Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Links redirect to ads

Started by asdfq321 , Feb 29 2012 08:55 PM

  • This topic is locked This topic is locked

#1
asdfq321
Posted 29 February 2012 - 08:55 PM

asdfq321

    Member

  • Member
  • PipPip
  • 15 posts
Problem is pretty simple, clicking links (in google search results, image thumbnails, etc) sometimes redirects the page to an advertisement instead. This occurs in Firefox, chrome, and in steam browser. I've tried running rkill then malwarebytes in safe mode, but no luck there. Any help would be appreciated, thanks in advance! Here is OTL log:

OTL logfile created on: 2/29/2012 9:40:30 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Eric\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.22% Memory free
8.00 Gb Paging File | 5.78 Gb Available in Paging File | 72.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 459.33 Gb Free Space | 49.31% Space Free | Partition Type: NTFS
Drive D: | 7.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 931.51 Gb Total Space | 130.79 Gb Free Space | 14.04% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 21:40:05 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Downloads\OTL.exe
PRC - [2012/02/22 23:11:31 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/02/17 23:17:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/22 20:20:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/14 04:11:28 | 002,006,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2011/08/02 02:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/05 11:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/21 10:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/12/15 13:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/08/13 19:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 23:11:31 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/02/22 23:11:30 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2012/02/22 23:11:30 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/02/22 23:11:30 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2012/02/22 23:11:30 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2012/02/19 15:52:08 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/17 23:17:58 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/02 23:12:40 | 000,098,304 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\foobar2000\user-components\foo_input_alac\foo_input_alac.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/20 12:21:14 | 001,457,664 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2011/09/14 04:11:28 | 002,006,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
MOD - [2011/09/14 04:10:12 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2011/09/14 04:09:52 | 000,365,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2011/09/14 04:09:46 | 001,130,496 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2011/09/14 04:09:40 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2011/09/14 04:09:32 | 000,480,256 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2011/09/14 04:09:32 | 000,283,136 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2011/09/14 04:09:06 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
MOD - [2011/09/14 04:08:24 | 000,275,456 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
MOD - [2011/09/14 04:08:22 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
MOD - [2011/09/14 04:07:44 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2010/04/21 07:48:00 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2007/07/19 14:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/17 02:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/22 23:11:31 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/31 23:15:36 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/16 22:10:08 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/29 13:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 13:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/14 17:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/03/29 03:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/14 04:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 DD 1F 3E 4D AE CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 23:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 00:35:53 | 000,000,000 | ---D | M]

[2012/02/06 20:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2012/02/26 21:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wa5svetl.default\extensions
[2012/02/27 22:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/27 22:14:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WA5SVETL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WA5SVETL.DEFAULT\EXTENSIONS\[email protected]
[2012/02/17 23:17:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/09/20 22:22:13 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/13 03:38:34 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 93.115.241.28 www.google-analytics.com.
O1 - Hosts: 93.115.241.28 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.28 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [\\IOMEGA-0A4E29\Printer1] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICJA.EXE /FU "C:\Windows\TEMP\E_S7637.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus Photo RX680 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICJA.EXE /FU "C:\Windows\TEMP\E_S732B.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CA3A17-9CC8-402C-8A9D-DC90054C809C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 19:45:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7DC451D8-2EBE-4ED8-91F8-33D7A8FD817A}
[2012/02/29 19:45:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C2E354E1-18CE-46CB-93B5-95B432FEE2D8}
[2012/02/29 03:02:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4E70C81C-318D-4934-A4A6-FC0EB9EB1346}
[2012/02/29 03:02:06 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8FE4180E-1626-4899-AE97-8086D2888CC6}
[2012/02/28 15:01:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDB53D9D-2F59-4222-920F-63BD9ED52A97}
[2012/02/28 15:01:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0EF8FB32-7199-4929-9118-E08BA921153A}
[2012/02/28 03:01:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C15FD429-F178-47EB-A16B-A9CA0B39234D}
[2012/02/28 03:00:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{14DC3890-FF85-43CA-B9C2-F950A2E07689}
[2012/02/27 15:00:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AA793FDE-F5FC-4477-9C25-E56C37300AEE}
[2012/02/27 15:00:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{15357971-DEB1-41C9-BABE-2EEE860FB4FF}
[2012/02/27 02:59:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{772EF5D7-47B3-44BC-A3DF-F4ACF7E820A6}
[2012/02/27 02:59:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8AE0F9BF-9E2F-4D31-92FB-1F07F7836ECA}
[2012/02/26 14:59:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B3BEAB51-B0BB-4549-86BD-8A7BEF100B80}
[2012/02/26 14:59:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E8057646-4440-4A43-9E99-028F74E831EC}
[2012/02/25 17:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/02/25 17:22:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{948140DF-827C-4430-B8E8-9452EC212E4F}
[2012/02/25 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{47342595-75CC-40DD-ABFA-3CB488B2E0C6}
[2012/02/25 03:51:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BE3C02D2-944C-4521-B94B-777C4853658A}
[2012/02/25 03:51:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{31C5CCD8-46C6-4421-BAC7-4AAF7078114F}
[2012/02/24 15:50:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DE02246C-987D-4B86-BFC0-36EB28F6FF81}
[2012/02/24 15:50:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6972D369-1038-4F47-BF1B-120F0E1B84B9}
[2012/02/24 01:01:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/23 19:28:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AE775AAB-B17A-4DB6-8056-BC0A42ED22DA}
[2012/02/23 19:28:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2F9E6CDF-9F01-400D-8F67-AC33A6CA193D}
[2012/02/22 21:38:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{00A3D160-5BD7-45CC-914B-EA21629B28CA}
[2012/02/22 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C8A28616-CD99-4A0B-905A-936B0EB4AD0B}
[2012/02/22 09:37:21 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DBE675EF-772F-4B5F-8F65-FFF9F2722903}
[2012/02/22 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{42276683-002E-4A53-9AB9-1D8C736508DD}
[2012/02/21 19:13:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{51860598-7127-40BD-8A25-4E62BC51D055}
[2012/02/21 19:13:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4CDCC8A8-B014-4ECA-9BFC-78571E2CCCFE}
[2012/02/21 03:26:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3A7733C1-5076-42B5-98C1-2758807D050B}
[2012/02/21 03:26:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1EA7FB0E-6FD7-4210-97D7-FADC8280B2E6}
[2012/02/20 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{39B1E851-FCC8-425F-8201-54E357E82E28}
[2012/02/20 15:25:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C99DA613-0610-4A38-8E1E-4F0E8BE42C16}
[2012/02/20 03:25:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2DB57870-F7B9-4AA3-A405-46B3CA206E68}
[2012/02/20 03:25:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{941A06DC-6A5F-4B46-B099-5BA92F60288A}
[2012/02/19 15:24:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{FD282E04-88AB-437D-A292-7D5E645F651C}
[2012/02/19 15:24:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DC4446F9-37CD-4ECB-A741-15E296E82DFB}
[2012/02/19 03:04:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{50FDA3CB-80E4-425B-88E5-9489B3D1F22F}
[2012/02/19 03:04:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7BE5065F-3C3B-42A7-A79F-0692E0FC6A42}
[2012/02/18 15:03:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{82129539-76B3-4778-9525-903E470CF7DD}
[2012/02/18 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1E93D142-539C-46B7-B38C-E86BE8C430E7}
[2012/02/18 02:22:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{01AFB3C9-0737-4154-B54C-E1E5E3461258}
[2012/02/18 02:22:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CA45D982-5DC0-45C9-A818-55C84E2B0454}
[2012/02/17 14:22:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D2A4ABFC-E177-42EA-9553-4DA2F07458F5}
[2012/02/17 14:22:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{37FAF0FD-9EA7-4B76-AD78-279CFF1EDB13}
[2012/02/16 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{84A7980C-88FE-4CBD-A109-9025912B124D}
[2012/02/16 18:43:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C4119A00-9EAF-4130-AA82-D3E282A70F0E}
[2012/02/16 04:04:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{457B3873-4D60-49E3-90D8-45B73119CA3E}
[2012/02/16 04:04:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{30FE5775-2D06-445C-9A93-F7864E4B11D6}
[2012/02/15 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D59ECEAC-7A6D-4942-AC6B-749B8FA569B0}
[2012/02/15 16:03:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5C9A2A1C-17D8-4CD9-AA9E-A9A487021E32}
[2012/02/15 03:08:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8A8F07E1-36F6-4170-8F70-3DF4B07F31B5}
[2012/02/15 03:08:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{857BF6B6-5D02-4D85-A5F8-C8DB68CE6CA8}
[2012/02/14 15:08:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B45C6BAF-5159-4EB8-A11D-9A470ABD8F94}
[2012/02/14 15:08:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AA8880E2-DF05-45C5-8E39-483B0D12F9DF}
[2012/02/14 03:07:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AAA1CD9-D134-4D8F-BDA3-70092B02C6F8}
[2012/02/14 03:07:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1EA6844A-793C-4164-9F80-0A313C38CF60}
[2012/02/13 15:07:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C8E50388-E4EE-4763-9B94-6469160B9DA7}
[2012/02/13 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{FF89DE11-3611-4071-B310-1A55B251EEDE}
[2012/02/13 03:06:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CB078B41-B990-4E97-856F-6746356DF3AD}
[2012/02/13 03:06:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{858B753F-FFD6-4774-95FA-A5EB3D091E10}
[2012/02/12 15:06:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{88E3E433-33AD-4077-9BB5-FA2A97C6C422}
[2012/02/12 15:05:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F82AD51A-9DDB-4D88-BC62-EBF7BED42C1D}
[2012/02/12 01:37:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{25CAF0A1-EDE2-4A7D-8913-356345E1E1F7}
[2012/02/12 01:37:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{182C8D47-798E-44FD-A4DD-F7A2ACAF2577}
[2012/02/11 15:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012/02/11 15:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012/02/11 13:37:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CBFFE803-A3F2-41CF-AAED-0EACD0449B6D}
[2012/02/11 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C3F28B7E-C7F9-4612-9BB6-55808EEE9482}
[2012/02/10 21:32:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E1BD0600-7BF7-46E9-AF93-4EACFEFFB801}
[2012/02/10 21:31:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6E1827E9-F6F8-44BA-86C5-48DDAA77021A}
[2012/02/10 09:31:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{68D86339-A519-4941-BB0D-00C37E97F2DD}
[2012/02/10 09:31:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{83ABFCC9-F058-48E4-892E-C8E0AC7A754E}
[2012/02/09 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Science Fair Pictures
[2012/02/09 21:00:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Activision
[2012/02/09 20:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty - World at War
[2012/02/09 20:22:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E9437C00-4000-4824-A0BE-D5A63F2FA86E}
[2012/02/09 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DA1BB083-E6EE-42B3-95B3-4977DBBA3B59}
[2012/02/09 08:21:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CECF5241-931E-47E3-A03A-E45A56170D07}
[2012/02/09 08:21:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{13320A34-5D3E-4433-B29C-7103C1DC8BDD}
[2012/02/08 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1B0D3077-EC05-4906-AB72-FD8B2BDA1456}
[2012/02/08 15:51:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0C237CA0-2C85-48B9-AEE0-CC48C36E84F7}
[2012/02/08 03:08:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2C99ABDC-E0ED-4FD7-A26F-DCC96567103D}
[2012/02/08 03:08:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0CDEADA1-8655-479F-AAC9-B63457C14C91}
[2012/02/08 00:34:06 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Youtube Downloader HD
[2012/02/08 00:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
[2012/02/08 00:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youtube Downloader HD
[2012/02/07 15:07:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B33C878C-DDFD-40B2-AA34-B499FF620C24}
[2012/02/07 15:07:45 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5D1176C4-959B-4556-9C00-690BE9C73FC5}
[2012/02/07 03:07:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C768DC4B-C72D-44F0-9C20-D33C0EE401E8}
[2012/02/07 03:07:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D8500012-B8DA-40E8-81DD-C7F02BA1A35C}
[2012/02/07 00:21:56 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/07 00:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/02/06 20:59:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Mozilla
[2012/02/06 15:06:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F750113E-1DAF-4E8F-B1D1-FF8C0DB41A28}
[2012/02/06 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AAB3675-A67D-4336-9772-40F08D6537C6}
[2012/02/06 03:06:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8F62C919-AC86-4339-AB66-3A4F3B612726}
[2012/02/06 03:05:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CC051208-B3E7-4CE9-8358-75A730CF9E2C}
[2012/02/05 15:05:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6DCA4231-0667-456F-95C1-240E2DF6E85C}
[2012/02/05 15:05:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{85150FF1-F79F-47FD-8F1D-D84AEAF13ACC}
[2012/02/05 03:01:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/05 03:00:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Google
[2012/02/05 02:49:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/05 02:47:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\GooredFix Backups
[2012/02/05 01:56:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E6307D27-C481-4988-B5E2-15B3095830EB}
[2012/02/05 01:56:35 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C1818A09-B232-42D5-B9C3-493B65989B09}
[2012/02/04 13:56:21 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0AD5B4CF-1C39-4FEC-B0B7-E4BBE115E65C}
[2012/02/04 13:56:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{83829F6D-D33A-4354-8E22-C500535AF844}
[2012/02/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\msHelpEnum
[2012/02/03 20:13:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A9302F74-0BDD-4075-978F-9C524DEB538F}
[2012/02/03 20:13:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3191D4C1-188F-48EA-AC6B-B22CDEEADCCB}
[2012/02/02 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2D80C52C-9A39-4658-B2BF-03FF6FD8A1B2}
[2012/02/02 16:47:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5B32353A-B499-42FD-B13C-8425DC5C4E2D}
[2012/02/01 20:19:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7414ADB4-C346-454D-A564-FA847F2AC502}
[2012/02/01 20:19:45 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F9AC96B8-CAEF-4B9C-AB85-EA0140A2BF38}
[2012/02/01 08:19:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DDAEEC62-1896-4EC1-A0B0-D023F8372C4B}
[2012/02/01 08:19:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8C42B221-82C6-4E6C-A673-D0956FF27A16}
[2012/01/31 22:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/31 22:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/31 22:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/31 22:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/31 15:57:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5B80C1B3-37BD-427B-B931-46CA880B7366}
[2012/01/31 15:57:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{43AE2506-7C91-4744-8613-851A81D7A674}
[2012/01/31 03:57:02 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3D465821-1515-4326-AA6C-8EACE7C919BE}
[2012/01/31 03:56:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F09C9574-D11B-495E-814A-96CE1BCF0A88}

========== Files - Modified Within 30 Days ==========

[2012/02/29 21:05:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001UA.job
[2012/02/29 19:52:17 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 19:52:17 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 19:44:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/29 19:44:05 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/29 03:11:09 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001Core.job
[2012/02/27 22:18:09 | 000,002,391 | ---- | M] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2012/02/26 22:26:04 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/26 22:26:04 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/26 22:26:04 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/24 21:31:12 | 001,253,656 | ---- | M] () -- C:\Users\Eric\Documents\sexualutopia.pdf
[2012/02/15 23:54:09 | 000,003,240 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile3.dat
[2012/02/15 23:54:09 | 000,001,772 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile4.dat
[2012/02/15 23:54:09 | 000,001,770 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile0.dat
[2012/02/15 23:54:09 | 000,001,768 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile1.dat
[2012/02/15 23:54:09 | 000,001,766 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile2.dat
[2012/02/15 19:32:20 | 000,310,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 00:18:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/14 00:18:37 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/13 15:39:03 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2012/02/13 15:39:03 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2012/02/11 01:40:11 | 002,516,996 | ---- | M] () -- C:\Users\Eric\Documents\meinkampf.pdf
[2012/02/07 00:21:56 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/06 20:59:01 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/04 23:09:41 | 000,125,489 | ---- | M] () -- C:\Users\Eric\Desktop\My Movie.wlmp
[2012/01/31 22:27:55 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/02/24 21:31:12 | 001,253,656 | ---- | C] () -- C:\Users\Eric\Documents\sexualutopia.pdf
[2012/02/13 15:39:03 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2012/02/13 15:39:03 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2012/02/11 01:40:11 | 002,516,996 | ---- | C] () -- C:\Users\Eric\Documents\meinkampf.pdf
[2012/02/09 20:57:53 | 000,000,468 | ---- | C] () -- C:\Program Files (x86)\cod5key.reg
[2012/02/09 20:57:53 | 000,000,090 | ---- | C] () -- C:\Program Files (x86)\visit-forum.bat
[2012/02/07 00:19:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/07 00:19:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/06 20:59:01 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/06 20:59:01 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/05 03:01:06 | 000,002,391 | ---- | C] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2012/02/05 03:00:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001UA.job
[2012/02/05 03:00:19 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001Core.job
[2012/02/04 23:09:41 | 000,125,489 | ---- | C] () -- C:\Users\Eric\Desktop\My Movie.wlmp
[2012/01/31 22:27:55 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/07 01:49:51 | 000,126,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/02 03:21:54 | 000,005,632 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/09 05:26:10 | 000,000,448 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/30 05:16:37 | 000,000,017 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/08/11 01:00:29 | 000,001,772 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile4.dat
[2011/08/10 21:51:33 | 000,003,240 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile3.dat
[2011/08/10 21:51:33 | 000,001,770 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile0.dat
[2011/08/10 21:51:33 | 000,001,768 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile1.dat
[2011/08/10 21:51:33 | 000,001,766 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile2.dat
[2011/08/10 21:41:56 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

========== LOP Check ==========

[2011/10/31 23:16:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite
[2012/02/29 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\foobar2000
[2011/11/29 01:34:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ICAClient
[2011/10/11 00:04:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ImgBurn
[2011/08/12 03:18:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/11/20 00:43:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LolClient
[2011/08/11 01:06:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SharePod
[2012/01/24 23:35:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SystemRequirementsLab
[2012/02/28 16:55:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2012/02/08 00:45:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Youtube Downloader HD
[2012/02/10 20:55:26 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
sempai
Posted 05 March 2012 - 09:57 PM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello asdfq321 and sorry about the delay.

I need to see a fresh log so please run another scan with OTL and post the new report for my review. Thanks.
  • 0

#3
asdfq321
Posted 06 March 2012 - 01:55 AM

asdfq321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL logfile created on: 3/6/2012 2:48:40 AM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Eric\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 60.95% Memory free
8.00 Gb Paging File | 5.52 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 454.51 Gb Free Space | 48.79% Space Free | Partition Type: NTFS
Drive D: | 7.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 21:40:05 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Downloads\OTL.exe
PRC - [2012/02/22 23:11:31 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/02/17 23:17:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/22 20:20:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/14 04:11:28 | 002,006,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2011/08/02 02:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/05 11:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/21 10:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/12/15 13:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/08/13 19:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 23:11:31 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/02/22 23:11:31 | 000,214,528 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssvoice.asi
MOD - [2012/02/22 23:11:31 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\mssmp3.asi
MOD - [2012/02/22 23:11:30 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2012/02/22 23:11:30 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/02/22 23:11:30 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2012/02/22 23:11:30 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2012/02/17 23:17:58 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/02 23:12:40 | 000,098,304 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\foobar2000\user-components\foo_input_alac\foo_input_alac.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/20 12:21:14 | 001,457,664 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2011/09/14 04:11:28 | 002,006,528 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
MOD - [2011/09/14 04:10:12 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2011/09/14 04:09:52 | 000,365,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2011/09/14 04:09:46 | 001,130,496 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2011/09/14 04:09:40 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2011/09/14 04:09:32 | 000,480,256 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2011/09/14 04:09:32 | 000,283,136 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2011/09/14 04:09:06 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
MOD - [2011/09/14 04:08:24 | 000,275,456 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
MOD - [2011/09/14 04:08:22 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
MOD - [2011/09/14 04:07:44 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2010/04/21 07:48:00 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2007/07/19 14:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/17 02:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/22 23:11:31 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/31 23:15:36 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/16 22:10:08 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/29 13:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 13:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/14 17:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/03/29 03:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/14 04:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 DD 1F 3E 4D AE CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 23:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 00:35:53 | 000,000,000 | ---D | M]

[2012/02/06 20:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2012/02/26 21:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wa5svetl.default\extensions
[2012/02/27 22:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/27 22:14:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WA5SVETL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WA5SVETL.DEFAULT\EXTENSIONS\[email protected]
[2012/02/17 23:17:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/09/20 22:22:13 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/13 03:38:34 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 93.115.241.28 www.google-analytics.com.
O1 - Hosts: 93.115.241.28 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.28 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [\\IOMEGA-0A4E29\Printer1] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICJA.EXE /FU "C:\Windows\TEMP\E_S7637.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus Photo RX680 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICJA.EXE /FU "C:\Windows\TEMP\E_S732B.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CA3A17-9CC8-402C-8A9D-DC90054C809C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 15:33:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{FA52430A-C5C4-4291-ADE1-F8F6265310D1}
[2012/03/05 15:33:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0D9F371C-FB2D-4900-993B-CBDFA667B47D}
[2012/03/05 02:40:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{82831450-C159-4D83-9E4B-4FBE6371533F}
[2012/03/05 02:39:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{90EA0465-B4F8-4F3F-9D5F-5C89E6F7D358}
[2012/03/04 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E4AC4ED8-5E48-4764-B8BF-0427779F1B06}
[2012/03/04 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4AC3F7D1-2A90-40EE-8FCE-980172B15D09}
[2012/03/04 02:39:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{69759842-CA80-43E4-B1B5-03A1BC9DE756}
[2012/03/04 02:38:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AF33F17A-A776-4A5A-AAB4-0360B1D80970}
[2012/03/03 14:38:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{A7EF7C69-B2FB-4A0D-A111-5B65F1A74FFD}
[2012/03/03 14:38:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{08360AFA-E0FF-46FF-ACD2-742AF4CF9223}
[2012/03/03 01:46:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B5CD6112-243C-4AF4-94C1-DA31B2C1A355}
[2012/03/03 01:46:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0FDDAA5F-3FD7-4ACA-98BE-F808D223B87E}
[2012/03/02 13:46:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2D47821E-4980-4AF4-8A8D-7885DBADBD7C}
[2012/03/02 13:46:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B15954DB-5D5A-4BA0-9727-294B24ADDC1B}
[2012/03/01 21:36:14 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{71AE575A-0CA6-46C7-8ED7-B10246166E22}
[2012/03/01 21:36:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DDE9359C-87EA-488C-AE4E-0062BBE79B9E}
[2012/03/01 09:35:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{439CF347-4DF6-40B1-8422-34151B0A6AA8}
[2012/03/01 09:35:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7E4617E8-4FAD-4E17-B63B-FF938496A236}
[2012/02/29 19:45:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7DC451D8-2EBE-4ED8-91F8-33D7A8FD817A}
[2012/02/29 19:45:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C2E354E1-18CE-46CB-93B5-95B432FEE2D8}
[2012/02/29 03:02:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4E70C81C-318D-4934-A4A6-FC0EB9EB1346}
[2012/02/29 03:02:06 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8FE4180E-1626-4899-AE97-8086D2888CC6}
[2012/02/28 15:01:40 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CDB53D9D-2F59-4222-920F-63BD9ED52A97}
[2012/02/28 15:01:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0EF8FB32-7199-4929-9118-E08BA921153A}
[2012/02/28 03:01:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C15FD429-F178-47EB-A16B-A9CA0B39234D}
[2012/02/28 03:00:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{14DC3890-FF85-43CA-B9C2-F950A2E07689}
[2012/02/27 15:00:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AA793FDE-F5FC-4477-9C25-E56C37300AEE}
[2012/02/27 15:00:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{15357971-DEB1-41C9-BABE-2EEE860FB4FF}
[2012/02/27 02:59:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{772EF5D7-47B3-44BC-A3DF-F4ACF7E820A6}
[2012/02/27 02:59:36 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8AE0F9BF-9E2F-4D31-92FB-1F07F7836ECA}
[2012/02/26 14:59:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B3BEAB51-B0BB-4549-86BD-8A7BEF100B80}
[2012/02/26 14:59:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E8057646-4440-4A43-9E99-028F74E831EC}
[2012/02/25 17:22:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{948140DF-827C-4430-B8E8-9452EC212E4F}
[2012/02/25 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{47342595-75CC-40DD-ABFA-3CB488B2E0C6}
[2012/02/25 03:51:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{BE3C02D2-944C-4521-B94B-777C4853658A}
[2012/02/25 03:51:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{31C5CCD8-46C6-4421-BAC7-4AAF7078114F}
[2012/02/24 15:50:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DE02246C-987D-4B86-BFC0-36EB28F6FF81}
[2012/02/24 15:50:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6972D369-1038-4F47-BF1B-120F0E1B84B9}
[2012/02/24 01:01:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/23 19:28:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AE775AAB-B17A-4DB6-8056-BC0A42ED22DA}
[2012/02/23 19:28:39 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2F9E6CDF-9F01-400D-8F67-AC33A6CA193D}
[2012/02/22 21:38:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{00A3D160-5BD7-45CC-914B-EA21629B28CA}
[2012/02/22 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C8A28616-CD99-4A0B-905A-936B0EB4AD0B}
[2012/02/22 09:37:21 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DBE675EF-772F-4B5F-8F65-FFF9F2722903}
[2012/02/22 09:37:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{42276683-002E-4A53-9AB9-1D8C736508DD}
[2012/02/21 19:13:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{51860598-7127-40BD-8A25-4E62BC51D055}
[2012/02/21 19:13:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{4CDCC8A8-B014-4ECA-9BFC-78571E2CCCFE}
[2012/02/21 03:26:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3A7733C1-5076-42B5-98C1-2758807D050B}
[2012/02/21 03:26:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1EA7FB0E-6FD7-4210-97D7-FADC8280B2E6}
[2012/02/20 15:25:48 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{39B1E851-FCC8-425F-8201-54E357E82E28}
[2012/02/20 15:25:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C99DA613-0610-4A38-8E1E-4F0E8BE42C16}
[2012/02/20 03:25:11 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2DB57870-F7B9-4AA3-A405-46B3CA206E68}
[2012/02/20 03:25:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{941A06DC-6A5F-4B46-B099-5BA92F60288A}
[2012/02/19 15:24:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{FD282E04-88AB-437D-A292-7D5E645F651C}
[2012/02/19 15:24:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DC4446F9-37CD-4ECB-A741-15E296E82DFB}
[2012/02/19 03:04:23 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{50FDA3CB-80E4-425B-88E5-9489B3D1F22F}
[2012/02/19 03:04:12 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{7BE5065F-3C3B-42A7-A79F-0692E0FC6A42}
[2012/02/18 15:03:58 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{82129539-76B3-4778-9525-903E470CF7DD}
[2012/02/18 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1E93D142-539C-46B7-B38C-E86BE8C430E7}
[2012/02/18 02:22:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{01AFB3C9-0737-4154-B54C-E1E5E3461258}
[2012/02/18 02:22:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CA45D982-5DC0-45C9-A818-55C84E2B0454}
[2012/02/17 14:22:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D2A4ABFC-E177-42EA-9553-4DA2F07458F5}
[2012/02/17 14:22:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{37FAF0FD-9EA7-4B76-AD78-279CFF1EDB13}
[2012/02/16 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{84A7980C-88FE-4CBD-A109-9025912B124D}
[2012/02/16 18:43:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C4119A00-9EAF-4130-AA82-D3E282A70F0E}
[2012/02/16 04:04:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{457B3873-4D60-49E3-90D8-45B73119CA3E}
[2012/02/16 04:04:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{30FE5775-2D06-445C-9A93-F7864E4B11D6}
[2012/02/15 16:03:37 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D59ECEAC-7A6D-4942-AC6B-749B8FA569B0}
[2012/02/15 16:03:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5C9A2A1C-17D8-4CD9-AA9E-A9A487021E32}
[2012/02/15 03:08:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8A8F07E1-36F6-4170-8F70-3DF4B07F31B5}
[2012/02/15 03:08:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{857BF6B6-5D02-4D85-A5F8-C8DB68CE6CA8}
[2012/02/14 15:08:19 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B45C6BAF-5159-4EB8-A11D-9A470ABD8F94}
[2012/02/14 15:08:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{AA8880E2-DF05-45C5-8E39-483B0D12F9DF}
[2012/02/14 03:07:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AAA1CD9-D134-4D8F-BDA3-70092B02C6F8}
[2012/02/14 03:07:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1EA6844A-793C-4164-9F80-0A313C38CF60}
[2012/02/13 15:07:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C8E50388-E4EE-4763-9B94-6469160B9DA7}
[2012/02/13 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{FF89DE11-3611-4071-B310-1A55B251EEDE}
[2012/02/13 03:06:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CB078B41-B990-4E97-856F-6746356DF3AD}
[2012/02/13 03:06:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{858B753F-FFD6-4774-95FA-A5EB3D091E10}
[2012/02/12 15:06:00 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{88E3E433-33AD-4077-9BB5-FA2A97C6C422}
[2012/02/12 15:05:49 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F82AD51A-9DDB-4D88-BC62-EBF7BED42C1D}
[2012/02/12 01:37:29 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{25CAF0A1-EDE2-4A7D-8913-356345E1E1F7}
[2012/02/12 01:37:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{182C8D47-798E-44FD-A4DD-F7A2ACAF2577}
[2012/02/11 15:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012/02/11 15:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012/02/11 13:37:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CBFFE803-A3F2-41CF-AAED-0EACD0449B6D}
[2012/02/11 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C3F28B7E-C7F9-4612-9BB6-55808EEE9482}
[2012/02/10 21:32:03 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E1BD0600-7BF7-46E9-AF93-4EACFEFFB801}
[2012/02/10 21:31:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6E1827E9-F6F8-44BA-86C5-48DDAA77021A}
[2012/02/10 09:31:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{68D86339-A519-4941-BB0D-00C37E97F2DD}
[2012/02/10 09:31:13 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{83ABFCC9-F058-48E4-892E-C8E0AC7A754E}
[2012/02/09 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Science Fair Pictures
[2012/02/09 21:00:41 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Activision
[2012/02/09 20:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty - World at War
[2012/02/09 20:22:27 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{E9437C00-4000-4824-A0BE-D5A63F2FA86E}
[2012/02/09 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{DA1BB083-E6EE-42B3-95B3-4977DBBA3B59}
[2012/02/09 08:21:46 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CECF5241-931E-47E3-A03A-E45A56170D07}
[2012/02/09 08:21:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{13320A34-5D3E-4433-B29C-7103C1DC8BDD}
[2012/02/08 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{1B0D3077-EC05-4906-AB72-FD8B2BDA1456}
[2012/02/08 15:51:05 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0C237CA0-2C85-48B9-AEE0-CC48C36E84F7}
[2012/02/08 03:08:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{2C99ABDC-E0ED-4FD7-A26F-DCC96567103D}
[2012/02/08 03:08:22 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{0CDEADA1-8655-479F-AAC9-B63457C14C91}
[2012/02/08 00:34:06 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Youtube Downloader HD
[2012/02/08 00:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
[2012/02/08 00:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youtube Downloader HD
[2012/02/07 15:07:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{B33C878C-DDFD-40B2-AA34-B499FF620C24}
[2012/02/07 15:07:45 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{5D1176C4-959B-4556-9C00-690BE9C73FC5}
[2012/02/07 03:07:20 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{C768DC4B-C72D-44F0-9C20-D33C0EE401E8}
[2012/02/07 03:07:09 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{D8500012-B8DA-40E8-81DD-C7F02BA1A35C}
[2012/02/07 00:21:56 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/07 00:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/02/06 20:59:28 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Mozilla
[2012/02/06 15:06:42 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{F750113E-1DAF-4E8F-B1D1-FF8C0DB41A28}
[2012/02/06 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{3AAB3675-A67D-4336-9772-40F08D6537C6}
[2012/02/06 03:06:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{8F62C919-AC86-4339-AB66-3A4F3B612726}
[2012/02/06 03:05:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{CC051208-B3E7-4CE9-8358-75A730CF9E2C}
[2012/02/05 15:05:38 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{6DCA4231-0667-456F-95C1-240E2DF6E85C}
[2012/02/05 15:05:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\{85150FF1-F79F-47FD-8F1D-D84AEAF13ACC}
[2012/02/05 03:01:04 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/05 03:00:18 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Google

========== Files - Modified Within 30 Days ==========

[2012/03/06 02:05:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001UA.job
[2012/03/05 20:24:14 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 20:24:14 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/05 20:24:14 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/05 19:49:49 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 19:49:49 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 19:42:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 19:42:34 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/05 03:05:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001Core.job
[2012/02/27 22:18:09 | 000,002,391 | ---- | M] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2012/02/24 21:31:12 | 001,253,656 | ---- | M] () -- C:\Users\Eric\Documents\sexualutopia.pdf
[2012/02/15 23:54:09 | 000,003,240 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile3.dat
[2012/02/15 23:54:09 | 000,001,772 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile4.dat
[2012/02/15 23:54:09 | 000,001,770 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile0.dat
[2012/02/15 23:54:09 | 000,001,768 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile1.dat
[2012/02/15 23:54:09 | 000,001,766 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Profile2.dat
[2012/02/15 19:32:20 | 000,310,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 00:18:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/14 00:18:37 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/13 15:39:03 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2012/02/13 15:39:03 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2012/02/11 01:40:11 | 002,516,996 | ---- | M] () -- C:\Users\Eric\Documents\meinkampf.pdf
[2012/02/07 00:21:56 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/06 20:59:01 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/02/24 21:31:12 | 001,253,656 | ---- | C] () -- C:\Users\Eric\Documents\sexualutopia.pdf
[2012/02/13 15:39:03 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2012/02/13 15:39:03 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2012/02/11 01:40:11 | 002,516,996 | ---- | C] () -- C:\Users\Eric\Documents\meinkampf.pdf
[2012/02/09 20:57:53 | 000,000,468 | ---- | C] () -- C:\Program Files (x86)\cod5key.reg
[2012/02/09 20:57:53 | 000,000,090 | ---- | C] () -- C:\Program Files (x86)\visit-forum.bat
[2012/02/07 00:19:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/07 00:19:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/06 20:59:01 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/06 20:59:01 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/05 03:01:06 | 000,002,391 | ---- | C] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2012/02/05 03:00:20 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001UA.job
[2012/02/05 03:00:19 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001Core.job
[2012/01/07 01:49:51 | 000,126,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/02 03:21:54 | 000,005,632 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/09 05:26:10 | 000,000,448 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/30 05:16:37 | 000,000,017 | ---- | C] () -- C:\Users\Eric\AppData\Local\resmon.resmoncfg
[2011/08/11 01:00:29 | 000,001,772 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile4.dat
[2011/08/10 21:51:33 | 000,003,240 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile3.dat
[2011/08/10 21:51:33 | 000,001,770 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile0.dat
[2011/08/10 21:51:33 | 000,001,768 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile1.dat
[2011/08/10 21:51:33 | 000,001,766 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Profile2.dat
[2011/08/10 21:41:56 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

========== LOP Check ==========

[2011/10/31 23:16:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite
[2012/03/05 20:53:59 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\foobar2000
[2011/11/29 01:34:10 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ICAClient
[2011/10/11 00:04:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ImgBurn
[2011/08/12 03:18:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/11/20 00:43:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LolClient
[2011/08/11 01:06:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SharePod
[2012/01/24 23:35:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SystemRequirementsLab
[2012/03/04 05:05:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2012/02/08 00:45:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Youtube Downloader HD
[2012/02/10 20:55:26 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
sempai
Posted 06 March 2012 - 07:23 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

I need to see some more reports to properly understand the situation.


1. Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.


2. Run OTL.
  • Click the None button at the top (Between "Run fix" and "Clean up" button).
  • Copy and Paste the following code into the Custom Scan box. 

    c:\windows\*. /SL
c:\windows\*. /RP 
netsvcs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file, and post them when you reply.

  • 0

#5
asdfq321
Posted 07 March 2012 - 08:38 PM

asdfq321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is list parts log:

ListParts by Farbar Version: 06-03-2012 01
Ran by Eric (administrator) on 07-03-2012 at 21:35:16
Windows 7 (X64)
Running From: C:\Users\Eric\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 4095.05 MB
Available physical RAM: 2560.69 MB
Total Pagefile: 8188.24 MB
Available Pagefile: 6239.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.5 GB) (Free:455.22 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive d: (BARTONFINK) (CDROM) (Total:7.75 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 8 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy System (partition with boot components)

======================================================================================================

****** End Of Log ******

OTL Log:

ListParts by Farbar Version: 06-03-2012 01
Ran by Eric (administrator) on 07-03-2012 at 21:35:16
Windows 7 (X64)
Running From: C:\Users\Eric\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 4095.05 MB
Available physical RAM: 2560.69 MB
Total Pagefile: 8188.24 MB
Available Pagefile: 6239.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.5 GB) (Free:455.22 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive d: (BARTONFINK) (CDROM) (Total:7.75 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 8 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy System (partition with boot components)

======================================================================================================

****** End Of Log ******
  • 0

#6
sempai
Posted 07 March 2012 - 10:13 PM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Can you re post the two logs please. They are not properly posted. Thanks.
  • 0

#7
sempai
Posted 08 March 2012 - 08:54 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

I will be away for 2-4 days due to a very important trip, let me know if it is OK for you to wait otherwise I will ask somebody to continue the work.
  • 0

#8
asdfq321
Posted 10 March 2012 - 01:30 PM

asdfq321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry, here are the two logs:

ListParts by Farbar Version: 06-03-2012 01
Ran by Eric (administrator) on 10-03-2012 at 14:27:53
Windows 7 (X64)
Running From: C:\Users\Eric\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 40%
Total physical RAM: 4095.05 MB
Available physical RAM: 2453.7 MB
Total Pagefile: 8188.24 MB
Available Pagefile: 6328.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:931.5 GB) (Free:456.24 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive d: (BARTONFINK) (CDROM) (Total:7.75 GB) (Free:0 GB) UDF
5 Drive g: (Eric Bender) (Fixed) (Total:931.51 GB) (Free:130.79 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 8 MB
Disk 1 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy System (partition with boot components)

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G Eric Bender NTFS Partition 931 GB Healthy

======================================================================================================

****** End Of Log ******


OTL logfile created on: 3/10/2012 2:29:49 PM - Run 4
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Eric\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.12% Memory free
8.00 Gb Paging File | 6.11 Gb Available in Paging File | 76.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 456.24 Gb Free Space | 48.98% Space Free | Partition Type: NTFS
Drive D: | 7.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 931.51 Gb Total Space | 130.79 Gb Free Space | 14.04% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Custom Scans ==========


< >

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< End of report >

Edited by asdfq321, 10 March 2012 - 01:31 PM.

  • 0

#9
sempai
Posted 10 March 2012 - 07:24 PM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
I am asking somebody to continue this process as I am currently away for a trip.

Sorry for the inconvenience.
  • 0

#10
JSntgRvr
Posted 10 March 2012 - 10:31 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi. :)

sempai is unavailable and has requested assistance on this thread. From the reports above, explorer.exe is not showing a signature. See if you can run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

Advertisements

#11
asdfq321
Posted 12 March 2012 - 08:18 PM

asdfq321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 12-03-12.03 - Eric 12/03/2012 21:58:30.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.4095.2645 [GMT -4:00]
Running from: c:\users\Eric\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 02:07 . 2012-03-13 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2011-08-10 16:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 20:52 . 2011-08-11 04:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 07:13 . 2012-03-09 18:57 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2CDDE71-7D6D-4B18-98F0-47321102106C}\mpengine.dll
2012-02-07 05:21 . 2012-02-07 05:21 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-02 08:18 . 2012-01-02 08:18 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-02 08:18 . 2012-01-02 08:18 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-02 08:18 . 2012-01-02 08:18 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-15 01:21 . 2012-02-10 01:57 90 ----a-w- c:\program files (x86)\visit-forum.bat
2011-10-09 21:33 . 2012-02-10 01:57 468 ----a-w- c:\program files (x86)\cod5key.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-23 1242448]
"\\IOMEGA-0A4E29\Printer1"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATICJA.EXE" [2007-04-13 213504]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-8-11 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [x]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001Core.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-05 08:00]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3477742905-201720883-3428496350-1001UA.job
- c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-05 08:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\wa5svetl.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-03-12 22:14:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 02:14
.
Pre-Run: 491,818,381,312 bytes free
Post-Run: 494,347,517,952 bytes free
.
- - End Of File - - D291DAA95C993FC9D624FF4374500A4C
  • 0

#12
JSntgRvr
Posted 12 March 2012 - 10:56 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Open an administrator command prompt. Click on the Start Orb, type CMD, right click on the CMD.exe file on top of the Start Menu and select "Run as an administrator". At the prompt copy and paste the following command and press Enter.

bcdedit /enum all /v >"%userprofile%"\desktop\bcd.txt

Type Exit and press Enter to return to Windows.

A report (bcd.txt) will be written on your desktop. Post its contents in your next reply.

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

In addition, aswMBR will produce a copy of the boot sector, MBR.dat, on your desktop. Attach this file to a reply.
  • 0

#13
asdfq321
Posted 16 March 2012 - 07:07 PM

asdfq321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here are the logs. The problem already seems to have been fixed after running combofix though.
bcd.txt:
Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {81b02ec9-c376-11e0-9a52-8f26157870b5}
resumeobject {81b02ec8-c376-11e0-9a52-8f26157870b5}
displayorder {81b02ec9-c376-11e0-9a52-8f26157870b5}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {81b02ec9-c376-11e0-9a52-8f26157870b5}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {81b02eca-c376-11e0-9a52-8f26157870b5}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {81b02ec8-c376-11e0-9a52-8f26157870b5}
nx OptIn

Windows Boot Loader
-------------------
identifier {81b02eca-c376-11e0-9a52-8f26157870b5}
device ramdisk=[C:]\Recovery\81b02eca-c376-11e0-9a52-8f26157870b5\Winre.wim,{81b02ecb-c376-11e0-9a52-8f26157870b5}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\81b02eca-c376-11e0-9a52-8f26157870b5\Winre.wim,{81b02ecb-c376-11e0-9a52-8f26157870b5}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {81b02ec8-c376-11e0-9a52-8f26157870b5}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device partition=C:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {81b02ecb-c376-11e0-9a52-8f26157870b5}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\81b02eca-c376-11e0-9a52-8f26157870b5\boot.sdi

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-16 20:29:27
-----------------------------
20:29:27.978 OS Version: Windows x64 6.1.7600
20:29:27.979 Number of processors: 4 586 0xF0B
20:29:27.979 ComputerName: ERIC-PC UserName: Eric
20:29:29.569 Initialize success
20:31:15.081 AVAST engine defs: 12031600
20:31:32.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:31:32.962 Disk 0 Vendor: WDC_WD1001FALS-00J7B1 05.00K05 Size: 953869MB BusType: 3
20:31:32.975 Disk 0 MBR read successfully
20:31:32.978 Disk 0 MBR scan
20:31:32.982 Disk 0 Windows 7 default MBR code
20:31:32.986 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
20:31:32.999 Disk 0 scanning C:\Windows\system32\drivers
20:31:40.531 Service scanning
20:31:54.872 Modules scanning
20:31:54.882 Disk 0 trace - called modules:
20:31:54.898 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:31:54.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a22060]
20:31:54.909 3 CLASSPNP.SYS[fffff880018ea43f] -> nt!IofCallDriver -> [0xfffffa80043e3520]
20:31:54.918 5 ACPI.sys[fffff88000fa4781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80043df680]
20:31:56.895 AVAST engine scan C:\Windows
20:32:00.721 AVAST engine scan C:\Windows\system32
20:34:45.901 AVAST engine scan C:\Windows\system32\drivers
20:34:56.226 AVAST engine scan C:\Users\Eric
20:50:08.842 AVAST engine scan C:\ProgramData
20:52:14.783 Scan finished successfully
21:05:19.357 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
21:05:19.363 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"
  • 0

#14
JSntgRvr
Posted 16 March 2012 - 08:11 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Are you still being redirected?
  • 0

#15
asdfq321
Posted 18 March 2012 - 05:43 PM

asdfq321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ran TFC, the problem seems to have been fixed after running combofix, I am no longer being redirected. Thanks a lot!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP