Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Various forms of sirefef and misdirected search engine links


  • Please log in to reply

#1
Lyanheart

Lyanheart

    Member

  • Member
  • PipPipPip
  • 136 posts
Never had any issues on this PC until this past Monday morning, July 9th, 2012. I noticed that MS Security Essentials and Windows Firewall were both disabled. Had to reinstall MSE, ran a scan, and several forms of the trojan SIREFEF were found (sirefef.A, sirefef.AB, etc, various forms). At the same time, I also noticed that google and yahoo search result links would redirect to bogus-looking search pages or advertisements. My desktop icons on each reboot have also been moved to the far-left side of the screen, such as if the screen resolution was altered. Despite MSE finding the problem, and attempting to clean the system, the symptoms keep returning. Have also tried MalwareBytes, Spybot, and CCleaner. MalwareBytes has found and "cleaned" the sirefef files several times as well. I have just gone through another round of "cleaning" and just discovered this forum and the OTL tool. Results posted below. Thank you very much for any help. This is my office PC and it is very important that I regain control if at all possible, instead of a system wipe.

OTL logfile created on: 7/12/2012 12:11:16 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.97% Memory free
7.93 Gb Paging File | 6.13 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 393.12 Gb Free Space | 86.65% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan2011\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (dlbk_device) -- C:\Windows\SysNative\dlbkcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKCU\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/07/12 10:20:59 | 000,443,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15233 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKCU..\Run: [Deployment] C:\Users\Ryan2011\AppData\Local\Google\Deployment\fchxaloqx.dll (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 12:03:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
[2012/07/12 10:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/12 10:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/12 09:52:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/12 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{2619D69C-25F9-47FF-8D7B-B6EF8EBABD9C}
[2012/07/12 08:09:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{04F1100D-E76F-478A-9676-1666AA4BDFF0}
[2012/07/11 09:33:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FFD0C2A0-4BC8-4EEF-A969-E772575F4DA0}
[2012/07/11 08:17:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{806461CF-D781-43DE-86CD-839A519A5299}
[2012/07/10 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{756BD6CD-DBE3-41E4-8F56-35D6E32666AB}
[2012/07/10 11:21:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{834BB3F5-02D8-4686-A68E-57BBD8015BCA}
[2012/07/10 10:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\DIPS64
[2012/07/10 08:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/10 08:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/10 08:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/10 08:44:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\Documents\CC Reg Backups
[2012/07/10 08:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/10 08:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/10 08:37:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Malwarebytes
[2012/07/10 08:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/10 08:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/10 08:35:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/10 08:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/10 08:12:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C2FF3145-8E92-48C5-91DC-7AB134F9CE04}
[2012/07/09 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{09DBCA92-5A7B-40BE-9DE5-0084817972BF}
[2012/07/09 11:56:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A66CF218-D6BF-4DF1-8ED5-A19970275BB5}
[2012/07/09 11:54:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{E52E2322-A992-4080-9A2B-0C03663096D4}
[2012/07/09 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BA5D8A76-7393-4CA2-AF0E-3C5B2C7252ED}
[2012/07/09 08:57:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/06 10:42:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{50834F22-CE21-4DC9-8F44-1038F678A563}
[2012/07/06 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{3FA88EB0-B16A-4CF5-97FE-434D50BBBF08}
[2012/07/05 08:15:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7CDF4D0B-567F-42A7-876B-E90D8156C147}
[2012/07/05 08:15:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B2A6936A-81C6-4FBA-8EEA-6AE826746F85}
[2012/07/03 09:00:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{055110B1-778B-4F50-90F4-27A1D5A355A5}
[2012/07/03 09:00:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{89FD1525-D754-42EF-BD2F-962F59BFCCB1}
[2012/07/02 07:56:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{86F4E93E-C4E8-4C05-B99F-8554F294CE07}
[2012/07/02 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1CD2C962-BD1C-44AE-A9A3-5BE9CDF347A4}
[2012/06/29 09:19:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{90E2F70B-F4F5-4721-BA96-8F09E19258F4}
[2012/06/29 09:18:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AED0B808-0483-4F1E-A0EF-CEBEA243418B}
[2012/06/28 13:01:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D9CFB5D7-9DBA-4568-BB24-734AAAAC29F1}
[2012/06/28 13:00:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4322312C-A6CB-45D7-AF68-01413C85CCB5}
[2012/06/28 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A3E1CC50-1C87-4481-8883-52794E7387AB}
[2012/06/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{653A6100-C324-42F7-A997-663FB95BCF0E}
[2012/06/28 11:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A6B8DC2B-4573-4E5B-BA8E-34C1EE8F5037}
[2012/06/28 11:13:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{31F72151-E589-4BEB-9F71-09C983DADF81}
[2012/06/28 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4AAC560E-0DA0-4347-9CCC-9C26BA563523}
[2012/06/28 08:49:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{32FB2E10-1ED9-4FED-9F41-5B25D795C590}
[2012/06/27 09:04:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{ACA405C1-7F28-44A2-AF09-F932733D8EDE}
[2012/06/27 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{CC017370-B382-4C40-91A2-BBC6335F7F11}
[2012/06/26 08:59:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D91B8860-ECCF-45A1-A6F7-92E2BFBEFEFE}
[2012/06/26 08:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C9C87BB2-FBB9-47BE-992E-CC8ABAA22F92}
[2012/06/25 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{11AC0FEB-9AF2-41AA-9718-8D58432B0005}
[2012/06/25 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{112C00C4-35E6-49F7-A705-A8A7CE68B6E1}
[2012/06/25 09:10:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8C3FE0F6-8161-450D-A41A-FDAF861C7C66}
[2012/06/22 13:37:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{6CC40656-45BE-4BFF-AA9C-A55E538BAD50}
[2012/06/22 13:36:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{453BD47F-22B5-43B3-9CD2-0B68DCF4822F}
[2012/06/22 11:11:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BF2B25E9-AAEE-427B-9999-57AA25B91030}
[2012/06/22 11:11:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D2AB0B14-6B7D-4969-9C66-63CF0AF146F7}
[2012/06/22 09:10:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{98A57D16-4217-466B-8D9C-B7EF5A8E5C0B}
[2012/06/21 08:23:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D6076D73-2DEB-4270-BF54-8AF0858EC165}
[2012/06/21 08:22:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{2A068767-705D-4E23-910D-9981605760A7}
[2012/06/20 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{383322ED-D39B-43C6-B403-77F0B41F18D8}
[2012/06/20 08:08:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0263FA78-9496-44B9-BF11-A9744C840FE1}
[2012/06/18 11:07:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C8D1CDC7-66FB-4114-9CB4-C702A0513CD3}
[2012/06/18 08:01:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FFD19094-6DE5-4B35-A84C-FD2495239066}
[2012/06/16 08:56:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4FE793DC-DAF1-4E1C-A8C3-7C77C9A49440}
[2012/06/15 08:03:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{075E2AA4-C945-4E58-9FB0-F3D91FBDCE6C}
[2012/06/14 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{890513F6-3A73-4191-9964-82FE77504736}
[2012/06/14 08:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BD42CCD5-D1E7-40F4-9D01-1A51216DF399}
[2012/06/13 08:08:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{17DEA1D7-CF4F-4976-852D-9A5D68A37B78}
[2012/06/13 08:08:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{28D3EC66-4C39-443F-B451-36019F476C58}
[2012/06/12 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C23EE236-94F0-42A8-B541-850D2F2D0937}
[2012/06/12 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{72631449-DE04-4B3B-9408-28BF0786D6A6}

========== Files - Modified Within 30 Days ==========

[2012/07/12 12:03:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
[2012/07/12 11:58:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 11:58:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 11:56:12 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 11:56:12 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 11:56:12 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/12 11:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 11:51:34 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 10:47:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/12 10:38:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2012/07/12 10:34:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/12 10:33:59 | 000,747,542 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/12 10:20:59 | 000,443,522 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/12 09:40:02 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 04:39:44 | 000,002,423 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2012/07/11 23:38:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2012/07/11 08:43:48 | 000,285,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 10:07:47 | 000,443,048 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120712-102059.backup
[2012/07/10 08:52:12 | 000,001,264 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 08:41:40 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/09 16:58:00 | 002,988,155 | ---- | M] () -- C:\Users\Ryan2011\Documents\facebook-cheat-sheet-sizes-and-dimensions1.pdf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 08:35:17 | 000,019,914 | ---- | M] () -- C:\Users\Ryan2011\Documents\cowardly lion gasp.jpg
[2012/06/14 11:23:44 | 000,059,755 | ---- | M] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf

========== Files Created - No Company Name ==========

[2012/07/12 10:34:01 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 10:30:49 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{7805e6ce-aece-7b86-307b-b3236983aa6d}\U\00000008.@
[2012/07/12 09:40:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/10 08:52:12 | 000,001,264 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 08:41:40 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/09 16:58:00 | 002,988,155 | ---- | C] () -- C:\Users\Ryan2011\Documents\facebook-cheat-sheet-sizes-and-dimensions1.pdf
[2012/07/09 08:40:53 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{7805e6ce-aece-7b86-307b-b3236983aa6d}\L\00000004.@
[2012/06/27 08:36:17 | 000,019,914 | ---- | C] () -- C:\Users\Ryan2011\Documents\cowardly lion gasp.jpg
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/01/11 10:34:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7805e6ce-aece-7b86-307b-b3236983aa6d}\@
[2012/01/11 10:34:51 | 000,002,048 | -HS- | C] () -- C:\Users\Ryan2011\AppData\Local\{7805e6ce-aece-7b86-307b-b3236983aa6d}\@
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip
[2011/02/14 12:22:06 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/02/03 15:09:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/03 08:52:46 | 000,000,094 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/02/02 11:31:34 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\IIFILE.EXE
[2011/02/02 11:31:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\RelMon.DLL
[2011/01/31 17:37:38 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/31 17:25:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/10 06:29:37 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012/07/12 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2012/04/30 07:44:57 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets remove this for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKCU..\Run: [Deployment] C:\Users\Ryan2011\AppData\Local\Google\Deployment\fchxaloqx.dll (Creative Technology Ltd)

    :Files
    C:\Windows\Installer\{7805e6ce-aece-7b86-307b-b3236983aa6d}
    C:\Users\Ryan2011\AppData\Local\{7805e6ce-aece-7b86-307b-b3236983aa6d}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

AND FINALLY

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Lyanheart

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
OTL log from 2nd scan posted below, proceeding to run ComboFix and will post its log afterwards.



OTL logfile created on: 7/12/2012 3:15:24 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 65.95% Memory free
7.93 Gb Paging File | 6.47 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 394.83 Gb Free Space | 87.03% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan2011\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (dlbk_device) -- C:\Windows\SysNative\dlbkcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKCU\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/07/12 15:10:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 15:16:50 | 004,576,941 | ---- | C] (Swearware) -- C:\Users\Ryan2011\Desktop\ComboFix.exe
[2012/07/12 15:10:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/12 12:03:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
[2012/07/12 10:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/12 10:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/12 09:52:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/12 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{2619D69C-25F9-47FF-8D7B-B6EF8EBABD9C}
[2012/07/12 08:09:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{04F1100D-E76F-478A-9676-1666AA4BDFF0}
[2012/07/11 09:33:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FFD0C2A0-4BC8-4EEF-A969-E772575F4DA0}
[2012/07/11 08:17:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{806461CF-D781-43DE-86CD-839A519A5299}
[2012/07/10 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{756BD6CD-DBE3-41E4-8F56-35D6E32666AB}
[2012/07/10 11:21:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{834BB3F5-02D8-4686-A68E-57BBD8015BCA}
[2012/07/10 10:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\DIPS64
[2012/07/10 08:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/10 08:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/10 08:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/10 08:44:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\Documents\CC Reg Backups
[2012/07/10 08:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/10 08:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/10 08:37:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Malwarebytes
[2012/07/10 08:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/10 08:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/10 08:35:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/10 08:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/10 08:12:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C2FF3145-8E92-48C5-91DC-7AB134F9CE04}
[2012/07/09 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{09DBCA92-5A7B-40BE-9DE5-0084817972BF}
[2012/07/09 11:56:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A66CF218-D6BF-4DF1-8ED5-A19970275BB5}
[2012/07/09 11:54:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{E52E2322-A992-4080-9A2B-0C03663096D4}
[2012/07/09 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BA5D8A76-7393-4CA2-AF0E-3C5B2C7252ED}
[2012/07/09 08:57:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/06 10:42:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{50834F22-CE21-4DC9-8F44-1038F678A563}
[2012/07/06 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{3FA88EB0-B16A-4CF5-97FE-434D50BBBF08}
[2012/07/05 08:15:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7CDF4D0B-567F-42A7-876B-E90D8156C147}
[2012/07/05 08:15:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B2A6936A-81C6-4FBA-8EEA-6AE826746F85}
[2012/07/03 09:00:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{055110B1-778B-4F50-90F4-27A1D5A355A5}
[2012/07/03 09:00:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{89FD1525-D754-42EF-BD2F-962F59BFCCB1}
[2012/07/02 07:56:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{86F4E93E-C4E8-4C05-B99F-8554F294CE07}
[2012/07/02 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1CD2C962-BD1C-44AE-A9A3-5BE9CDF347A4}
[2012/06/29 09:19:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{90E2F70B-F4F5-4721-BA96-8F09E19258F4}
[2012/06/29 09:18:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AED0B808-0483-4F1E-A0EF-CEBEA243418B}
[2012/06/28 13:01:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D9CFB5D7-9DBA-4568-BB24-734AAAAC29F1}
[2012/06/28 13:00:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4322312C-A6CB-45D7-AF68-01413C85CCB5}
[2012/06/28 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A3E1CC50-1C87-4481-8883-52794E7387AB}
[2012/06/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{653A6100-C324-42F7-A997-663FB95BCF0E}
[2012/06/28 11:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A6B8DC2B-4573-4E5B-BA8E-34C1EE8F5037}
[2012/06/28 11:13:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{31F72151-E589-4BEB-9F71-09C983DADF81}
[2012/06/28 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4AAC560E-0DA0-4347-9CCC-9C26BA563523}
[2012/06/28 08:49:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{32FB2E10-1ED9-4FED-9F41-5B25D795C590}
[2012/06/27 09:04:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{ACA405C1-7F28-44A2-AF09-F932733D8EDE}
[2012/06/27 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{CC017370-B382-4C40-91A2-BBC6335F7F11}
[2012/06/26 08:59:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D91B8860-ECCF-45A1-A6F7-92E2BFBEFEFE}
[2012/06/26 08:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C9C87BB2-FBB9-47BE-992E-CC8ABAA22F92}
[2012/06/25 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{11AC0FEB-9AF2-41AA-9718-8D58432B0005}
[2012/06/25 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{112C00C4-35E6-49F7-A705-A8A7CE68B6E1}
[2012/06/25 09:10:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8C3FE0F6-8161-450D-A41A-FDAF861C7C66}
[2012/06/22 13:37:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{6CC40656-45BE-4BFF-AA9C-A55E538BAD50}
[2012/06/22 13:36:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{453BD47F-22B5-43B3-9CD2-0B68DCF4822F}
[2012/06/22 11:11:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BF2B25E9-AAEE-427B-9999-57AA25B91030}
[2012/06/22 11:11:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D2AB0B14-6B7D-4969-9C66-63CF0AF146F7}
[2012/06/22 09:10:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{98A57D16-4217-466B-8D9C-B7EF5A8E5C0B}
[2012/06/21 08:23:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D6076D73-2DEB-4270-BF54-8AF0858EC165}
[2012/06/21 08:22:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{2A068767-705D-4E23-910D-9981605760A7}
[2012/06/20 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{383322ED-D39B-43C6-B403-77F0B41F18D8}
[2012/06/20 08:08:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0263FA78-9496-44B9-BF11-A9744C840FE1}
[2012/06/18 11:07:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C8D1CDC7-66FB-4114-9CB4-C702A0513CD3}
[2012/06/18 08:01:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FFD19094-6DE5-4B35-A84C-FD2495239066}
[2012/06/16 08:56:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4FE793DC-DAF1-4E1C-A8C3-7C77C9A49440}
[2012/06/15 08:03:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{075E2AA4-C945-4E58-9FB0-F3D91FBDCE6C}
[2012/06/14 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{890513F6-3A73-4191-9964-82FE77504736}
[2012/06/14 08:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BD42CCD5-D1E7-40F4-9D01-1A51216DF399}
[2012/06/13 08:08:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{17DEA1D7-CF4F-4976-852D-9A5D68A37B78}
[2012/06/13 08:08:37 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{28D3EC66-4C39-443F-B451-36019F476C58}

========== Files - Modified Within 30 Days ==========

[2012/07/12 15:19:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 15:19:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 15:19:35 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 15:19:35 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 15:19:35 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/12 15:16:52 | 004,576,941 | ---- | M] (Swearware) -- C:\Users\Ryan2011\Desktop\ComboFix.exe
[2012/07/12 15:12:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 15:12:36 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 15:10:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/12 14:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/12 14:38:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2012/07/12 12:03:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
[2012/07/12 10:34:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/12 10:33:59 | 000,747,542 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/12 09:40:02 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 04:39:44 | 000,002,423 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2012/07/11 23:38:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2012/07/11 08:43:48 | 000,285,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 10:07:47 | 000,443,048 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120712-102059.backup
[2012/07/10 08:52:12 | 000,001,264 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 08:41:40 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/09 16:58:00 | 002,988,155 | ---- | M] () -- C:\Users\Ryan2011\Documents\facebook-cheat-sheet-sizes-and-dimensions1.pdf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 08:35:17 | 000,019,914 | ---- | M] () -- C:\Users\Ryan2011\Documents\cowardly lion gasp.jpg
[2012/06/14 11:23:44 | 000,059,755 | ---- | M] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf

========== Files Created - No Company Name ==========

[2012/07/12 10:34:01 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 09:40:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/10 08:52:12 | 000,001,264 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 08:41:40 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/09 16:58:00 | 002,988,155 | ---- | C] () -- C:\Users\Ryan2011\Documents\facebook-cheat-sheet-sizes-and-dimensions1.pdf
[2012/06/27 08:36:17 | 000,019,914 | ---- | C] () -- C:\Users\Ryan2011\Documents\cowardly lion gasp.jpg
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip
[2011/02/14 12:22:06 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/02/03 15:09:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/03 08:52:46 | 000,000,094 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/02/02 11:31:34 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\IIFILE.EXE
[2011/02/02 11:31:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\RelMon.DLL
[2011/01/31 17:37:38 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/31 17:25:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/10 06:29:37 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012/07/12 15:13:33 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2012/04/30 07:44:57 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
Lyanheart

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
System is operating normally at the moment, other than the desktop icons continue to get shifted on each reboot. Posting ComboFix log:


ComboFix 12-07-12.02 - Ryan2011 07/12/2012 15:27:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2584 [GMT -4:00]
Running from: c:\users\Ryan2011\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 19:30 . 2012-07-12 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 19:10 . 2012-07-12 19:10 -------- d-----w- C:\_OTL
2012-07-12 14:57 . 2012-07-12 14:57 328704 ----a-w- c:\windows\system32\services.exe.77574F9B5422EFE1
2012-07-12 14:54 . 2012-07-12 14:54 328704 ----a-w- c:\windows\system32\services.exe.07945D2C85D437C1
2012-07-12 14:34 . 2012-07-12 14:34 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7BADB10E-5569-4687-8FF1-6F350E6FB4B7}\gapaengine.dll
2012-07-12 14:34 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE42DE7F-793A-4F78-96A4-B82B0E271B68}\mpengine.dll
2012-07-12 14:33 . 2012-07-12 14:33 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-12 14:33 . 2012-07-12 14:34 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-11 12:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:36 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-11 12:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-10 14:25 . 2012-07-10 14:25 -------- d-----w- c:\program files\DIPS64
2012-07-10 12:52 . 2012-07-12 14:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-10 12:52 . 2012-07-10 12:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-10 12:41 . 2012-07-10 12:41 -------- d-----w- c:\program files\CCleaner
2012-07-10 12:37 . 2012-07-10 12:37 -------- d-----w- c:\users\Ryan2011\AppData\Roaming\Malwarebytes
2012-07-10 12:35 . 2012-07-10 12:35 -------- d-----w- c:\programdata\Malwarebytes
2012-07-10 12:35 . 2012-07-12 13:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-10 12:35 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 13:48 . 2012-07-09 13:48 328704 ----a-w- c:\windows\system32\services.exe.248A3FEBD2117956
2012-07-09 13:44 . 2012-07-09 13:44 328704 ----a-w- c:\windows\system32\services.exe.BF241D29E72E0404
2012-07-09 13:39 . 2012-07-09 13:39 328704 ----a-w- c:\windows\system32\services.exe.D625D2D679FB13E4
2012-07-09 12:57 . 2012-07-09 12:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-22 11:53 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 11:53 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 11:53 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 11:53 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 11:53 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 11:53 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 11:53 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 11:53 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 11:53 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 11:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 11:50 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 11:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 11:50 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 11:50 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 11:49 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 11:49 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 11:49 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 11:49 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 11:49 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 11:49 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 11:49 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 11:49 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 11:49 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 11:49 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 11:49 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:47 . 2012-03-30 11:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 17:47 . 2011-05-18 11:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 14:59 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-05-23 12:25 . 2012-05-23 12:25 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"masqform.exe"="c:\program files (x86)\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 634880]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-7 113664]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-12-21 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-12-21 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-12-21 159208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-01 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-26 567024]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:47]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
- c:\users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 19:10]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
- c:\users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 19:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-Deployment - c:\users\Ryan2011\AppData\Local\Google\Deployment\fchxaloqx.dll
Notify-GoToAssist - (no file)
Notify-igfxcui - (no file)
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-07-12 15:35:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 19:35
.
Pre-Run: 423,809,871,872 bytes free
Post-Run: 423,261,253,632 bytes free
.
- - End Of File - - 03E928A1CA946A1F68298E5BB54526D8

Edited by Lyanheart, 12 July 2012 - 01:42 PM.

  • 0

#5
Lyanheart

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Icons stayed in place after last reboot, and Windows Firewall is back online. Have not seen any of the problems back at this point.
I will keep an eye on things for the next day or so to make sure it's all back to normal.
Thank you very much for the help; if everything stays good I will be sure to send a donation!
Posting aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-12 15:44:01
-----------------------------
15:44:01.073 OS Version: Windows x64 6.1.7601 Service Pack 1
15:44:01.073 Number of processors: 2 586 0x170A
15:44:01.073 ComputerName: RYAN2011-PC UserName: Ryan2011
15:44:04.380 Initialize success
15:44:27.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:44:27.333 Disk 0 Vendor: ST350041 CC46 Size: 476940MB BusType: 3
15:44:27.349 Disk 0 MBR read successfully
15:44:27.349 Disk 0 MBR scan
15:44:27.349 Disk 0 Windows VISTA default MBR code
15:44:27.349 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:44:27.364 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12318 MB offset 81920
15:44:27.380 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464581 MB offset 25309184
15:44:27.395 Disk 0 scanning C:\Windows\system32\drivers
15:44:33.464 Service scanning
15:44:43.697 Modules scanning
15:44:43.697 Disk 0 trace - called modules:
15:44:43.713 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:44:43.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800490e060]
15:44:43.729 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80043ad050]
15:44:43.729 Scan finished successfully
15:44:59.859 Disk 0 MBR has been saved successfully to "C:\Users\Ryan2011\Desktop\MBR.dat"
15:44:59.859 The log file has been saved successfully to "C:\Users\Ryan2011\Desktop\aswMBR.txt"
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a quick Malwarebytes scan please to check for orphans, posting the resultant log. The last two reports looked good
  • 0

#7
Lyanheart

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
System has been working as normal this morning.
MalwareBytes log of recent scan, finding 1 item:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ryan2011 :: RYAN2011-PC [administrator]

7/13/2012 8:50:40 AM
mbam-log-2012-07-13 (08-50-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220851
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Ryan2011\AppData\Local\Temp\0.2302201146264815 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have one further quick OTL scan please as I want to see if the temp file brought anything with it
  • 0

#9
Lyanheart

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
OTL logfile created on: 7/13/2012 9:56:09 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.14% Memory free
7.93 Gb Paging File | 6.05 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 393.72 Gb Free Space | 86.78% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan2011\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (dlbk_device) -- C:\Windows\SysNative\dlbkcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKCU\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/07/12 15:31:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKCU..\Run: [PackageAware] C:\Users\Ryan2011\AppData\Local\SCE\PackageAware\jqjsvyzea.dll (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 15:42:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ryan2011\Desktop\aswMBR.exe
[2012/07/12 15:31:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/12 15:26:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/12 15:26:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/12 15:26:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/12 15:26:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/12 15:26:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/12 15:16:50 | 004,576,941 | R--- | C] (Swearware) -- C:\Users\Ryan2011\Desktop\ComboFix.exe
[2012/07/12 15:10:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/12 12:03:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
[2012/07/12 10:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/12 10:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/12 09:52:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/12 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{2619D69C-25F9-47FF-8D7B-B6EF8EBABD9C}
[2012/07/12 08:09:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{04F1100D-E76F-478A-9676-1666AA4BDFF0}
[2012/07/11 09:33:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FFD0C2A0-4BC8-4EEF-A969-E772575F4DA0}
[2012/07/11 08:17:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{806461CF-D781-43DE-86CD-839A519A5299}
[2012/07/10 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{756BD6CD-DBE3-41E4-8F56-35D6E32666AB}
[2012/07/10 11:21:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{834BB3F5-02D8-4686-A68E-57BBD8015BCA}
[2012/07/10 10:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\DIPS64
[2012/07/10 08:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/10 08:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/10 08:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/10 08:44:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\Documents\CC Reg Backups
[2012/07/10 08:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/10 08:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/10 08:37:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Malwarebytes
[2012/07/10 08:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/10 08:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/10 08:35:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/10 08:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/10 08:12:06 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C2FF3145-8E92-48C5-91DC-7AB134F9CE04}
[2012/07/09 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{09DBCA92-5A7B-40BE-9DE5-0084817972BF}
[2012/07/09 11:56:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A66CF218-D6BF-4DF1-8ED5-A19970275BB5}
[2012/07/09 11:54:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{E52E2322-A992-4080-9A2B-0C03663096D4}
[2012/07/09 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BA5D8A76-7393-4CA2-AF0E-3C5B2C7252ED}
[2012/07/09 08:57:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/06 10:42:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{50834F22-CE21-4DC9-8F44-1038F678A563}
[2012/07/06 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{3FA88EB0-B16A-4CF5-97FE-434D50BBBF08}
[2012/07/05 08:15:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7CDF4D0B-567F-42A7-876B-E90D8156C147}
[2012/07/05 08:15:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B2A6936A-81C6-4FBA-8EEA-6AE826746F85}
[2012/07/03 09:00:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{055110B1-778B-4F50-90F4-27A1D5A355A5}
[2012/07/03 09:00:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{89FD1525-D754-42EF-BD2F-962F59BFCCB1}
[2012/07/02 07:56:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{86F4E93E-C4E8-4C05-B99F-8554F294CE07}
[2012/07/02 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1CD2C962-BD1C-44AE-A9A3-5BE9CDF347A4}
[2012/06/29 09:19:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{90E2F70B-F4F5-4721-BA96-8F09E19258F4}
[2012/06/29 09:18:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AED0B808-0483-4F1E-A0EF-CEBEA243418B}
[2012/06/28 13:01:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D9CFB5D7-9DBA-4568-BB24-734AAAAC29F1}
[2012/06/28 13:00:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4322312C-A6CB-45D7-AF68-01413C85CCB5}
[2012/06/28 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A3E1CC50-1C87-4481-8883-52794E7387AB}
[2012/06/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{653A6100-C324-42F7-A997-663FB95BCF0E}
[2012/06/28 11:43:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A6B8DC2B-4573-4E5B-BA8E-34C1EE8F5037}
[2012/06/28 11:13:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{31F72151-E589-4BEB-9F71-09C983DADF81}
[2012/06/28 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4AAC560E-0DA0-4347-9CCC-9C26BA563523}
[2012/06/28 08:49:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{32FB2E10-1ED9-4FED-9F41-5B25D795C590}
[2012/06/27 09:04:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{ACA405C1-7F28-44A2-AF09-F932733D8EDE}
[2012/06/27 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{CC017370-B382-4C40-91A2-BBC6335F7F11}
[2012/06/26 08:59:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D91B8860-ECCF-45A1-A6F7-92E2BFBEFEFE}
[2012/06/26 08:59:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C9C87BB2-FBB9-47BE-992E-CC8ABAA22F92}
[2012/06/25 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{11AC0FEB-9AF2-41AA-9718-8D58432B0005}
[2012/06/25 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{112C00C4-35E6-49F7-A705-A8A7CE68B6E1}
[2012/06/25 09:10:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8C3FE0F6-8161-450D-A41A-FDAF861C7C66}
[2012/06/22 13:37:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{6CC40656-45BE-4BFF-AA9C-A55E538BAD50}
[2012/06/22 13:36:56 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{453BD47F-22B5-43B3-9CD2-0B68DCF4822F}
[2012/06/22 11:11:41 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BF2B25E9-AAEE-427B-9999-57AA25B91030}
[2012/06/22 11:11:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D2AB0B14-6B7D-4969-9C66-63CF0AF146F7}
[2012/06/22 09:10:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{98A57D16-4217-466B-8D9C-B7EF5A8E5C0B}
[2012/06/21 08:23:20 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D6076D73-2DEB-4270-BF54-8AF0858EC165}
[2012/06/21 08:22:57 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{2A068767-705D-4E23-910D-9981605760A7}
[2012/06/20 08:08:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{383322ED-D39B-43C6-B403-77F0B41F18D8}
[2012/06/20 08:08:33 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0263FA78-9496-44B9-BF11-A9744C840FE1}
[2012/06/18 11:07:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{C8D1CDC7-66FB-4114-9CB4-C702A0513CD3}
[2012/06/18 08:01:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{FFD19094-6DE5-4B35-A84C-FD2495239066}
[2012/06/16 08:56:00 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{4FE793DC-DAF1-4E1C-A8C3-7C77C9A49440}
[2012/06/15 08:03:27 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{075E2AA4-C945-4E58-9FB0-F3D91FBDCE6C}
[2012/06/14 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{890513F6-3A73-4191-9964-82FE77504736}
[2012/06/14 08:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{BD42CCD5-D1E7-40F4-9D01-1A51216DF399}

========== Files - Modified Within 30 Days ==========

[2012/07/13 09:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 09:38:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2012/07/13 07:57:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 07:57:12 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 07:54:13 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/13 07:54:13 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/13 07:54:13 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 07:49:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/13 07:49:50 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 15:43:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ryan2011\Desktop\aswMBR.exe
[2012/07/12 15:31:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/12 15:16:52 | 004,576,941 | R--- | M] (Swearware) -- C:\Users\Ryan2011\Desktop\ComboFix.exe
[2012/07/12 12:03:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
[2012/07/12 10:34:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/12 10:33:59 | 000,747,542 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/12 09:40:02 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 04:39:44 | 000,002,423 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2012/07/11 23:38:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2012/07/11 08:43:48 | 000,285,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 10:07:47 | 000,443,048 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120712-102059.backup
[2012/07/10 08:52:12 | 000,001,264 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 08:41:40 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/09 16:58:00 | 002,988,155 | ---- | M] () -- C:\Users\Ryan2011\Documents\facebook-cheat-sheet-sizes-and-dimensions1.pdf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 08:35:17 | 000,019,914 | ---- | M] () -- C:\Users\Ryan2011\Documents\cowardly lion gasp.jpg
[2012/06/14 11:23:44 | 000,059,755 | ---- | M] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf

========== Files Created - No Company Name ==========

[2012/07/12 15:26:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/12 15:26:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/12 15:26:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/12 15:26:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/12 15:26:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/12 10:34:01 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 09:40:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/10 08:52:12 | 000,001,264 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 08:41:40 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/09 16:58:00 | 002,988,155 | ---- | C] () -- C:\Users\Ryan2011\Documents\facebook-cheat-sheet-sizes-and-dimensions1.pdf
[2012/06/27 08:36:17 | 000,019,914 | ---- | C] () -- C:\Users\Ryan2011\Documents\cowardly lion gasp.jpg
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip
[2011/02/14 12:22:06 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/02/03 15:09:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/03 08:52:46 | 000,000,094 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/02/02 11:31:34 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\IIFILE.EXE
[2011/02/02 11:31:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\RelMon.DLL
[2011/01/31 17:37:38 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/31 17:25:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/10 06:29:37 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012/07/13 07:50:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2012/04/30 07:44:57 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope looks clean ... Any apparent problems before I remove the tools ?
  • 0

#11
Lyanheart

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Have not seen any problems return, thank you!
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
Lyanheart

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
All cleaned up, thanks again. Sent you a donation through paypal for the help.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just received it :thumbsup:

Thank you very much 'tis greatly appreciated
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP