program Files\AVAST Software\Avast\defs\11122201\aswScan.dll
MD5: 7f1e33db62dbc4adac93dc890757d785 C:\Program Files\AVAST Software\Avast\defs\11122201\uiExt.dll
MD5: ea5abee342925aa2c959e07fe6a95d5c C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 0a888754c63c3a5d8cd8f7492c62b40d C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 46d249f9db7844cc01050a9345f0f61b C:\Program Files\iPod\bin\iPodService.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 6eee2342e9d25ffe6dbfd8535d6471e7 C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba\3.5.704_0\npActiveGS.dll
MD5: 6eee2342e9d25ffe6dbfd8535d6471e7 C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba\3.5.704_1\npActiveGS.dll
MD5: a2668afe9856b7f193540acab9f0182a C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 8e5274932273a548bd7dc172ea8e225d C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MD5: 1040fef3d0639c29dacfcc5cd4748db8 C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MD5: 969580fdadcc16e87ea552e1644bbd84 C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MD5: 11e491085d92c969016215d2a92f10bc C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MD5: d549b8449c5662cd0ce457868650b25e C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\log4cxx.dll
MD5: f752a6a581c1f82c08ce5b808f1318b6 C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
MD5: e28e2965e37dfe81b78fa2f25d82d5da C:\Users\Ryan\AppData\Local\Programs\Google\MusicManager\pthread.dll
MD5: 6d74290856347cf8682277a54b433d4b C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\cwe6vcoo.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 5865a7993e167a11cedda9dabc705db3 C:\Windows\Downloaded Program Files\qsax.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: f6f213095d33ed25c57721c19289d9cf C:\Windows\system32\aac_parser.ax
MD5: 82b0b872a489541980f3334a6330399f C:\Windows\system32\ac3DX.ax
MD5: 42ba7372c3a5e7efbec986045cd1c102 C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: 84957d0ce4ff261b0081679eb9c0c006 C:\Windows\system32\AVCDX.ax
MD5: e24fe90e9de8d8ae70e59f7b01675def C:\Windows\system32\AVICAP32.dll
MD5: 45760eecc8b74b251171be4f247f17cb C:\Windows\system32\BROWCLI.DLL
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 6fbaa0f8e9f6552ccefd6bcf5a2e1060 C:\Windows\system32\CoreAAC.ax
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 64ca3862d74ea610cd64dc6ad652db5e C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll
MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: 62c08c8fe06eba769e1e7bc98ae47234 C:\Windows\system32\DiracSplitter.ax
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 6b5742c830ffadbd9f1ba7ac7b29bb57 C:\Windows\system32\dwrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: f8bef2a3a77a22880bce13382d9302ce C:\Windows\system32\FLACDX.ax
MD5: 8453687a045c926f0291301ebaf50370 C:\Windows\system32\flvDX.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\Iphlpapi.DLL
MD5: 1f6080e8af9791687d946907644f01b3 C:\Windows\system32\jsproxy.dll
MD5: f3f571288cde445881102e385bf3471f C:\Windows\system32\Magnification.dll
MD5: 8bc9db92c4b2f3be89185beab2afc1f6 C:\Windows\system32\mapi32.dll
MD5: a5408051b49a1bfd3c3ed889a318cc42 C:\Windows\system32\MatroskaDX.ax
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\system32\MMDevAPI.DLL
MD5: 4cb18f87c6bcf550ef48632935c80b5f C:\Windows\system32\MPCDx.ax
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\system32\mscoree.dll
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll
MD5: 21d8f42d54598b73c2e1a9571399113b C:\Windows\system32\msfDX.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: c335ec1182ac10b188705554e0bc1186 C:\Windows\system32\MSVFW32.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\System32\mswsock.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: e4b6b932b6e5ce386627ceea2a0a0f4c C:\Windows\system32\nbDX.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NetApi32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll
MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll
MD5: fef761350dd13d7d54c58cc4e334dac4 C:\Windows\system32\nvapi.dll
MD5: 26430bc34d19df5f2f76b86b986eca6d C:\Windows\system32\nvwgf2um.dll
MD5: 7d34af98a706230cc2dedfe0cabf87ab C:\Windows\system32\ODBC32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\propsys.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 48b32991b01ffa2535050d4457f4b6d3 C:\Windows\system32\RealMediaDX.ax
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.DLL
MD5: 624293ccba93b2dd1c062894977e7dcc C:\Windows\system32\RLAPEDec.ax
MD5: 39396c3c3e4fb46fb3e087d4101a30be C:\Windows\system32\RLMPCDec.ax
MD5: 00817d79cc4282859e9f5685ba686469 C:\Windows\system32\RLOgg.ax
MD5: d126cd64568b093e6faddadce6fd0a47 C:\Windows\system32\RLSpeexDec.ax
MD5: 8bd08b7bef08cb2f576832e88c70de93 C:\Windows\system32\RLTheoraDec.ax
MD5: e25ed3eca867ee19be516528650e0506 C:\Windows\system32\RLVorbisDec.ax
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: a8ce0c7f1d37e0b8082608a148b6b976 C:\Windows\system32\secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\system32\setupapi.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: ad6db3f85d329aba90eaf7b2d8a2eea9 C:\Windows\system32\ssText3d.scr
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 71904b089f4a0d8f6bc46ce52a457836 C:\Windows\system32\TAKDSDecoder.ax
MD5: 6d8bdea7fb2e1a8461acd4970627e95a C:\Windows\system32\TAKDSDecoder.dll
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 6db323f64f10dd6a8d9159dafa97fa41 C:\Windows\system32\TTADSDecoder.ax
MD5: 555c91496e3584b6fc00ca0a1ce899eb C:\Windows\system32\TTADSSplitter.ax
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: 866ed31801b008cacfb3276f78ab5800 C:\Windows\System32\uxtuneup.dll
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: 02c61d8ad469417f5508225c75de3236 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\system32\Wintrust.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\system32\WSCAPI.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\Wtsapi32.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: d029a6232e1d87b8cd707c1486020217 C:\Windows\SysWOW64\ieframe.dll
MD5: 35b39fdaa786ec7cef7eec5a6e8df854 C:\Windows\syswow64\iertutil.dll
MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\syswow64\IMM32.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: de3745a51b7ac7fedc356a83f76c8023 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: d124f55b9393c976963407dff51ffa79 C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: 3a2bdd76e7d2a5f40a7174793d1ba794 C:\Windows\SysWOW64\PnkBstrA.exe
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 16ab4bd2acc52109f43739bf0e89e18f C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 12583af6cbe0050651eaf2723b3ad7b3 C:\Windows\SysWOW64\speedfan.sys
MD5: 7224d964a6d657374c551c878eb2c386 C:\Windows\syswow64\SspiCli.dll
MD5: 6773e5901026c70f738d239c020f2722 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: a4ee3d80e31d5a3ca8ebe6a67a06cec0 c:\windows\syswow64\webcheck.dll
MD5: dbf24e87cb605a4f6e7424dd86f7a62c C:\Windows\syswow64\wininet.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: db001faea818ae2e14a74e0adc530fc0 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCP90.dll
MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.03 MB sent, 1.43 KB recvd
Scanned 465 files and modules - 28 seconds

==============================================================================
  • 0

#14
RKinner
Posted 22 December 2011 - 07:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall uTorrent. Seems like it is going crazy.

Other than that I think you are probably clean now.

We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP