Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google links go to strange spam websites [Solved]


  • This topic is locked This topic is locked

#1
wickkidda

wickkidda

    Member

  • Member
  • PipPipPip
  • 127 posts
i have to type addresses in manually, if i google something and click a result it takes me to something else



OTL logfile created on: 7/23/2012 4:02:34 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.60 Gb Available Physical Memory | 70.27% Memory free
15.94 Gb Paging File | 13.41 Gb Available in Paging File | 84.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 324.80 Gb Free Space | 34.87% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 03:58:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2012/07/18 01:34:14 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2012/07/12 09:47:07 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/30 13:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/10/14 22:49:40 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/09/01 00:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 17:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 17:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 01:34:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/12 09:47:07 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/21 16:43:16 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/21 16:43:12 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/21 16:43:12 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/21 16:43:12 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/21 16:43:12 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/05/30 13:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 01:34:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/07/12 15:16:56 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/12 09:47:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/20 02:59:42 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/19 22:23:38 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 02:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/02/22 02:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 16:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 01:34:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 19:01:35 | 000,000,000 | ---D | M]

[2011/10/14 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2012/07/11 20:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2012/05/10 20:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2012/01/03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\searchplugins\askcom.xml
[2012/03/17 19:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/11 20:31:30 | 000,525,390 | ---- | M] () (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\07UDYNA9.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/07/18 01:34:14 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/11 21:19:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/10 00:55:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 00:55:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/29 19:20:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9B6F070-26E2-4BF6-A2DA-A2E8F52E564D}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 02:12:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/21 14:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/07/21 14:47:47 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
[2012/07/21 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
[2012/07/19 20:52:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Amnesia
[2012/07/19 20:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2012/07/19 20:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2012/07/18 21:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2012/07/17 22:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/07/17 22:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/07/17 22:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/07/10 05:56:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\SimCity 4
[2012/07/10 05:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2012/07/10 05:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2012/07/08 01:46:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\riotsGamesLogs
[2012/07/06 00:05:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/07/05 22:35:37 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/07/05 22:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/07/05 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\PMB Files
[2012/07/05 21:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/07/05 21:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/06/29 16:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012/06/24 16:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Games
[2012/06/24 15:39:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\EA Games
[2012/06/24 15:38:37 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

========== Files - Modified Within 30 Days ==========

[2012/07/23 03:57:19 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 03:57:19 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 03:50:23 | 000,001,156 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
[2012/07/23 03:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/23 03:50:01 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 03:49:21 | 000,327,680 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/07/23 03:47:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/23 01:52:46 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/23 01:52:46 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/23 01:52:46 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/21 17:53:31 | 000,791,188 | ---- | M] () -- C:\Users\Matt\Desktop\meandkitty.png
[2012/07/21 14:47:48 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio-Recorder.lnk
[2012/07/19 20:51:44 | 000,002,132 | ---- | M] () -- C:\Users\Matt\Desktop\Amnesia.lnk
[2012/07/18 20:00:01 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/17 22:07:51 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/07/16 20:40:42 | 000,012,800 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/12 03:47:12 | 002,508,249 | ---- | M] () -- C:\Users\Matt\Desktop\777.png
[2012/07/12 02:21:03 | 001,952,352 | ---- | M] () -- C:\Users\Matt\Desktop\newcity.png
[2012/07/11 05:42:39 | 000,046,981 | ---- | M] () -- C:\Users\Matt\Desktop\PID_2120875_SantigoldWale_ZolaDream_970x250_RM_Img.gif
[2012/07/10 23:46:51 | 000,001,635 | ---- | M] () -- C:\Users\Matt\Desktop\Sim City 4 - Deluxe Edition.lnk
[2012/07/10 05:53:41 | 000,000,530 | ---- | M] () -- C:\Windows\eReg.dat
[2012/07/05 22:37:20 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/04 15:38:14 | 000,069,817 | ---- | M] () -- C:\Users\Matt\Desktop\tumblr_m5gyrzHe1z1rp42ouo1_500.jpg
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/29 19:38:30 | 000,002,466 | ---- | M] () -- C:\Users\Matt\Desktop\Planetside.lnk

========== Files Created - No Company Name ==========

[2012/07/23 03:51:08 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
[2012/07/23 02:06:16 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\L\[email protected]
[2012/07/23 02:06:15 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
[2012/07/23 02:06:15 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
[2012/07/23 02:06:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
[2012/07/23 02:06:12 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
[2012/07/23 02:06:12 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
[2012/07/21 17:53:31 | 000,791,188 | ---- | C] () -- C:\Users\Matt\Desktop\meandkitty.png
[2012/07/21 14:47:48 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio-Recorder.lnk
[2012/07/19 20:51:44 | 000,002,132 | ---- | C] () -- C:\Users\Matt\Desktop\Amnesia.lnk
[2012/07/17 22:07:51 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/07/12 03:47:12 | 002,508,249 | ---- | C] () -- C:\Users\Matt\Desktop\777.png
[2012/07/12 02:21:03 | 001,952,352 | ---- | C] () -- C:\Users\Matt\Desktop\newcity.png
[2012/07/11 05:42:37 | 000,046,981 | ---- | C] () -- C:\Users\Matt\Desktop\PID_2120875_SantigoldWale_ZolaDream_970x250_RM_Img.gif
[2012/07/10 05:57:55 | 000,001,635 | ---- | C] () -- C:\Users\Matt\Desktop\Sim City 4 - Deluxe Edition.lnk
[2012/07/10 05:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012/07/05 22:37:20 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/04 15:38:13 | 000,069,817 | ---- | C] () -- C:\Users\Matt\Desktop\tumblr_m5gyrzHe1z1rp42ouo1_500.jpg
[2012/06/29 19:23:24 | 000,002,494 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Planetside.lnk
[2012/06/29 19:23:24 | 000,002,466 | ---- | C] () -- C:\Users\Matt\Desktop\Planetside.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/08 22:04:12 | 000,000,906 | ---- | C] () -- C:\Windows\DC.ini
[2012/05/02 22:17:10 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/05/02 22:17:10 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/05/02 22:17:10 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/27 22:27:48 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 23:00:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/31 23:11:00 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/30 14:16:01 | 000,012,800 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 08:06:15 | 000,000,000 | ---- | C] () -- C:\Windows\BlueFoxStudio_Video.INI
[2011/10/14 22:47:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\@
[2011/10/14 22:47:13 | 000,002,048 | -HS- | C] () -- C:\Users\Matt\AppData\Local\{dbb020f5-8197-ae82-a58d-bff347b419b5}\@
[2011/10/14 22:02:18 | 000,000,252 | ---- | C] () -- C:\Windows\checkip.dat

========== LOP Check ==========

[2012/07/22 17:56:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2012/07/22 05:16:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2012/03/30 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Avnex
[2012/02/05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2011/11/06 03:10:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Bioshock
[2012/07/23 03:59:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2012/06/13 23:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2012/04/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2011/12/01 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/06 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/03/06 04:33:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2011/11/30 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2012/05/20 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2011/10/27 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 02:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/06/25 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2011/12/15 23:12:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2012/07/15 22:12:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 07:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG
[2009/07/14 01:08:49 | 000,024,924 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:359B3BDA

< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Hello wickkidda and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi there,
I would like you to run another scan for me while I go over this log file.

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply
  • 0

#3
wickkidda

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 03:28:56
-----------------------------
03:28:56.136 OS Version: Windows x64 6.1.7600
03:28:56.136 Number of processors: 4 586 0x2A07
03:28:56.137 ComputerName: MATT-PC UserName: Matt
03:28:59.779 Initialize success
03:29:23.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
03:29:24.002 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
03:29:24.010 Disk 0 MBR read successfully
03:29:24.013 Disk 0 MBR scan
03:29:24.017 Disk 0 Windows 7 default MBR code
03:29:24.025 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
03:29:24.039 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
03:29:24.054 Disk 0 scanning C:\Windows\system32\drivers
03:29:29.533 Service scanning
03:29:38.722 Modules scanning
03:29:38.729 Disk 0 trace - called modules:
03:29:38.735
03:29:38.740 Scan finished successfully
03:30:09.701 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
03:30:09.704 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Hi there,
lets start cleaning this up -
Can you tell me if you have an anti-virus program installed?

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    [2012/07/23 03:51:08 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
    [2012/07/23 02:06:16 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\L\[email protected]
    [2012/07/23 02:06:15 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
    [2012/07/23 02:06:15 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
    [2012/07/23 02:06:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
    [2012/07/23 02:06:12 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
    [2012/07/23 02:06:12 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected]
    [2011/10/14 22:47:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\@
    [2011/10/14 22:47:13 | 000,002,048 | -HS- | C] () -- C:\Users\Matt\AppData\Local\{dbb020f5-8197-ae82-a58d-bff347b419b5}\@
    
    :files
    C:\Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}
    C:\Users\Matt\AppData\Local\{dbb020f5-8197-ae82-a58d-bff347b419b5}\
    
    :commands
    [emptytemp]
    [reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Step 3
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
/md5start
consrv.dll
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

In your next reply I would like to see:
  • OTL fix log
  • Combofix log
  • OTL custom scan log.

  • 0

#5
wickkidda

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
i dont know what happened to the OTL fix log after i rebooted, i only see OTL.log from last night, but the google links redirection problem is gone


heres the combofix log and then the last OTL log, there was no extras.log




ComboFix 12-07-25.04 - Matt 07/24/2012 16:28:33.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8164.6378 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-24 20:34 . 2012-07-24 20:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-24 20:34 . 2012-07-24 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 20:20 . 2012-07-24 20:20 -------- d-----w- C:\_OTL
2012-07-23 10:07 . 2012-07-23 10:25 -------- d-----w- c:\users\Matt\AppData\Roaming\mIRC
2012-07-23 10:07 . 2012-07-23 10:07 -------- d-----w- c:\program files (x86)\mIRC
2012-07-23 06:12 . 2012-07-23 06:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-21 18:47 . 2012-07-21 18:47 -------- d-----w- c:\program files (x86)\CamStudio 2.6b
2012-07-21 18:47 . 2010-10-24 04:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-07-20 00:48 . 2012-07-20 00:51 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
2012-07-18 02:07 . 2012-07-18 02:43 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-07-18 02:07 . 2012-07-18 02:07 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-07-10 09:53 . 2012-07-10 09:53 -------- d-----w- c:\program files (x86)\Maxis
2012-07-08 05:46 . 2012-07-12 06:41 -------- d-----w- c:\users\Matt\riotsGamesLogs
2012-07-06 04:05 . 2012-07-06 04:05 -------- d-----w- c:\users\Matt\AppData\Roaming\LolClient
2012-07-06 02:37 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-07-06 02:37 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-07-06 02:37 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-07-06 02:35 . 2012-07-06 02:35 -------- d-----w- C:\Riot Games
2012-07-06 01:17 . 2012-07-24 07:25 -------- d-----w- c:\users\Matt\AppData\Local\PMB Files
2012-07-06 01:17 . 2012-07-24 07:25 -------- d-----w- c:\programdata\PMB Files
2012-07-06 01:17 . 2012-07-06 01:17 -------- d-----w- c:\program files (x86)\Pando Networks
2012-06-29 20:45 . 2012-06-29 20:45 -------- d-----w- c:\program files\Sony
2012-06-24 20:43 . 2012-06-24 20:43 -------- d-----w- c:\programdata\EA Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 13:47 . 2012-04-02 05:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 13:47 . 2011-10-15 02:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-10-15 06:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 23:20 . 2012-06-05 23:20 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-05 23:20 . 2012-06-05 23:20 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 23:20 . 2012-06-05 23:20 268744 ----a-w- c:\windows\system32\javaws.exe
2012-06-05 23:20 . 2012-06-05 23:20 189384 ----a-w- c:\windows\system32\javaw.exe
2012-06-05 23:20 . 2012-06-05 23:20 188872 ----a-w- c:\windows\system32\java.exe
2012-05-15 10:48 . 2012-05-26 05:03 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-26 05:03 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-26 05:03 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-26 05:03 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-26 05:03 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-26 05:03 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-26 05:03 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-26 05:03 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-26 05:03 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-26 05:03 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-26 05:03 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-26 05:03 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-26 05:03 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-26 05:03 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-26 05:03 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-26 05:03 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-26 05:03 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-04-03 19:34 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-04-03 19:34 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-03 19:34 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-10-15 02:36 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-10-15 02:36 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-10-15 02:36 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-10-15 02:36 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-15 02:36 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-15 02:36 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-10-15 02:36 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-10-15 02:36 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-10-15 02:36 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-10-15 02:36 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-04-03 19:35 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-10-15 02:36 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-10-15 02:36 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-03 02:25 . 2012-05-03 02:17 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-05-03 02:25 . 2012-05-03 02:17 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-05-03 02:25 . 2012-05-03 02:17 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-05-01 19:45 . 2012-05-01 19:45 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-01 19:45 . 2012-05-01 19:45 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-01 19:45 . 2012-05-01 19:45 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-01 19:45 . 2012-05-01 19:45 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-15 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-6-14 2039536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 187912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-04-20 736104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-07-16 2416040]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - network.protocol-handler.warn-external.dnupdate
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-UnityWebPlayer - c:\users\Matt\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-6543664-2043801977-3085460779-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7b,ea,0b,b2,4d,7b,70,08,0f,57,8f,03,14,8d,b5,6a,94,4f,e7,96,f9,32,e9,
7e,9c,8e,d7,6c,52,85,86,d5,28,65,d8,48,83,eb,6f,b4,b9,22,41,49,72,41,9f,52,\
"??"=hex:0e,36,89,5e,e6,e5,10,4a,dd,10,a4,8c,5c,05,ac,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2012-07-24 16:40:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 20:40
.
Pre-Run: 350,387,802,112 bytes free
Post-Run: 350,516,264,960 bytes free
.
- - End Of File - - 574D6C8DB3C32B93F26BBBA33A86234C










OTL logfile created on: 7/24/2012 4:48:23 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.18 Gb Available Physical Memory | 77.48% Memory free
15.94 Gb Paging File | 14.00 Gb Available in Paging File | 87.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 326.53 Gb Free Space | 35.06% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 03:58:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2012/07/18 01:34:14 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2012/07/12 09:47:07 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/30 13:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/09/01 00:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 01:34:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/12 09:47:07 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/05/30 13:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 01:34:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/07/12 15:16:56 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/12 09:47:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/20 02:59:42 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/19 22:23:38 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 02:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/02/22 02:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 16:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 01:34:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 19:01:35 | 000,000,000 | ---D | M]

[2011/10/14 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2012/07/11 20:31:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2012/05/10 20:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2012/01/03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\searchplugins\askcom.xml
[2012/03/17 19:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/11 20:31:30 | 000,525,390 | ---- | M] () (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\07UDYNA9.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/07/18 01:34:14 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/11 21:19:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/10 00:55:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 00:55:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/24 16:36:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-6543664-2043801977-3085460779-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9B6F070-26E2-4BF6-A2DA-A2E8F52E564D}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 16:40:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/24 16:26:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/24 16:26:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/24 16:26:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/24 16:26:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/24 16:26:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/24 16:25:30 | 004,584,441 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2012/07/24 16:20:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/24 03:33:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/23 06:07:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\mIRC
[2012/07/23 06:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2012/07/23 06:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2012/07/23 03:58:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/07/23 02:12:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/21 14:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/07/21 14:47:47 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
[2012/07/21 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
[2012/07/19 20:52:53 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Amnesia
[2012/07/19 20:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2012/07/19 20:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent
[2012/07/18 21:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2012/07/17 22:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/07/17 22:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/07/17 22:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/07/10 05:56:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\SimCity 4
[2012/07/10 05:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2012/07/10 05:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2012/07/08 01:46:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\riotsGamesLogs
[2012/07/06 00:05:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/07/05 22:35:37 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/07/05 22:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/07/05 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\PMB Files
[2012/07/05 21:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/07/05 21:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/06/29 16:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

========== Files - Modified Within 30 Days ==========

[2012/07/24 16:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 16:44:37 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 16:44:37 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 16:36:25 | 000,001,156 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
[2012/07/24 16:36:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/24 16:36:02 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/07/24 16:35:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 16:35:52 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 16:25:56 | 004,584,441 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2012/07/24 03:33:18 | 696,701,777 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/24 03:30:09 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/07/24 00:16:51 | 000,777,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/24 00:16:51 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/24 00:16:51 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/23 06:07:16 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012/07/23 03:58:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/07/21 17:53:31 | 000,791,188 | ---- | M] () -- C:\Users\Matt\Desktop\meandkitty.png
[2012/07/21 14:47:48 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio-Recorder.lnk
[2012/07/19 20:51:44 | 000,002,132 | ---- | M] () -- C:\Users\Matt\Desktop\Amnesia.lnk
[2012/07/18 20:00:01 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/17 22:07:51 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/07/16 20:40:42 | 000,012,800 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/12 03:47:12 | 002,508,249 | ---- | M] () -- C:\Users\Matt\Desktop\777.png
[2012/07/12 02:21:03 | 001,952,352 | ---- | M] () -- C:\Users\Matt\Desktop\newcity.png
[2012/07/11 05:42:39 | 000,046,981 | ---- | M] () -- C:\Users\Matt\Desktop\PID_2120875_SantigoldWale_ZolaDream_970x250_RM_Img.gif
[2012/07/10 23:46:51 | 000,001,635 | ---- | M] () -- C:\Users\Matt\Desktop\Sim City 4 - Deluxe Edition.lnk
[2012/07/10 05:53:41 | 000,000,530 | ---- | M] () -- C:\Windows\eReg.dat
[2012/07/05 22:37:20 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/04 15:38:14 | 000,069,817 | ---- | M] () -- C:\Users\Matt\Desktop\tumblr_m5gyrzHe1z1rp42ouo1_500.jpg
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/29 19:38:30 | 000,002,466 | ---- | M] () -- C:\Users\Matt\Desktop\Planetside.lnk

========== Files Created - No Company Name ==========

[2012/07/24 16:26:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/24 16:26:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/24 16:26:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/24 16:26:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/24 16:26:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/24 03:33:18 | 696,701,777 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/24 03:30:09 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/07/23 06:07:16 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012/07/21 17:53:31 | 000,791,188 | ---- | C] () -- C:\Users\Matt\Desktop\meandkitty.png
[2012/07/21 14:47:48 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio-Recorder.lnk
[2012/07/19 20:51:44 | 000,002,132 | ---- | C] () -- C:\Users\Matt\Desktop\Amnesia.lnk
[2012/07/17 22:07:51 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/07/12 03:47:12 | 002,508,249 | ---- | C] () -- C:\Users\Matt\Desktop\777.png
[2012/07/12 02:21:03 | 001,952,352 | ---- | C] () -- C:\Users\Matt\Desktop\newcity.png
[2012/07/11 05:42:37 | 000,046,981 | ---- | C] () -- C:\Users\Matt\Desktop\PID_2120875_SantigoldWale_ZolaDream_970x250_RM_Img.gif
[2012/07/10 05:57:55 | 000,001,635 | ---- | C] () -- C:\Users\Matt\Desktop\Sim City 4 - Deluxe Edition.lnk
[2012/07/10 05:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012/07/05 22:37:20 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/04 15:38:13 | 000,069,817 | ---- | C] () -- C:\Users\Matt\Desktop\tumblr_m5gyrzHe1z1rp42ouo1_500.jpg
[2012/06/29 19:23:24 | 000,002,494 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Planetside.lnk
[2012/06/29 19:23:24 | 000,002,466 | ---- | C] () -- C:\Users\Matt\Desktop\Planetside.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/08 22:04:12 | 000,000,906 | ---- | C] () -- C:\Windows\DC.ini
[2012/05/02 22:17:10 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/05/02 22:17:10 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/05/02 22:17:10 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/01/27 22:27:48 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 23:00:48 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/12/31 23:11:00 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/30 14:16:01 | 000,012,800 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 08:06:15 | 000,000,000 | ---- | C] () -- C:\Windows\BlueFoxStudio_Video.INI
[2011/10/14 22:02:18 | 000,000,252 | ---- | C] () -- C:\Windows\checkip.dat

========== LOP Check ==========

[2012/07/22 17:56:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2012/07/22 05:16:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2012/03/30 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Avnex
[2012/02/05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2011/11/06 03:10:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Bioshock
[2012/07/23 03:59:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2012/06/13 23:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2012/04/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2011/12/01 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/06 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/03/06 04:33:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2011/11/30 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2012/05/20 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2011/10/27 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 02:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/06/25 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2011/12/15 23:12:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2012/07/15 22:12:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 07:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG
[2009/07/14 01:08:49 | 000,025,674 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\Services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.EXE.VIR >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:359B3BDA

< End of report >
  • 0

#6
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Hi wickkidda,
You never answered my question about an anti-virus, did you have one installed?
It looks to me like you did not, and you certainly are going to need one if you want to stay un-infected.

Don't worry about the OTL fix log, I know where it lives if I need to see it.

You had a sirefef AKA ZeroAccess infection, and we killed off the active part of it, but I should have issued this warning earlier --
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and was killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the rest of the cleanup, please proceed with the following steps.

If you want to continue, lets sweep for any remnants.

Step 1

Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.Step 1

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 3
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:
  • Answer to my question about anti-virus
  • MalwareBytes log
  • ESET scan log
  • Everything still running ok?

  • 0

#7
wickkidda

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
i normally have just MBAM and i ran it before i contacted you and it found one thing and i deleted it, everything seems to be ok, here are the logs you wanted




Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.14

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Matt :: MATT-PC [administrator]

7/26/2012 4:24:26 PM
mbam-log-2012-07-26 (16-24-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209779
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)








ESET log:

C:\Program Files (x86)\Resident Evil 5\Trainer1.exe a variant of Win32/GameHack.F application cleaned by deleting - quarantined
C:\Program Files (x86)\Resident Evil 5\Teknogods\teknohelper.exe Win32/Packed.Autoit.C.Gen application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined
C:\_OTL\MovedFiles\07242012_162006\C_Users\Matt\AppData\Local\{dbb020f5-8197-ae82-a58d-bff347b419b5}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\07242012_162006\C_Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected] Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\07242012_162006\C_Windows\Installer\{dbb020f5-8197-ae82-a58d-bff347b419b5}\U\[email protected] a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined








Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 6 Update 31
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#8
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Hi there,

Do you realize that you don't have an Anti-Virus on this machine?
Also, do you have the UAC (User Account Control) turned off on purpose?
It's pretty insecure to have this turned off, here's how to fix that:
Click the Start Orb
In the search box type in UAC and press enter
The User Account Control Settings window will open
Please select the default setting, which is the second notch from the top on the slider bar. Default - Notify me only when programs try to make changes to my computer
Posted Image

Your Windows install is behind one service pack, without the latest SP you might not be able to download security updates, and without them you are open to the newest infections.
You can install Windows 7 SP1 here You will want the 64-bit version.

There are several AV's that are light on your resources that I recommend, but remember that you only need one installed. All 3 are free :)
Microsoft Security Essentials
I use MSE myself, it's very easy to install and I barely notice it when it scans once a week.
  • Install MSE. Do NOT use any site other than Microsoft to get the download. Using Internet Explorer (or Firefox), go to the MSE Download page and click the Free Download button. If you are Windows 7/Vista 64-bit, you may want to avoid any issues and click on "More languages and versions" and select the 64-bit download for Windows 7/Vista. Take the default answers, including the question about turning ON the firewall.
  • After the installation, MSE will want to update the definition files, and run a quick scan. This will not take long (except for dial-up), and needs to be done. If a virus is detected during the scan, let MSE take the default actions to correct it.
  • At this point, you are running MSE. There may be some background activity, but this should not interfere with your normal use of the PC. Just let it occur, and it will not take long.

These are also free and very light on your computers resources, both are highly rated.
Avast!
Download the Installer from the link above
Save it to your desktop
Right click the installer file and select Run as Administrator

Avira
Download the Installer from the link above
Save it to your desktop
Right click the installer file and select Run as Administrator

Your Internet Explorer is out of date. Please download IE9 from here.
Even if you don't use it much, it's still a good idea to keep it up to date.

And last but not least, you should go to Start Orb, Control Panel, Uninstall a Program
Find Java 6 Update 31 in the list of programs and uninstall it.
  • 0

#9
wickkidda

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
alright i'll look into that stuff, thanks, what was the java thing?
  • 0

#10
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
It used to be that when you would install a new version of Java, the old one still remained unless you manually uninstalled it. The reason there was an update was usually a security issue. I believe that the newer versions starting with version 7 update 1 fixed this, and now the updater will remove the older version 7 installs. You still have a version 6 hanging around, and that was technically a security risk.

Let me know when you get thru that list l posted for you last time, and we can move on to the cleanup phase.
  • 0

Advertisements


#11
wickkidda

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
didnt we just do that? i thought you just wanted me to download some preventive measures, my problem is gone and we cleaned up more that i didnt know was there
  • 0

#12
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Sorry for not being clear, I meant to say I will clean up my tools, and give some recommendations.
I take it that there are no more problems with the computer?
  • 0

#13
wickkidda

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
yeah everythings good
  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,131 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go Start > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#15
wickkidda

wickkidda

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
thanks a lot
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP