Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-Up Malware Not Detected by Scanners


  • Please log in to reply

#1
Brennan C.

Brennan C.

    Member

  • Member
  • PipPip
  • 78 posts
Merged post

Hey, everybody! I've got a funny little malware situation on my system that I'm having some trouble nailing down. Your help will be appreciated.

Specs:
OS: Windows 7 Professional 64-bit
CPU: AMD Phenom II X3 720
RAM: 4GB DDR2
GPU: ATI Radeon 4800 series
Primary browser: Firefox 11.0
Other browsers installed: Chrome 18.0.1025.142 m
IE 9.0.8112.16421

Symptoms (started in the past week):
- Occasional pop-up window while browsing the internet. Pop-up window title bar says "FireFox 11.0", and while it's apparent that the pop-up is a browser window, the context menu would indicate that it's a pop-up from IE.
- Microsoft Security Essentials occasionally detects a threat.

Actions taken:
- Microsoft Security Essentials occasionally detects a threat and "successfully removes it". Today, it was Win32/Medfos.A. Most recent pop-up came after that removal. MSE has detected and "removed" other threats in the last week or so; can't remember what they were, unfortunately. In any case, removing them had no effect.
- Malwarebytes scan ran after first occurrence found and "removed" one item; hasn't detected anything upon scan since, yet symptoms persist.

As per the instructions, here are the results of the OTL Log; I've made italic a few things that struck me as unusual:

OTL logfile created on: 4/4/2012 12:39:01 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = L:\Users\Brennan Conroy\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: M/dd/yy

4.00 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 54.43% Memory free
9.86 Gb Paging File | 7.01 Gb Available in Paging File | 71.15% Paging File free
Paging file location(s): l:\pagefile.sys 6000 6141 [binary data]

%SystemDrive% = L: | %SystemRoot% = L:\Windows | %ProgramFiles% = L:\Program Files (x86)
Drive C: | 367.33 Gb Total Space | 252.79 Gb Free Space | 68.82% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 550.06 Gb Free Space | 92.27% Space Free | Partition Type: NTFS
Drive L: | 227.16 Gb Total Space | 154.46 Gb Free Space | 68.00% Space Free | Partition Type: NTFS

Computer Name: ANDRAIIA | User Name: Brennan Conroy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/04 00:38:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- L:\Users\Brennan Conroy\Downloads\OTL.exe
PRC - [2012/03/29 21:04:44 | 000,047,616 | ---- | M] (PCProtect) -- L:\Users\Brennan Conroy\AppData\Local\MSRebar\SysVer\SysVer.exe
PRC - [2012/03/27 23:24:24 | 000,489,256 | ---- | M] (Valve Corporation) -- L:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/03/27 22:35:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- L:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 03:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- L:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- L:\Users\Brennan Conroy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- L:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/16 22:37:47 | 010,057,216 | ---- | M] () -- L:\Users\Brennan Conroy\AppData\Roaming\[email protected]\FahCore_a4.exe
PRC - [2012/01/03 06:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- L:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- L:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/18 00:12:48 | 001,242,448 | ---- | M] (Valve Corporation) -- L:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/18 17:28:16 | 000,236,040 | ---- | M] () -- L:\Windows\SysWOW64\DeltaIITray.exe
PRC - [2010/11/20 20:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- L:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/10/06 17:45:32 | 001,636,872 | ---- | M] (M-Audio) -- L:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
PRC - [2008/11/26 14:48:10 | 000,449,536 | ---- | M] () -- L:\Program Files (x86)\[email protected]\[email protected]\[email protected]


========== Modules (No Company Name) ==========

MOD - [2012/03/29 21:23:50 | 008,797,344 | ---- | M] () -- L:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/27 23:24:22 | 020,297,512 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/03/27 23:24:19 | 001,099,576 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/03/27 23:24:19 | 000,907,048 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/03/27 23:24:19 | 000,190,776 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/03/27 23:24:19 | 000,123,192 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/03/27 22:35:38 | 001,969,080 | ---- | M] () -- L:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/15 09:23:11 | 002,335,744 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\09cea564f5888335ef97bd104d7e4ea6\Microsoft.JScript.ni.dll
MOD - [2012/02/15 09:23:10 | 001,051,136 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/15 08:57:43 | 011,833,344 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/15 08:53:16 | 012,433,408 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 08:53:06 | 001,587,200 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 08:52:49 | 005,453,312 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 08:52:44 | 007,967,232 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/15 08:52:44 | 000,971,264 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/01/16 22:37:47 | 010,057,216 | ---- | M] () -- L:\Users\Brennan Conroy\AppData\Roaming\[email protected]\FahCore_a4.exe
MOD - [2012/01/03 06:10:44 | 000,249,232 | ---- | M] () -- L:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/11/11 14:25:16 | 001,416,568 | -HS- | M] () -- \\?\L:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-1791912497-3462530239-3009821092-1000\Indiv01.key
MOD - [2011/10/31 16:16:22 | 003,190,784 | ---- | M] () -- L:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/12 07:48:03 | 000,025,600 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/12 07:47:41 | 011,490,304 | ---- | M] () -- L:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/16 13:17:26 | 008,007,680 | ---- | M] () -- L:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- L:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- L:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- L:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/02/18 17:28:16 | 000,236,040 | ---- | M] () -- L:\Windows\SysWOW64\DeltaIITray.exe
MOD - [2010/11/20 20:24:32 | 000,425,984 | ---- | M] () -- L:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/20 20:23:48 | 002,048,000 | ---- | M] () -- L:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/06/10 14:23:04 | 000,032,768 | ---- | M] () -- L:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
MOD - [2009/06/10 14:23:03 | 000,749,568 | ---- | M] () -- L:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
MOD - [2008/11/26 14:48:10 | 000,449,536 | ---- | M] () -- L:\Program Files (x86)\[email protected]\[email protected]\[email protected]


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- L:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/02/14 20:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- L:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- L:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- L:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- L:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/29 21:23:51 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- L:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 23:24:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- L:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/23 03:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- L:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- L:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- L:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/06 17:45:32 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- L:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe -- (MIDISPORTAudioDevMon)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- L:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- L:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/14 20:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/02/14 20:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/14 19:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- L:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- L:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/12/05 12:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- L:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:28:10 | 000,337,416 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/06 17:45:30 | 000,028,680 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\MAudioMIDISPORT_DFU.sys -- (MADFUMIDISPORT2010)
DRV:64bit: - [2010/10/06 17:45:26 | 000,199,176 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\MAudioMIDISPORT.sys -- (MAUSBMIDISPORT)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/15 18:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- L:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- L:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = L:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 04 A1 F5 64 E4 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {BE928E36-53F1-4CD4-9750-D72D27125DDD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BE928E36-53F1-4CD4-9750-D72D27125DDD}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.facebook....com/dashboard"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: L:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: L:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: L:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: L:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: L:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: L:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: L:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: L:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: L:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: L:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: L:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: L:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: L:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: L:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: L:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: L:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: L:\Users\Brennan Conroy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: L:\Users\Brennan Conroy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: L:\Users\Brennan Conroy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: L:\Program Files (x86)\Mozilla Firefox\components [2012/03/27 22:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: L:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/11 08:52:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}: L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}\ [2012/03/29 21:05:19 | 000,000,000 | ---D | M]

[2011/08/08 20:11:57 | 000,000,000 | ---D | M] (No name found) -- L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\Extensions
[2012/03/13 23:49:32 | 000,000,000 | ---D | M] (No name found) -- L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\Firefox\Profiles\09bzy7t9.default\extensions
[2012/03/13 23:49:32 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\Firefox\Profiles\09bzy7t9.default\extensions\[email protected]
[2012/01/15 18:07:48 | 000,000,000 | ---D | M] (No name found) -- L:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/29 21:05:19 | 000,000,000 | ---D | M] (Translate This!) -- L:\USERS\BRENNAN CONROY\APPDATA\LOCAL\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\[email protected]
[2012/03/27 22:35:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- L:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- L:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/27 22:35:37 | 000,002,252 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/27 22:35:37 | 000,002,040 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = L:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = L:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = L:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = L:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Chrome Toolbox Plugin (Enabled) = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.29_0\plugin/convenience.dll
CHR - plugin: Adobe Acrobat (Enabled) = L:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = L:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = L:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = L:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = L:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = L:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = L:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = L:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = L:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = L:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = L:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = L:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = L:\Users\Brennan Conroy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - Extension: Angry Birds = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Adblock Plus (Beta) = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Chrome Toolbox (by Google) = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.29_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - L:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - L:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] L:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] L:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] L:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] L:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKLM..\Run: [StartCCC] L:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ccleaner] L:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Facebook Update] L:\Users\Brennan Conroy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] L:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SysVer] L:\Users\Brennan Conroy\AppData\Local\MSRebar\SysVer\SysVer.exe (PCProtect)
O4 - Startup: L:\Users\Brennan Conroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = L:\Users\Brennan Conroy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: L:\Users\Brennan Conroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected] = L:\Users\Brennan Conroy\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://L:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - L:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{427F30D5-9742-487E-94F8-B66C3F35B65E}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - L:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - L:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - L:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - L:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - L:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (L:\Windows\system32\userinit.exe) - L:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - L:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - L:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - L:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 21:05:19 | 000,000,000 | ---D | C] -- L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}
[2012/03/29 21:04:44 | 000,000,000 | ---D | C] -- L:\Users\Brennan Conroy\AppData\Local\MSRebar
[2012/03/14 10:53:13 | 000,000,000 | ---D | C] -- L:\ProgramData\ATI
[2012/03/14 10:48:11 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\AMD AVT
[2012/03/14 10:48:09 | 000,000,000 | ---D | C] -- L:\Program Files\AMD
[2012/03/14 10:48:09 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\AMD
[2012/03/14 10:48:06 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\AMD APP
[2012/03/14 10:47:49 | 000,000,000 | ---D | C] -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

========== Files - Modified Within 30 Days ==========

[2012/04/04 00:23:01 | 000,000,830 | ---- | M] () -- L:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/04 00:21:00 | 000,000,944 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000UA.job
[2012/04/04 00:19:00 | 000,000,914 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 23:20:00 | 000,000,964 | ---- | M] () -- L:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000UA.job
[2012/04/03 22:55:09 | 000,000,892 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000Core.job
[2012/04/03 22:47:18 | 000,000,910 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 22:46:10 | 000,000,942 | ---- | M] () -- L:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000Core.job
[2012/04/03 22:40:14 | 000,067,584 | --S- | M] () -- L:\Windows\bootstat.dat
[2012/04/03 22:40:10 | 000,000,000 | ---- | M] () -- L:\Windows\SysNative\drivers\lvuvc.hs
[2012/04/02 22:31:16 | 000,020,528 | -H-- | M] () -- L:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 22:31:16 | 000,020,528 | -H-- | M] () -- L:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 17:45:04 | 000,729,880 | ---- | M] () -- L:\Windows\SysNative\PerfStringBackup.INI
[2012/03/31 17:45:04 | 000,630,514 | ---- | M] () -- L:\Windows\SysNative\perfh009.dat
[2012/03/31 17:45:04 | 000,111,598 | ---- | M] () -- L:\Windows\SysNative\perfc009.dat
[2012/03/31 17:38:04 | 3220,037,632 | -HS- | M] () -- L:\hiberfil.sys
[2012/03/30 15:40:53 | 001,034,818 | ---- | M] () -- L:\Users\Brennan Conroy\AppData\Local\census.cache
[2012/03/30 15:40:14 | 000,082,194 | ---- | M] () -- L:\Users\Brennan Conroy\AppData\Local\ars.cache
[2012/03/14 10:48:11 | 000,002,057 | ---- | M] () -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/14 10:17:15 | 000,440,048 | ---- | M] () -- L:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/03/29 21:07:15 | 000,000,830 | ---- | C] () -- L:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/14 10:48:11 | 000,002,057 | ---- | C] () -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- L:\Windows\SysWow64\OVDecode.dll
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- L:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- L:\Windows\SysWow64\ativvsva.dat
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- L:\Windows\SysWow64\kdbsdk32.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- L:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- L:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- L:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/15 14:05:37 | 001,034,818 | ---- | C] () -- L:\Users\Brennan Conroy\AppData\Local\census.cache
[2011/11/15 14:05:29 | 000,082,194 | ---- | C] () -- L:\Users\Brennan Conroy\AppData\Local\ars.cache
[2011/11/15 13:59:27 | 000,000,036 | ---- | C] () -- L:\Users\Brennan Conroy\AppData\Local\housecall.guid.cache
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- L:\Windows\SysWow64\OVDecoder.dll
[2011/09/14 23:25:15 | 000,000,604 | -H-- | C] () -- L:\Program Files (x86)\STLL Notifier
[2011/09/14 23:21:55 | 000,000,464 | ---- | C] () -- L:\ProgramData\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- L:\Windows\SysWow64\atipblag.dat
[2011/08/10 17:50:57 | 000,007,602 | ---- | C] () -- L:\Users\Brennan Conroy\AppData\Local\resmon.resmoncfg
[2011/08/08 20:48:24 | 000,000,000 | ---- | C] () -- L:\Windows\ativpsrm.bin
[2011/08/08 20:11:17 | 000,722,382 | ---- | C] () -- L:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/18 17:28:16 | 000,236,040 | ---- | C] () -- L:\Windows\SysWow64\DeltaIITray.exe

========== LOP Check ==========

[2012/02/18 04:03:23 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Audacity
[2012/04/04 00:33:12 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Dropbox
[2012/03/27 23:24:15 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\[email protected]
[2011/09/05 22:05:28 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Foxit Software
[2011/08/08 20:55:03 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Leadertech
[2011/08/31 12:28:16 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\LOVE
[2011/08/29 11:13:15 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Softland
[2011/08/17 21:57:23 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\TeamViewer
[2012/03/27 23:25:59 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\uTorrent
[2012/04/03 22:46:10 | 000,000,942 | ---- | M] () -- L:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000Core.job
[2012/04/03 23:20:00 | 000,000,964 | ---- | M] () -- L:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000UA.job
[2009/07/13 22:08:49 | 000,015,010 | ---- | M] () -- L:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Actions taken since reviewing the report:
- Terminated the TeamViewer 7 service and process; not too sure why that was still running. TeamViewer is generally safe if it's not left running all the time, isn't it? I was having trouble connecting to a friend's computer using TeamViewer last week, maybe this was why.
- Terminted the SysVer.exe process tree, as I don't recognize the company or process. I noticed that this action closed the pop-up window that had come up; I left it open so I could analyze it for the purposes of filing this help request.
- Ran another MBAM quick scan after terminiating those processes. No results found.

I assume you don't want the Extras.txt file that the OTL scan generated but I'll keep it open, just in case.

What's my next step, guys?

Microsoft just detected Trojan:JS/Medfos.A; I told it to remove. This is the first symptom I've had since I posted the original topic. Has anybody had a chance to consider my case yet?

Edited by ldtate, 08 April 2012 - 07:24 AM.

  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
Brennan C.

Brennan C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Good morning, and thank you for responding.

I haven't experienced any symptoms since my last post. The steps I've taken are outlined, there. OTL only generated one report when running the quick scan (OTL.Txt), the contents here:

OTL logfile created on: 4/11/2012 11:03:29 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = L:\Users\Brennan Conroy\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: M/dd/yy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.53% Memory free
9.86 Gb Paging File | 7.26 Gb Available in Paging File | 73.70% Paging File free
Paging file location(s): l:\pagefile.sys 6000 6141 [binary data]

%SystemDrive% = L: | %SystemRoot% = L:\Windows | %ProgramFiles% = L:\Program Files (x86)
Drive C: | 367.33 Gb Total Space | 252.79 Gb Free Space | 68.82% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 549.97 Gb Free Space | 92.25% Space Free | Partition Type: NTFS
Drive L: | 227.16 Gb Total Space | 151.18 Gb Free Space | 66.55% Space Free | Partition Type: NTFS

Computer Name: ANDRAIIA | User Name: Brennan Conroy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/11 11:01:27 | 000,593,920 | ---- | M] (OldTimer Tools) -- L:\Users\Brennan Conroy\Downloads\OTL(1).exe
PRC - [2012/03/27 23:24:24 | 000,489,256 | ---- | M] (Valve Corporation) -- L:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/03/27 22:35:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- L:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- L:\Users\Brennan Conroy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- L:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/16 22:37:47 | 010,057,216 | ---- | M] () -- L:\Users\Brennan Conroy\AppData\Roaming\[email protected]\FahCore_a4.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- L:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/18 00:12:48 | 001,242,448 | ---- | M] (Valve Corporation) -- L:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- L:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/18 17:28:16 | 000,236,040 | ---- | M] () -- L:\Windows\SysWOW64\DeltaIITray.exe
PRC - [2010/11/20 20:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- L:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/20 20:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- L:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/10/06 17:45:32 | 001,636,872 | ---- | M] (M-Audio) -- L:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
PRC - [2008/11/26 14:48:10 | 000,449,536 | ---- | M] () -- L:\Program Files (x86)\[email protected]\[email protected]\[email protected]


========== Modules (No Company Name) ==========

MOD - [2012/03/29 21:23:50 | 008,797,344 | ---- | M] () -- L:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/27 23:24:22 | 020,297,512 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/03/27 23:24:19 | 001,099,576 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/03/27 23:24:19 | 000,907,048 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/03/27 23:24:19 | 000,190,776 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/03/27 23:24:19 | 000,123,192 | ---- | M] () -- L:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/03/27 22:35:38 | 001,969,080 | ---- | M] () -- L:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/16 22:37:47 | 010,057,216 | ---- | M] () -- L:\Users\Brennan Conroy\AppData\Roaming\[email protected]\FahCore_a4.exe
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- L:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/02/18 17:28:16 | 000,236,040 | ---- | M] () -- L:\Windows\SysWOW64\DeltaIITray.exe
MOD - [2008/11/26 14:48:10 | 000,449,536 | ---- | M] () -- L:\Program Files (x86)\[email protected]\[email protected]\[email protected]


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- L:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/02/14 20:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- L:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- L:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- L:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- L:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/29 21:23:51 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- L:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 23:24:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- L:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/23 03:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- L:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- L:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- L:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/06 17:45:32 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- L:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe -- (MIDISPORTAudioDevMon)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- L:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- L:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/14 20:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/02/14 20:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/14 19:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- L:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- L:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/12/05 12:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- L:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:28:10 | 000,337,416 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/06 17:45:30 | 000,028,680 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\MAudioMIDISPORT_DFU.sys -- (MADFUMIDISPORT2010)
DRV:64bit: - [2010/10/06 17:45:26 | 000,199,176 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\MAudioMIDISPORT.sys -- (MAUSBMIDISPORT)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/15 18:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- L:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- L:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- L:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- L:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = L:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 04 A1 F5 64 E4 CC 01 [binary data]
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\..\SearchScopes,DefaultScope = {BE928E36-53F1-4CD4-9750-D72D27125DDD}
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\..\SearchScopes\{BE928E36-53F1-4CD4-9750-D72D27125DDD}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.facebook...://youtube.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: L:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: L:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: L:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: L:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: L:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: L:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: L:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: L:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: L:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: L:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: L:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: L:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: L:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: L:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: L:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: L:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: L:\Users\Brennan Conroy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: L:\Users\Brennan Conroy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: L:\Users\Brennan Conroy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: L:\Program Files (x86)\Mozilla Firefox\components [2012/03/27 22:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: L:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/11 08:52:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}: L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}\ [2012/03/29 21:05:19 | 000,000,000 | ---D | M]

[2011/08/08 20:11:57 | 000,000,000 | ---D | M] (No name found) -- L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\Extensions
[2012/04/04 22:45:18 | 000,000,000 | ---D | M] (No name found) -- L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\Firefox\Profiles\09bzy7t9.default\extensions
[2012/03/13 23:49:32 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\Firefox\Profiles\09bzy7t9.default\extensions\[email protected]
[2012/01/15 18:07:48 | 000,000,000 | ---D | M] (No name found) -- L:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/29 21:05:19 | 000,000,000 | ---D | M] (Translate This!) -- L:\USERS\BRENNAN CONROY\APPDATA\LOCAL\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- L:\USERS\BRENNAN CONROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\09BZY7T9.DEFAULT\EXTENSIONS\[email protected]
[2012/03/27 22:35:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- L:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- L:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/27 22:35:37 | 000,002,252 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/27 22:35:37 | 000,002,040 | ---- | M] () -- L:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = L:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = L:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = L:\Program Files (x86)\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = L:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Chrome Toolbox Plugin (Enabled) = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.29_0\plugin/convenience.dll
CHR - plugin: Adobe Acrobat (Enabled) = L:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = L:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = L:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = L:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = L:\Users\Brennan Conroy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = L:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = L:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = L:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = L:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = L:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = L:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = L:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = L:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = L:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = L:\Users\Brennan Conroy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - Extension: Angry Birds = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Adblock Plus (Beta) = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Chrome Toolbox (by Google) = L:\Users\Brennan Conroy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.29_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - L:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - L:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] L:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] L:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] L:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] L:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKLM..\Run: [StartCCC] L:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] L:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] L:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000..\Run: [ccleaner] L:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000..\Run: [Facebook Update] L:\Users\Brennan Conroy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000..\Run: [Steam] L:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000..\Run: [SysVer] L:\Users\Brennan Conroy\AppData\Local\MSRebar\SysVer\SysVer.exe (PCProtect)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] L:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] L:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] L:\Windows\System32\mctadmin.exe File not found
O4 - Startup: L:\Users\Brennan Conroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = L:\Users\Brennan Conroy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: L:\Users\Brennan Conroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected] = L:\Users\Brennan Conroy\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://L:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - L:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{427F30D5-9742-487E-94F8-B66C3F35B65E}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - L:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - L:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - L:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - L:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - L:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (L:\Windows\system32\userinit.exe) - L:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - L:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - L:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - L:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 21:29:17 | 000,000,000 | -HSD | C] -- L:\Config.Msi
[2012/04/08 20:01:03 | 000,000,000 | ---D | C] -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/04/08 20:00:02 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\GOG.com
[2012/03/29 21:05:19 | 000,000,000 | ---D | C] -- L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}
[2012/03/29 21:04:44 | 000,000,000 | ---D | C] -- L:\Users\Brennan Conroy\AppData\Local\MSRebar
[2012/03/14 10:53:13 | 000,000,000 | ---D | C] -- L:\ProgramData\ATI
[2012/03/14 10:48:11 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\AMD AVT
[2012/03/14 10:48:09 | 000,000,000 | ---D | C] -- L:\Program Files\AMD
[2012/03/14 10:48:09 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\AMD
[2012/03/14 10:48:06 | 000,000,000 | ---D | C] -- L:\Program Files (x86)\AMD APP
[2012/03/14 10:47:49 | 000,000,000 | ---D | C] -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

========== Files - Modified Within 30 Days ==========

[2012/04/11 10:35:52 | 000,000,944 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000UA.job
[2012/04/11 10:35:50 | 000,000,914 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 10:35:49 | 000,000,964 | ---- | M] () -- L:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000UA.job
[2012/04/11 10:35:49 | 000,000,830 | ---- | M] () -- L:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 10:35:46 | 000,067,584 | --S- | M] () -- L:\Windows\bootstat.dat
[2012/04/11 10:35:46 | 000,000,000 | ---- | M] () -- L:\Windows\SysNative\drivers\lvuvc.hs
[2012/04/10 21:00:00 | 000,000,942 | ---- | M] () -- L:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000Core.job
[2012/04/10 20:21:00 | 000,000,892 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000Core.job
[2012/04/10 19:25:40 | 000,000,910 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 16:02:39 | 000,167,800 | ---- | M] () -- L:\Users\Brennan Conroy\Desktop\2012 Playoffs Round 1 Schedule.png
[2012/04/05 18:40:59 | 000,729,880 | ---- | M] () -- L:\Windows\SysNative\PerfStringBackup.INI
[2012/04/05 18:40:59 | 000,630,514 | ---- | M] () -- L:\Windows\SysNative\perfh009.dat
[2012/04/05 18:40:59 | 000,111,598 | ---- | M] () -- L:\Windows\SysNative\perfc009.dat
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- L:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 22:31:16 | 000,020,528 | -H-- | M] () -- L:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 22:31:16 | 000,020,528 | -H-- | M] () -- L:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 17:38:04 | 3220,037,632 | -HS- | M] () -- L:\hiberfil.sys
[2012/03/30 15:40:53 | 001,034,818 | ---- | M] () -- L:\Users\Brennan Conroy\AppData\Local\census.cache
[2012/03/30 15:40:14 | 000,082,194 | ---- | M] () -- L:\Users\Brennan Conroy\AppData\Local\ars.cache
[2012/03/14 10:48:11 | 000,002,057 | ---- | M] () -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/14 10:17:15 | 000,440,048 | ---- | M] () -- L:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/09 16:02:38 | 000,167,800 | ---- | C] () -- L:\Users\Brennan Conroy\Desktop\2012 Playoffs Round 1 Schedule.png
[2012/03/29 21:07:15 | 000,000,830 | ---- | C] () -- L:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/14 10:48:11 | 000,002,057 | ---- | C] () -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- L:\Windows\SysWow64\OVDecode.dll
[2012/02/14 19:36:36 | 000,204,952 | ---- | C] () -- L:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 19:36:36 | 000,157,144 | ---- | C] () -- L:\Windows\SysWow64\ativvsva.dat
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- L:\Windows\SysWow64\kdbsdk32.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- L:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- L:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- L:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/15 14:05:37 | 001,034,818 | ---- | C] () -- L:\Users\Brennan Conroy\AppData\Local\census.cache
[2011/11/15 14:05:29 | 000,082,194 | ---- | C] () -- L:\Users\Brennan Conroy\AppData\Local\ars.cache
[2011/11/15 13:59:27 | 000,000,036 | ---- | C] () -- L:\Users\Brennan Conroy\AppData\Local\housecall.guid.cache
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- L:\Windows\SysWow64\OVDecoder.dll
[2011/09/14 23:25:15 | 000,000,604 | -H-- | C] () -- L:\Program Files (x86)\STLL Notifier
[2011/09/14 23:21:55 | 000,000,464 | ---- | C] () -- L:\ProgramData\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- L:\Windows\SysWow64\atipblag.dat
[2011/08/10 17:50:57 | 000,007,602 | ---- | C] () -- L:\Users\Brennan Conroy\AppData\Local\resmon.resmoncfg
[2011/08/08 20:48:24 | 000,000,000 | ---- | C] () -- L:\Windows\ativpsrm.bin
[2011/08/08 20:11:17 | 000,722,382 | ---- | C] () -- L:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/18 17:28:16 | 000,236,040 | ---- | C] () -- L:\Windows\SysWow64\DeltaIITray.exe

========== LOP Check ==========

[2012/04/11 10:39:42 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Audacity
[2012/04/11 10:45:57 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Dropbox
[2012/03/27 23:24:15 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\[email protected]
[2011/09/05 22:05:28 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Foxit Software
[2011/08/08 20:55:03 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Leadertech
[2011/08/31 12:28:16 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\LOVE
[2011/08/29 11:13:15 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\Softland
[2011/08/17 21:57:23 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\TeamViewer
[2012/03/27 23:25:59 | 000,000,000 | ---D | M] -- L:\Users\Brennan Conroy\AppData\Roaming\uTorrent
[2012/04/10 21:00:00 | 000,000,942 | ---- | M] () -- L:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000Core.job
[2012/04/11 10:35:49 | 000,000,964 | ---- | M] () -- L:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000UA.job
[2009/07/13 22:08:49 | 000,015,010 | ---- | M] () -- L:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

I think I'm probably all clean, but I'd still appreciate it if someone went through the report and checked for any anomalies.

Thank you,

- Brennan
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}: L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}\ [2012/03/29 21:05:19 | 000,000,000 | ---D | M]
    O4 - HKU\S-1-5-21-1791912497-3462530239-3009821092-1000..\Run: [SysVer] L:\Users\Brennan Conroy\AppData\Local\MSRebar\SysVer\SysVer.exe (PCProtect)
    [2012/03/29 21:05:19 | 000,000,000 | ---D | C] -- L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}
    [2012/03/29 21:04:44 | 000,000,000 | ---D | C] -- L:\Users\Brennan Conroy\AppData\Local\MSRebar
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Brennan C.

Brennan C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hello,

So I ran the OTL fix you suggested; here is the log from that:

-------------------------
All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}: L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}\ not found.
Registry value HKEY_USERS\S-1-5-21-1791912497-3462530239-3009821092-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SysVer deleted successfully.
L:\Users\Brennan Conroy\AppData\Local\MSRebar\SysVer\SysVer.exe moved successfully.
L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}\chrome\content folder moved successfully.
L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26}\chrome folder moved successfully.
L:\Users\Brennan Conroy\AppData\Local\{8D1E6DF1-7A1D-11E1-826D-B8AC6F996F26} folder moved successfully.
L:\Users\Brennan Conroy\AppData\Local\MSRebar\SysVer folder moved successfully.
L:\Users\Brennan Conroy\AppData\Local\MSRebar folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
L:\Users\Brennan Conroy\Downloads\cmd.bat deleted successfully.
L:\Users\Brennan Conroy\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
L:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Brennan Conroy
->Temp folder emptied: 104357229 bytes
->Temporary Internet Files folder emptied: 48376354 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1141476133 bytes
->Google Chrome cache emptied: 19988362 bytes
->Flash cache emptied: 2688 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119687 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50397 bytes
RecycleBin emptied: 527745795 bytes

Total Files Cleaned = 1,757.00 mb


[EMPTYFLASH]

User: All Users

User: Brennan Conroy
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04112012_145212

Files\Folders moved on Reboot...
L:\Users\Brennan Conroy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
-------------------------

I then ran ComboFix as suggested. I turned off Microsoft Security Essentials before running, as recommended, and was warned by the program that it was still running. I double-checked that the MSE processes were all terminated and then told it to continue. Here's the ComboFix log:


-------------------------
ComboFix 12-04-11.03 - Brennan Conroy 04/11/12 15:01:14.1.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4094.2452 [GMT -7:00]
Running from: l:\users\Brennan Conroy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
l:\users\Brennan Conroy\AppData\Roaming\Love
l:\users\Brennan Conroy\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
l:\users\Brennan Conroy\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
l:\users\Brennan Conroy\AppData\Roaming\Love\not_tetris_2\options.txt
l:\windows\assembly\temp\@
l:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 21:52 . 2012-04-11 21:52 -------- d-----w- L:\_OTL
2012-04-11 17:46 . 2012-03-14 03:27 8669240 ----a-w- l:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED64CA50-57B7-4E98-B2D5-B3B7CD2C89FE}\mpengine.dll
2012-04-09 03:00 . 2012-04-09 03:00 -------- d-----w- l:\program files (x86)\GOG.com
2012-03-30 04:23 . 2012-03-30 04:23 8738464 ----a-w- l:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 04:07 . 2012-03-30 04:23 418464 ----a-w- l:\windows\SysWow64\FlashPlayerApp.exe
2012-03-28 05:35 . 2012-03-28 05:35 592824 ----a-w- l:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-28 05:35 . 2012-03-28 05:35 44472 ----a-w- l:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- l:\windows\SysWow64\GPhotos.scr
2012-03-14 17:53 . 2012-03-14 17:53 -------- d-----w- l:\programdata\ATI
2012-03-14 17:48 . 2012-03-14 17:48 -------- d-----w- l:\program files (x86)\AMD AVT
2012-03-14 17:48 . 2012-03-14 17:48 -------- d-----w- l:\program files\AMD
2012-03-14 17:48 . 2012-03-14 17:48 -------- d-----w- l:\program files (x86)\AMD
2012-03-14 17:48 . 2012-03-14 17:48 -------- d-----w- l:\program files (x86)\AMD APP
2012-03-14 02:03 . 2011-11-19 15:20 5559152 ----a-w- l:\windows\system32\ntoskrnl.exe
2012-03-14 02:03 . 2011-11-19 14:50 3968368 ----a-w- l:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 02:03 . 2011-11-19 14:50 3913584 ----a-w- l:\windows\SysWow64\ntoskrnl.exe
2012-03-14 01:59 . 2012-02-03 04:34 3145728 ----a-w- l:\windows\system32\win32k.sys
2012-03-14 01:59 . 2012-02-10 06:36 1544192 ----a-w- l:\windows\system32\DWrite.dll
2012-03-14 01:59 . 2012-02-10 05:38 1077248 ----a-w- l:\windows\SysWow64\DWrite.dll
2012-03-14 01:57 . 2012-01-25 06:38 77312 ----a-w- l:\windows\system32\rdpwsx.dll
2012-03-14 01:57 . 2012-01-25 06:38 149504 ----a-w- l:\windows\system32\rdpcorekmts.dll
2012-03-14 01:57 . 2012-01-25 06:33 9216 ----a-w- l:\windows\system32\rdrmemptylst.exe
2012-03-14 01:57 . 2012-02-17 06:38 1031680 ----a-w- l:\windows\system32\rdpcore.dll
2012-03-14 01:57 . 2012-02-17 05:34 826880 ----a-w- l:\windows\SysWow64\rdpcore.dll
2012-03-14 01:57 . 2012-02-17 04:58 210944 ----a-w- l:\windows\system32\drivers\rdpwd.sys
2012-03-14 01:57 . 2012-02-17 04:57 23552 ----a-w- l:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-08-09 04:27 24904 ----a-w- l:\windows\system32\drivers\mbam.sys
2012-03-30 04:23 . 2011-08-09 03:32 70304 ----a-w- l:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-08-10 13:04 8669240 ----a-w- l:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-15 05:05 . 2012-02-15 05:05 69632 ----a-w- l:\windows\system32\OpenVideo64.dll
2012-02-15 05:05 . 2012-02-15 05:05 59904 ----a-w- l:\windows\SysWow64\OpenVideo.dll
2012-02-15 05:05 . 2012-02-15 05:05 61952 ----a-w- l:\windows\system32\OVDecode64.dll
2012-02-15 05:05 . 2012-02-15 05:05 54784 ----a-w- l:\windows\SysWow64\OVDecode.dll
2012-02-15 05:05 . 2012-02-15 05:05 16507904 ----a-w- l:\windows\system32\amdocl64.dll
2012-02-15 05:04 . 2012-02-15 05:04 13238272 ----a-w- l:\windows\SysWow64\amdocl.dll
2012-02-15 05:03 . 2012-02-15 05:03 54272 ----a-w- l:\windows\system32\OpenCL.dll
2012-02-15 05:03 . 2012-02-15 05:03 48128 ----a-w- l:\windows\SysWow64\OpenCL.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- l:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- l:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- l:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-04-20 08:09 791040 ----a-w- l:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-04-20 08:07 957952 ----a-w- l:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- l:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- l:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- l:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- l:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- l:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- l:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- l:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2009-07-13 21:59 6200320 ----a-w- l:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- l:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2009-07-13 21:59 7646208 ----a-w- l:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- l:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- l:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- l:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- l:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- l:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- l:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- l:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- l:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- l:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- l:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- l:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- l:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-04-20 07:27 58880 ----a-w- l:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- l:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- l:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- l:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- l:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- l:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- l:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- l:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- l:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-04-20 07:21 43008 ----a-w- l:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-04-20 07:21 33280 ----a-w- l:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- l:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-04-20 07:21 30208 ----a-w- l:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- l:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- l:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- l:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- l:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- l:\windows\SysWow64\amdpcom32.dll
2012-02-10 15:35 . 2012-02-10 15:35 927800 ------w- l:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94372BCB-BF9A-4548-9F13-1E8B0E5DAB1C}\gapaengine.dll
2012-01-31 13:02 . 2012-01-31 13:02 21504 ----a-w- l:\windows\system32\kdbsdk64.dll
2012-01-31 13:00 . 2012-01-31 13:00 16896 ----a-w- l:\windows\SysWow64\kdbsdk32.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- l:\windows\system32\MpSigStub.exe
2012-01-18 13:44 . 2012-01-18 13:44 540960 ----a-w- l:\windows\SysWow64\LVUI2RC.dll
2012-01-18 13:44 . 2012-01-18 13:44 545056 ----a-w- l:\windows\SysWow64\LVUI2.dll
2012-01-18 13:44 . 2012-01-18 13:44 561440 ----a-w- l:\windows\system32\LVUIRC64.dll
2012-01-18 13:44 . 2012-01-18 13:44 4865568 ----a-w- l:\windows\system32\drivers\lvuvc64.sys
2012-01-18 13:44 . 2012-01-18 13:44 769312 ----a-w- l:\windows\system32\LVUI64.dll
2012-01-18 13:44 . 2012-01-18 13:44 307488 ----a-w- l:\windows\SysWow64\lvcodec2.dll
2012-01-18 13:44 . 2012-01-18 13:44 263456 ----a-w- l:\windows\system32\lvco13311044.dll
2012-01-18 13:44 . 2012-01-18 13:44 176416 ----a-w- l:\windows\system32\lvcod64.dll
2012-01-18 13:44 . 2012-01-18 13:44 336408 ----a-w- l:\windows\SysWow64\DevManagerCore.dll
2012-01-18 13:44 . 2012-01-18 13:44 336408 ----a-w- l:\windows\system32\DevManagerCore.dll
2012-01-18 13:44 . 2012-01-18 13:44 10920984 ----a-w- l:\windows\SysWow64\LogiDPP.dll
2012-01-18 13:44 . 2012-01-18 13:44 10920984 ----a-w- l:\windows\system32\LogiDPP.dll
2012-01-18 13:44 . 2012-01-18 13:44 104472 ----a-w- l:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 13:44 . 2012-01-18 13:44 104472 ----a-w- l:\windows\system32\LogiDPPApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- l:\users\Brennan Conroy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- l:\users\Brennan Conroy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- l:\users\Brennan Conroy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="l:\program files (x86)\Steam\steam.exe" [2011-08-18 1242448]
"ccleaner"="l:\program files\CCleaner\CCleaner64.exe" [2012-03-27 4693824]
"Facebook Update"="l:\users\Brennan Conroy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-11 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="l:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"SunJavaUpdateSched"="l:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="l:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="l:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="l:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"M-Audio Taskbar Icon"="l:\windows\system32\DeltaIITray.exe" [2011-02-19 236040]
"StartCCC"="l:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
.
l:\users\Brennan Conroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - l:\users\Brennan Conroy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
[email protected] - l:\users\Brennan Conroy\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2012-1-16 98477]
.
l:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - l:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;l:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;l:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;l:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);l:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;l:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 dmvsc;dmvsc;l:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);l:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 136176]
R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;l:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x]
R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;l:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;l:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;l:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NisDrv;Microsoft Network Inspection System;l:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;l:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;l:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 osppsvc;Office Software Protection Platform;l:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;l:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;l:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;l:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;l:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;l:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;l:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;l:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.01;AODDriver4.01;l:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;l:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-07 1636872]
S2 TeamViewer7;TeamViewer 7;l:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 UMVPFSrv;UMVPFSrv;l:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;l:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;l:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;l:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;l:\windows\system32\drivers\AtihdW76.sys [x]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);l:\windows\system32\DRIVERS\MAudioDelta.sys [x]
S3 LVUVC64;Logitech Webcam 120(UVC);l:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;l:\windows\system32\DRIVERS\Dnetr28ux.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;l:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 l:\windows\Tasks\Adobe Flash Player Updater.job
- l:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:23]
.
2012-04-11 l:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000Core.job
- l:\users\Brennan Conroy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-15 03:55]
.
2012-04-11 l:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000UA.job
- l:\users\Brennan Conroy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-15 03:55]
.
2012-04-11 l:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- l:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 04:10]
.
2012-04-11 l:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- l:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 04:10]
.
2012-04-11 l:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000Core.job
- l:\users\Brennan Conroy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 16:27]
.
2012-04-11 l:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1791912497-3462530239-3009821092-1000UA.job
- l:\users\Brennan Conroy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 16:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- l:\users\Brennan Conroy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- l:\users\Brennan Conroy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- l:\users\Brennan Conroy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- l:\users\Brennan Conroy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="l:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = l:\windows\system32\blank.htm
uStart Page = hxxp://google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = l:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - l:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - l:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - l:\users\Brennan Conroy\AppData\Roaming\Mozilla\Firefox\Profiles\09bzy7t9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com|http://www.outlook.com/|http://tumblr.com/dashboard|http://youtube.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SysVer - l:\users\Brennan Conroy\AppData\Local\MSRebar\SysVer\SysVer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@l:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="l:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="l:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="l:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="l:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="l:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="l:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-11 15:32:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 22:32
.
Pre-Run: 163,332,292,608 bytes free
Post-Run: 162,797,019,136 bytes free
.
- - End Of File - - 4A8FA600F51B8A8B5E60E53149DA2BD7
-------------------------

When my computer had restarted and ComboFix finished doing its thing, I tried to open up Firefox and was returned an error saying that some registry key had been marked for deletion, and thus the program couldn't be opened. I couldn't open any programs. Fortunately, I've got my system set up to dual-boot with Vista, so I'm running that now until I can get this problem fixed. I'll boot back into Windows 7 and get you a screenshot of the error.
  • 0

#6
Brennan C.

Brennan C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Aaaand now that I'm back into Windows 7 everything seems to be working normally. I'll let you know if I experience any weird symptoms.
  • 0

#7
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts

an error saying that some registry key had been marked for deletion

That happens sometimes after running ComboFix. Rebooting your PC fixes it.


I'd like you to run one more scan before I'm calling it clean and I'll give you my clean-up instructions and prevention tips. :thumbsup:


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
Brennan C.

Brennan C.

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thanks for all of your help; the only weird thing that's happened since booting back into 7 is that Firefox reported that it wasn't set as the default browser.
I already regularly use MBAM (on-demand, in conjunction with MSE) as part of my computer's security, but now that it looks like everything is cleaned up, I'll update and run a quick scan for you. Log below:

----------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brennan Conroy :: ANDRAIIA [administrator]

4/11/12 4:04:44 PM
mbam-log-2012-04-11 (16-04-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197269
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brennan Conroy :: ANDRAIIA [administrator]

4/11/12 4:04:44 PM
mbam-log-2012-04-11 (16-04-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197269
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
----------

That was the fastest quick scan ever. :-P
  • 0

#9
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP