Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows Firewall and MSE disabled; cannot open downloaded documents &#

Started by Lyanheart , Oct 25 2013 07:40 AM

This topic is locked

#16
Essexboy

Posted 27 October 2013 - 07:05 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

#17
Essexboy

Posted 29 October 2013 - 08:59 AM

GeekU Moderator

Retired Staff
69,964 posts

If you are able to run FRST from the desktop could you do that please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#18
Lyanheart

Posted 29 October 2013 - 09:22 AM

Member

Topic Starter
Member
136 posts

I have not done anything out of the ordinary since Friday when everything was working normally again.
This morning when I turned the PC on, it did go through some sort of file system check prior to loading Windows, with some messages about missing files.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Ryan2011 (administrator) on RYAN2011-PC on 29-10-2013 11:09:22
Running from C:\Users\Ryan2011\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

( ) C:\Windows\system32\dlbkcoms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] ()
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [975288 2012-07-02] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-02] ()
HKCU\...\Run: [Google Update] - C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-03] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [masqform.exe] - C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe [634880 2004-04-19] (PureEdge™ Solutions Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {DC718571-D9D1-419F-8C55-D9E6BD5837E5} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR StartMenuInternet: Google Chrome - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{7805e6ce-aece-7b86-307b-b3236983aa6d}\ \...\???\{7805e6ce-aece-7b86-307b-b3236983aa6d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-05-18] (CSR plc.)
S3 gtfilter; C:\Windows\System32\DRIVERS\gtfilter.sys [18272 2012-01-03] (Fructel AB)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 obcwvcnv; \??\C:\Windows\system32\drivers\obcwvcnv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-29 10:46 - 2013-10-29 10:46 - 00103726 _____ C:\Users\Ryan2011\Desktop\OTL.Txt
2013-10-29 10:33 - 2013-10-29 10:33 - 01956538 _____ (Farbar) C:\Users\Ryan2011\Desktop\FRST64.exe
2013-10-29 10:29 - 2013-10-29 10:29 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{70035FBF-2FFF-4790-BCC1-09B9A973E645}
2013-10-29 09:20 - 2013-10-29 09:20 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{E43BA0D7-9C37-4BB8-AB7E-9E6356FBB4E3}
2013-10-29 08:19 - 2013-10-29 08:19 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{21518BD9-95AB-4587-ADD1-A539A37707A6}
2013-10-29 07:33 - 2013-10-29 07:33 - 00003416 ____N C:\bootsqm.dat
2013-10-29 07:32 - 2013-10-29 07:32 - 00000000 __SHD C:\found.000
2013-10-28 07:55 - 2013-10-28 07:55 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{A632C584-4E20-4591-A754-BD3AF05AD03F}
2013-10-25 11:42 - 2013-10-25 11:42 - 00002622 _____ C:\Users\Ryan2011\Downloads\fixlist (1).txt
2013-10-25 11:19 - 2013-10-25 11:48 - 00000000 ____D C:\FRST
2013-10-25 08:09 - 2013-10-25 08:09 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9411EB70-C54A-4D24-97FA-4013FAF0A5E9}
2013-10-24 08:35 - 2013-10-24 08:35 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{48ED0B69-918B-4A24-B219-9D969439DA14}
2013-10-23 08:07 - 2013-10-23 08:07 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{776D7B9D-F2EF-4FA0-A85A-BBFACEFF31CB}
2013-10-22 09:04 - 2013-10-22 09:04 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{7D91A4B3-C081-438C-A17E-E9F6CE3C6BC0}
2013-10-22 07:53 - 2013-10-22 07:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8A4170E7-DDAD-4110-ADB9-8D4F1ECD8C10}
2013-10-21 08:08 - 2013-10-21 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B247023F-1F5B-404B-88D3-CC2A13DCEB28}
2013-10-18 08:12 - 2013-10-18 08:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{67049BD3-394C-4273-8F0D-954C024EE967}
2013-10-17 08:14 - 2013-10-17 08:14 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B43FDC01-92ED-498D-A267-534587106C64}
2013-10-16 07:44 - 2013-10-16 07:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1763E048-7EAB-4789-BFEA-0A3C7A4526FC}
2013-10-15 14:16 - 2013-10-15 14:18 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Talisman
2013-10-15 08:17 - 2013-10-15 08:17 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{37698AC1-3AE3-411B-8F58-790F5544C6CC}
2013-10-14 15:32 - 2013-10-14 15:33 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
2013-10-14 15:24 - 2013-10-14 15:24 - 00000222 _____ C:\Users\Ryan2011\Desktop\Talisman Prologue.url
2013-10-14 15:24 - 2013-10-14 15:24 - 00000222 _____ C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
2013-10-14 08:47 - 2013-10-14 08:47 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{451F9B64-E93A-494C-88D3-DFEF58A882B3}
2013-10-11 07:54 - 2013-10-11 07:54 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{344DE070-DFD8-4427-A447-801DD75783F2}
2013-10-10 07:58 - 2013-10-10 07:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F8E30222-0D71-48D5-BA44-A15DBC63B5FF}
2013-10-09 12:14 - 2013-09-22 11:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 12:14 - 2013-09-22 11:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 12:14 - 2013-09-22 10:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 12:14 - 2013-09-22 10:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 12:14 - 2013-09-22 10:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-09 12:14 - 2013-09-22 10:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 12:14 - 2013-09-22 10:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-09 12:14 - 2013-09-22 10:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 12:14 - 2013-09-22 10:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-09 12:14 - 2013-09-22 10:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 12:14 - 2013-09-22 10:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-09 12:14 - 2013-09-22 10:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 12:14 - 2013-09-22 10:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 12:14 - 2013-09-22 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-09 12:14 - 2013-09-22 10:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 12:14 - 2013-09-22 10:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 12:14 - 2013-09-22 06:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 12:14 - 2013-09-22 06:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 12:14 - 2013-09-22 06:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 12:14 - 2013-09-22 06:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 12:14 - 2013-09-22 06:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 12:14 - 2013-09-22 06:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 12:14 - 2013-09-22 06:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 12:14 - 2013-09-22 06:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 12:14 - 2013-09-22 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 12:14 - 2013-09-22 06:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 12:14 - 2013-09-22 06:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-09 12:14 - 2013-09-22 06:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 12:14 - 2013-09-22 06:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 12:14 - 2013-09-22 06:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 12:14 - 2013-09-22 06:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 12:14 - 2013-09-22 05:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 08:26 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 08:26 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 08:26 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 08:26 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 08:26 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 08:26 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 08:26 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 08:26 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 08:26 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 08:26 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 08:26 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 08:26 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 08:26 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 08:26 - 2013-08-28 21:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-10-09 08:26 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 08:26 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 08:26 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 08:26 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 08:26 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 08:26 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 08:26 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 08:26 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 08:26 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 08:26 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 08:26 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 08:26 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 08:26 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 08:26 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 08:26 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 08:26 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 08:26 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 08:26 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 08:26 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 08:26 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 08:26 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 08:26 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 08:26 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 08:25 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 08:25 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 08:25 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 08:25 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 08:25 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 08:25 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 08:25 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 08:25 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 08:25 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 08:25 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:25 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:18 - 2013-10-09 08:19 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{61DD99E9-810F-4CA2-A374-B1868524250D}
2013-10-08 08:21 - 2013-10-08 08:21 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F3E1D4A1-0DE8-4B66-A8EE-66F41773E848}
2013-10-07 09:56 - 2013-10-07 09:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{7FF28745-3B68-4E77-B8A6-52C4D53F68BE}
2013-10-07 09:32 - 2013-10-07 09:34 - 66628672 _____ C:\Users\Ryan2011\Downloads\teen sex tape.mp4
2013-10-07 09:29 - 2013-10-07 09:30 - 40951236 _____ C:\Users\Ryan2011\Downloads\bbw Kiki outdoor play.mp4
2013-10-05 08:57 - 2013-10-05 08:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{6682020F-BBC8-4FDD-BDF2-2BCB30EF46F1}
2013-10-04 08:20 - 2013-10-04 08:20 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{5732EFDB-5A5F-4106-B3B4-D7A987BA5953}
2013-10-03 08:06 - 2013-10-03 08:06 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D4B5F46C-4939-4AED-9DB9-0DA209573686}
2013-10-02 07:49 - 2013-10-02 07:49 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{3D80E2BC-C8FF-4CC3-A6E6-956BDA9765DC}
2013-10-01 10:22 - 2013-10-01 10:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{AF1E2AF0-7EC1-4E5A-A964-A3B48655E54A}
2013-10-01 08:28 - 2013-10-01 08:28 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B1FAA50A-B7C9-4BC8-86E1-68B7A12C93F4}
2013-09-30 09:12 - 2013-09-30 09:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D20B1556-CCF4-4ABD-808E-60C7E1D9594D}

==================== One Month Modified Files and Folders =======

2013-10-29 11:04 - 2011-05-03 15:10 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
2013-10-29 10:47 - 2012-03-30 07:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 10:46 - 2013-10-29 10:46 - 00103726 _____ C:\Users\Ryan2011\Desktop\OTL.Txt
2013-10-29 10:33 - 2013-10-29 10:33 - 01956538 _____ (Farbar) C:\Users\Ryan2011\Desktop\FRST64.exe
2013-10-29 10:29 - 2013-10-29 10:29 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{70035FBF-2FFF-4790-BCC1-09B9A973E645}
2013-10-29 10:10 - 2013-04-10 11:45 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 09:20 - 2013-10-29 09:20 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{E43BA0D7-9C37-4BB8-AB7E-9E6356FBB4E3}
2013-10-29 08:44 - 2011-01-31 17:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2EFC854-A19B-421C-8245-B34FDE8E3A62}
2013-10-29 08:19 - 2013-10-29 08:19 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{21518BD9-95AB-4587-ADD1-A539A37707A6}
2013-10-29 08:10 - 2013-04-10 11:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 08:03 - 2011-05-03 15:10 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
2013-10-29 07:51 - 2012-07-12 10:32 - 01771078 _____ C:\Windows\WindowsUpdate.log
2013-10-29 07:41 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 07:41 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 07:35 - 2012-02-23 13:50 - 00000000 ___RD C:\Users\Ryan2011\Dropbox
2013-10-29 07:35 - 2012-02-23 13:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Dropbox
2013-10-29 07:34 - 2013-04-10 11:46 - 00000000 ___RD C:\Users\Ryan2011\Google Drive
2013-10-29 07:34 - 2012-07-12 10:29 - 00027948 _____ C:\Windows\setupact.log
2013-10-29 07:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 07:33 - 2013-10-29 07:33 - 00003416 ____N C:\bootsqm.dat
2013-10-29 07:32 - 2013-10-29 07:32 - 00000000 __SHD C:\found.000
2013-10-28 07:55 - 2013-10-28 07:55 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{A632C584-4E20-4591-A754-BD3AF05AD03F}
2013-10-25 11:48 - 2013-10-25 11:19 - 00000000 ____D C:\FRST
2013-10-25 11:47 - 2012-07-12 10:29 - 00231902 _____ C:\Windows\PFRO.log
2013-10-25 11:42 - 2013-10-25 11:42 - 00002622 _____ C:\Users\Ryan2011\Downloads\fixlist (1).txt
2013-10-25 08:44 - 2013-04-10 11:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-25 08:44 - 2011-05-03 15:10 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\Google
2013-10-25 08:09 - 2013-10-25 08:09 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9411EB70-C54A-4D24-97FA-4013FAF0A5E9}
2013-10-24 11:21 - 2011-02-02 12:18 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\CutePDF Writer
2013-10-24 08:35 - 2013-10-24 08:35 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{48ED0B69-918B-4A24-B219-9D969439DA14}
2013-10-23 08:07 - 2013-10-23 08:07 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{776D7B9D-F2EF-4FA0-A85A-BBFACEFF31CB}
2013-10-22 16:50 - 2012-08-03 15:03 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\vlc
2013-10-22 09:04 - 2013-10-22 09:04 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{7D91A4B3-C081-438C-A17E-E9F6CE3C6BC0}
2013-10-22 07:53 - 2013-10-22 07:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8A4170E7-DDAD-4110-ADB9-8D4F1ECD8C10}
2013-10-21 12:35 - 2011-04-25 09:55 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-21 08:08 - 2013-10-21 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B247023F-1F5B-404B-88D3-CC2A13DCEB28}
2013-10-18 08:12 - 2013-10-18 08:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{67049BD3-394C-4273-8F0D-954C024EE967}
2013-10-18 08:07 - 2011-05-03 15:11 - 00002390 _____ C:\Users\Ryan2011\Desktop\Google Chrome.lnk
2013-10-18 08:05 - 2013-04-10 11:45 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-18 08:05 - 2013-04-10 11:45 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-17 08:14 - 2013-10-17 08:14 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B43FDC01-92ED-498D-A267-534587106C64}
2013-10-16 07:44 - 2013-10-16 07:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1763E048-7EAB-4789-BFEA-0A3C7A4526FC}
2013-10-15 16:55 - 2013-08-20 08:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-15 16:55 - 2013-08-20 08:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-15 16:55 - 2011-02-21 09:19 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-15 14:18 - 2013-10-15 14:16 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Talisman
2013-10-15 08:17 - 2013-10-15 08:17 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{37698AC1-3AE3-411B-8F58-790F5544C6CC}
2013-10-15 07:59 - 2011-05-03 15:10 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA
2013-10-15 07:59 - 2011-05-03 15:10 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core
2013-10-14 15:33 - 2013-10-14 15:32 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
2013-10-14 15:24 - 2013-10-14 15:24 - 00000222 _____ C:\Users\Ryan2011\Desktop\Talisman Prologue.url
2013-10-14 15:24 - 2013-10-14 15:24 - 00000222 _____ C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
2013-10-14 08:47 - 2013-10-14 08:47 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{451F9B64-E93A-494C-88D3-DFEF58A882B3}
2013-10-11 16:27 - 2013-05-02 09:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Hoyle Casino
2013-10-11 12:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 07:54 - 2013-10-11 07:54 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{344DE070-DFD8-4427-A447-801DD75783F2}
2013-10-10 07:59 - 2013-10-10 07:58 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F8E30222-0D71-48D5-BA44-A15DBC63B5FF}
2013-10-10 07:43 - 2009-07-14 01:13 - 00783394 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 07:33 - 2009-07-14 00:45 - 00296152 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 12:17 - 2009-07-13 22:34 - 00000566 _____ C:\Windows\win.ini
2013-10-09 12:15 - 2013-03-14 16:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 12:15 - 2013-03-14 16:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 12:13 - 2011-01-31 17:37 - 00777118 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 12:07 - 2013-08-14 12:02 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 12:06 - 2011-02-01 15:42 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 11:47 - 2012-03-30 07:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 11:47 - 2012-03-30 07:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 11:47 - 2011-05-18 07:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 08:19 - 2013-10-09 08:18 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{61DD99E9-810F-4CA2-A374-B1868524250D}
2013-10-08 08:21 - 2013-10-08 08:21 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F3E1D4A1-0DE8-4B66-A8EE-66F41773E848}
2013-10-07 09:57 - 2013-10-07 09:56 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{7FF28745-3B68-4E77-B8A6-52C4D53F68BE}
2013-10-07 09:34 - 2013-10-07 09:32 - 66628672 _____ C:\Users\Ryan2011\Downloads\teen sex tape.mp4
2013-10-07 09:30 - 2013-10-07 09:29 - 40951236 _____ C:\Users\Ryan2011\Downloads\bbw Kiki outdoor play.mp4
2013-10-05 08:57 - 2013-10-05 08:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{6682020F-BBC8-4FDD-BDF2-2BCB30EF46F1}
2013-10-04 08:20 - 2013-10-04 08:20 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{5732EFDB-5A5F-4106-B3B4-D7A987BA5953}
2013-10-03 08:06 - 2013-10-03 08:06 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D4B5F46C-4939-4AED-9DB9-0DA209573686}
2013-10-02 07:49 - 2013-10-02 07:49 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{3D80E2BC-C8FF-4CC3-A6E6-956BDA9765DC}
2013-10-01 10:22 - 2013-10-01 10:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{AF1E2AF0-7EC1-4E5A-A964-A3B48655E54A}
2013-10-01 08:28 - 2013-10-01 08:28 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B1FAA50A-B7C9-4BC8-86E1-68B7A12C93F4}
2013-09-30 09:12 - 2013-09-30 09:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D20B1556-CCF4-4ABD-808E-60C7E1D9594D}

Files to move or delete:
====================
ZeroAccess:
C:\Users\Ryan2011\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2013-10-22 10:32

==================== End Of Log ============================

#19
Essexboy

Posted 29 October 2013 - 09:35 AM

GeekU Moderator

Retired Staff
69,964 posts

I would be tempted to change the antivirus solution you are currently using

Download the attached fixlist.txt to the same location as FRST (desktop)

Run FRST and press Fix
On completion if not requested then reboot

NEXT

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

[img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#20
Lyanheart

Posted 29 October 2013 - 10:53 AM

Member

Topic Starter
Member
136 posts

Yes, MSE has not been doing to well this week.

After running the FRST fix and reboot, MSE came back online and I was able to download/open files again.
I looked at MSE history and it shows a sirefef!cfg infection from yesterday in its quarentine list.

Then ran combofix

ComboFix 13-10-29.02 - Ryan2011 10/29/2013 12:29:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2714 [GMT -4:00]
Running from: c:\users\Ryan2011\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\_ctypes.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\_elementtree.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\_hashlib.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\_multiprocessing.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\_socket.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\_ssl.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\msvcp100.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\msvcr100.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\pyexpat.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\pysqlite2._sqlite.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\python27.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\pythoncom27.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\PyWinTypes27.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\select.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\unicodedata.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32api.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32com.shell.shell.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32crypt.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32event.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32file.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32inet.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32pdh.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32process.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32profile.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32security.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\win32ts.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\windows._cacheinvalidation.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wx._controls_.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wx._core_.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wx._gdi_.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wx._html2.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wx._misc_.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wx._windows_.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wx._wizard.pyd
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wxbase294u_net_vc90.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wxbase294u_vc90.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wxmsw294u_adv_vc90.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wxmsw294u_core_vc90.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wxmsw294u_html_vc90.dll
c:\users\Ryan2011\AppData\Local\Temp\_MEI28882\wxmsw294u_webview_vc90.dll
c:\users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-29 )))))))))))))))))))))))))))))))
.
.
2013-10-29 16:33 . 2013-10-29 16:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-29 16:33 . 2013-10-29 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-29 16:08 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29681254-2F33-4D56-965E-2CE7C0EB858E}\mpengine.dll
2013-10-29 11:32 . 2013-10-29 11:32 -------- d-----w- C:\found.000
2013-10-25 15:19 . 2013-10-29 15:53 -------- d-----w- C:\FRST
2013-10-24 12:06 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-21 12:17 . 2013-10-21 12:16 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58275DB7-5BDE-4261-A141-D6E731812E92}\gapaengine.dll
2013-10-18 12:24 . 2013-10-18 12:24 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-15 18:16 . 2013-10-15 18:18 -------- d-----w- c:\users\Ryan2011\AppData\Roaming\Talisman
2013-10-14 19:32 . 2013-10-14 19:33 -------- d-----w- c:\users\Ryan2011\AppData\Roaming\Talisman Prologue
2013-10-09 12:26 . 2013-08-29 01:29 33280 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-10-09 12:25 . 2013-08-29 02:16 243712 ----a-w- c:\windows\system32\wow64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 16:06 . 2011-02-01 19:42 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 15:47 . 2012-03-30 11:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 15:47 . 2011-05-18 11:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-06 12:03 . 2013-08-22 11:52 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-29 01:48 . 2013-10-09 12:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-11 12:02 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-11 12:02 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 12:02 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 12:02 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 12:02 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 12:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 12:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 12:02 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 12:02 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 12:02 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 12:02 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 12:02 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 12:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 12:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 12:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-02 975288]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-02 21432]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"masqform.exe"="c:\program files (x86)\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 634880]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-02 3524536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-7 113664]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gtfilter;Gametel Filter Driver;c:\windows\system32\DRIVERS\gtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\gtfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe;c:\windows\SYSNATIVE\dlbkcoms.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:47]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 15:45]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 15:45]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
- c:\users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 19:10]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
- c:\users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03 19:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun
Notify-GoToAssist - (no file)
Notify-igfxcui - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,6f,d7,79,c2,a1,f4,24,bd,f8,09,3b,2c,21,a3,7e,39,10,f1,09,69,45,25,
21,e0,23,8a,75,74,70,24,a6,d6,fd,eb,67,e0,3a,c6,46,58,65,49,72,ab,f8,37,e7,\
"??"=hex:83,85,8f,72,36,56,9f,f2,e0,16,65,d1,f8,ef,b2,a6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2013-10-29 12:41:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-29 16:41
.
Pre-Run: 394,118,524,928 bytes free
Post-Run: 397,306,810,368 bytes free
.
- - End Of File - - D2931029E049E357E192FCE14F05CDD0
CDB4DE4BBD714F152979DA2DCBEF57EB

#21
Essexboy

Posted 29 October 2013 - 12:00 PM

GeekU Moderator

Retired Staff
69,964 posts

I looked at MSE history and it shows a sirefef!cfg infection from yesterday in its quarentine list.

It did not appear to stop it before it had infected the system alas ..

A check now with OTL to see if anything is left over

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Select LOP and Purity
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Attach both logs

#22
Lyanheart

Posted 29 October 2013 - 12:47 PM

Member

Topic Starter
Member
136 posts

attached OTL report, I did not get an extras.txt file

OTL logfile created on: 10/29/2013 2:38:19 PM - Run 8
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 52.09% Memory free
7.93 Gb Paging File | 5.97 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 369.80 Gb Free Space | 81.51% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/27 14:36:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
PRC - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/29 12:36:42 | 000,115,137 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2013/10/29 12:36:35 | 000,805,888 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\wx._gdi_.pyd
MOD - [2013/10/29 12:36:35 | 000,557,056 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\pysqlite2._sqlite.pyd
MOD - [2013/10/29 12:36:35 | 000,320,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32com.shell.shell.pyd
MOD - [2013/10/29 12:36:35 | 000,128,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\_elementtree.pyd
MOD - [2013/10/29 12:36:35 | 000,098,816 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32api.pyd
MOD - [2013/10/29 12:36:35 | 000,070,656 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\wx._html2.pyd
MOD - [2013/10/29 12:36:35 | 000,044,032 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\_socket.pyd
MOD - [2013/10/29 12:36:35 | 000,026,624 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\_multiprocessing.pyd
MOD - [2013/10/29 12:36:35 | 000,022,528 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32ts.pyd
MOD - [2013/10/29 12:36:35 | 000,011,264 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32crypt.pyd
MOD - [2013/10/29 12:36:33 | 000,504,832 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\windows._cacheinvalidation.pyd
MOD - [2013/10/29 12:36:29 | 000,017,408 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32profile.pyd
MOD - [2013/10/29 12:36:27 | 000,087,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\_ctypes.pyd
MOD - [2013/10/29 12:36:25 | 000,364,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\pythoncom27.dll
MOD - [2013/10/29 12:36:19 | 000,735,232 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\wx._misc_.pyd
MOD - [2013/10/29 12:36:15 | 000,110,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\PyWinTypes27.dll
MOD - [2013/10/29 12:36:13 | 000,108,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32security.pyd
MOD - [2013/10/29 12:36:11 | 001,175,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\wx._core_.pyd
MOD - [2013/10/29 12:36:05 | 001,153,024 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\_ssl.pyd
MOD - [2013/10/29 12:36:01 | 000,811,008 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\wx._windows_.pyd
MOD - [2013/10/29 12:36:01 | 000,711,680 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\_hashlib.pyd
MOD - [2013/10/29 12:36:01 | 000,035,840 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32process.pyd
MOD - [2013/10/29 12:36:01 | 000,025,600 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32pdh.pyd
MOD - [2013/10/29 12:36:00 | 001,062,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\wx._controls_.pyd
MOD - [2013/10/29 12:36:00 | 000,686,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\unicodedata.pyd
MOD - [2013/10/29 12:36:00 | 000,127,488 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\pyexpat.pyd
MOD - [2013/10/29 12:36:00 | 000,122,368 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\wx._wizard.pyd
MOD - [2013/10/29 12:36:00 | 000,119,808 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32file.pyd
MOD - [2013/10/29 12:36:00 | 000,038,912 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32inet.pyd
MOD - [2013/10/29 12:36:00 | 000,018,432 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\win32event.pyd
MOD - [2013/10/29 12:36:00 | 000,010,240 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29842\select.pyd
MOD - [2013/10/10 11:57:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ea3406b1357f932b76236c4ea85b0747\System.Runtime.Remoting.ni.dll
MOD - [2013/10/10 07:39:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 07:39:04 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 07:38:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/09 12:12:34 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll
MOD - [2013/10/09 12:12:33 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6a71efa7248119b0875d6cd2dd1e204c\System.Windows.Forms.ni.dll
MOD - [2013/10/09 12:12:23 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll
MOD - [2013/10/09 12:12:22 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll
MOD - [2013/10/09 12:12:18 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll
MOD - [2013/10/09 12:12:14 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll
MOD - [2013/09/11 08:06:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 12:07:12 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d1cb852474c9f322e257a30f643bca56\System.Management.ni.dll
MOD - [2013/08/15 12:05:47 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/08/15 12:05:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/08/15 12:02:55 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
MOD - [2013/08/15 07:42:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 07:42:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 07:42:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 12:08:40 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8cfa98586dc8b987a8236ea591b567b5\PresentationFramework.Aero.ni.dll
MOD - [2013/08/14 12:08:35 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2154273cb2d7a8b1a47d672b6d0808bf\System.Drawing.ni.dll
MOD - [2013/08/14 12:08:32 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/14 12:08:27 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/30 08:15:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/29 17:10:08 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2013/10/09 11:47:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 13:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/10 04:03:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/28 21:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/04 03:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 03:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 10:17:50 | 000,018,272 | ---- | M] (Fructel AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtfilter.sys -- (gtfilter)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:46:02 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 01:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 01:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 01:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/10/29 12:35:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: Remoteaccess - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/29 12:35:58 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/10/29 11:54:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/29 11:54:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/29 11:54:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/29 11:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/29 11:54:08 | 005,137,551 | R--- | C] (Swearware) -- C:\Users\Ryan2011\Desktop\ComboFix.exe
[2013/10/29 10:33:22 | 001,956,538 | ---- | C] (Farbar) -- C:\Users\Ryan2011\Desktop\FRST64.exe
[2013/10/29 10:29:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{70035FBF-2FFF-4790-BCC1-09B9A973E645}
[2013/10/29 09:20:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{E43BA0D7-9C37-4BB8-AB7E-9E6356FBB4E3}
[2013/10/29 08:19:48 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{21518BD9-95AB-4587-ADD1-A539A37707A6}
[2013/10/29 07:32:42 | 000,000,000 | ---D | C] -- C:\found.000
[2013/10/28 07:55:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{A632C584-4E20-4591-A754-BD3AF05AD03F}
[2013/10/25 11:19:17 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/25 08:09:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{9411EB70-C54A-4D24-97FA-4013FAF0A5E9}
[2013/10/24 08:35:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{48ED0B69-918B-4A24-B219-9D969439DA14}
[2013/10/23 08:07:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{776D7B9D-F2EF-4FA0-A85A-BBFACEFF31CB}
[2013/10/22 09:04:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7D91A4B3-C081-438C-A17E-E9F6CE3C6BC0}
[2013/10/22 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8A4170E7-DDAD-4110-ADB9-8D4F1ECD8C10}
[2013/10/21 08:08:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B247023F-1F5B-404B-88D3-CC2A13DCEB28}
[2013/10/18 08:12:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{67049BD3-394C-4273-8F0D-954C024EE967}
[2013/10/17 08:14:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B43FDC01-92ED-498D-A267-534587106C64}
[2013/10/16 07:44:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1763E048-7EAB-4789-BFEA-0A3C7A4526FC}
[2013/10/15 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Talisman
[2013/10/15 08:17:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{37698AC1-3AE3-411B-8F58-790F5544C6CC}
[2013/10/14 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
[2013/10/14 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{451F9B64-E93A-494C-88D3-DFEF58A882B3}
[2013/10/11 07:54:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{344DE070-DFD8-4427-A447-801DD75783F2}
[2013/10/10 07:58:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{F8E30222-0D71-48D5-BA44-A15DBC63B5FF}
[2013/10/09 12:14:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/09 12:14:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/09 12:14:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/09 12:14:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/09 12:14:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/09 12:14:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/09 12:14:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/09 12:14:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/09 12:14:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/09 12:14:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/09 12:14:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/09 12:14:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/09 12:14:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/09 12:14:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/09 12:14:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/09 08:26:10 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 08:26:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbser.sys
[2013/10/09 08:26:09 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 08:26:09 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 08:26:09 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 08:26:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 08:26:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 08:26:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 08:26:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 08:26:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 08:26:07 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 08:26:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 08:26:07 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 08:26:02 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 08:26:01 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 08:26:01 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 08:26:01 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 08:26:01 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 08:26:00 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 08:26:00 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 08:25:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 08:25:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 08:25:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 08:25:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 08:25:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 08:25:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 08:25:51 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 08:25:51 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 08:25:51 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 08:25:50 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/09 08:25:50 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/09 08:18:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{61DD99E9-810F-4CA2-A374-B1868524250D}
[2013/10/08 08:21:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{F3E1D4A1-0DE8-4B66-A8EE-66F41773E848}
[2013/10/07 09:56:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7FF28745-3B68-4E77-B8A6-52C4D53F68BE}
[2013/10/05 08:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{6682020F-BBC8-4FDD-BDF2-2BCB30EF46F1}
[2013/10/04 08:20:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{5732EFDB-5A5F-4106-B3B4-D7A987BA5953}
[2013/10/03 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D4B5F46C-4939-4AED-9DB9-0DA209573686}
[2013/10/02 07:49:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{3D80E2BC-C8FF-4CC3-A6E6-956BDA9765DC}
[2013/10/01 10:22:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AF1E2AF0-7EC1-4E5A-A964-A3B48655E54A}
[2013/10/01 08:28:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B1FAA50A-B7C9-4BC8-86E1-68B7A12C93F4}
[2013/09/30 09:12:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D20B1556-CCF4-4ABD-808E-60C7E1D9594D}

========== Files - Modified Within 30 Days ==========

[2013/10/29 14:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 14:04:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2013/10/29 13:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 12:43:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 12:43:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 12:35:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/29 12:35:42 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 12:35:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/29 12:35:28 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 11:54:09 | 005,137,551 | R--- | M] (Swearware) -- C:\Users\Ryan2011\Desktop\ComboFix.exe
[2013/10/29 10:33:26 | 001,956,538 | ---- | M] (Farbar) -- C:\Users\Ryan2011\Desktop\FRST64.exe
[2013/10/29 08:03:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2013/10/29 07:33:49 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2013/10/18 08:07:57 | 000,002,390 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2013/10/15 16:55:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/14 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Talisman Prologue.url
[2013/10/14 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
[2013/10/10 07:43:25 | 000,783,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/10 07:43:25 | 000,663,238 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/10 07:43:25 | 000,122,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/10 07:33:44 | 000,296,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 12:13:16 | 000,777,118 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 11:47:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 11:47:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/10/29 11:54:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/29 11:54:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/29 11:54:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/29 11:54:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/29 11:54:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/29 07:33:49 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2013/10/14 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Talisman Prologue.url
[2013/10/14 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
[2013/05/22 12:32:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/05/22 12:32:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/02/04 11:20:38 | 000,119,951 | ---- | C] () -- C:\Users\Ryan2011\2377WilliamPenn.jpg
[2013/02/04 11:16:32 | 014,954,926 | ---- | C] () -- C:\Users\Ryan2011\house ad.psd
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip

========== LOP Check ==========

[2012/07/20 16:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Amazon
[2013/02/06 10:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Celeris
[2013/03/06 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\com.amazon.music.uploader
[2013/10/29 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2013/10/11 16:27:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle Casino
[2013/05/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle FaceCreator
[2012/07/24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Mp3tag
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2012/07/17 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Samsung
[2013/07/30 12:19:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\SketchUp
[2013/10/15 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Talisman
[2013/10/14 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2012/08/23 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\WinFellow
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2013/07/13 09:44:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< BASESERVICES >

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is EA35-C9E7
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011
01/31/2011 01:32 PM <JUNCTION> Application Data [C:\Users\Ryan2011\AppData\Roaming]
01/31/2011 01:32 PM <JUNCTION> Cookies [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Cookies]
01/31/2011 01:32 PM <JUNCTION> Local Settings [C:\Users\Ryan2011\AppData\Local]
01/31/2011 01:32 PM <JUNCTION> My Documents [C:\Users\Ryan2011\Documents]
01/31/2011 01:32 PM <JUNCTION> NetHood [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/31/2011 01:32 PM <JUNCTION> PrintHood [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/31/2011 01:32 PM <JUNCTION> Recent [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Recent]
01/31/2011 01:32 PM <JUNCTION> SendTo [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\SendTo]
01/31/2011 01:32 PM <JUNCTION> Start Menu [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu]
01/31/2011 01:32 PM <JUNCTION> Templates [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011\AppData\Local
01/31/2011 01:32 PM <JUNCTION> Application Data [C:\Users\Ryan2011\AppData\Local]
01/31/2011 01:32 PM <JUNCTION> History [C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\History]
01/31/2011 01:32 PM <JUNCTION> Temporary Internet Files [C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011\Documents
01/31/2011 01:32 PM <JUNCTION> My Music [C:\Users\Ryan2011\Music]
01/31/2011 01:32 PM <JUNCTION> My Pictures [C:\Users\Ryan2011\Pictures]
01/31/2011 01:32 PM <JUNCTION> My Videos [C:\Users\Ryan2011\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 397,051,662,336 bytes free

< End of report >

Attached Files

OTL.Txt 114.49KB 119 downloads

#23
Essexboy

Posted 29 October 2013 - 12:51 PM

GeekU Moderator

Retired Staff
69,964 posts

Do you use googledrivesync as that may be holding the infection, then when it synchs the virus returns

Logs look good

#24
Lyanheart

Posted 29 October 2013 - 01:24 PM

Member

Topic Starter
Member
136 posts

No, I don't use google drive for anything. I do have dropbox but it only contains photos and documents from my mobile phone.
I will run malwarebytes over the next few days and keep an eye on the MSE log to see if it picks up anything else again.

#25
Essexboy

Posted 29 October 2013 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

It was just that I noticed google drive running on the system and that struck as a possible re-infection vector

O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

#26
Lyanheart

Posted 29 October 2013 - 02:15 PM

Member

Topic Starter
Member
136 posts

Oh, I wasn't aware that it was running. I think I might have one document I used to work with there.

#27
Essexboy

Posted 29 October 2013 - 02:23 PM

GeekU Moderator

Retired Staff
69,964 posts

OK so it is not a system backup then

Yes I would recommend monitor for a day or so and when you are happy let me know and I will tidy up

#28
Lyanheart

Posted 30 October 2013 - 06:32 AM

Member

Topic Starter
Member
136 posts

Everything seemed fine this morning; I could download and open documents normally. MSE however was mysteriously not present, although windows firewall is still on. Roughly 20 minutes later, without visiting any questionable websites or anything out of the ordinary, the same problem came back "this file contains a virus and was deleted"

I am running a scan in Malwarebytes at the moment. Attached MB log, found two problems which are the same two it found yesterday.
Also attached OTL and FRST logs from a scan this morning.

I will be out of my office this afternoon (eastern US time), so I will not be able to do much with it today.

Attached Files

MBAM-log-2013-10-30 (08-45-26).txt 2.27KB 129 downloads
OTL.Txt 104.2KB 129 downloads
FRST.txt 37.46KB 154 downloads

Edited by Lyanheart, 30 October 2013 - 07:13 AM.

#29
Essexboy

Posted 30 October 2013 - 07:49 AM

GeekU Moderator

Retired Staff
69,964 posts

Exactly the same.. I will need to look a lot deeper

First we will remove it again

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
Once done attach the fixlog to the next post

THEN

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
Select the cog to access scan areas
Posted Image

On the first tab select all elements down to OS C and then select start scan
Posted Image

Once it has finished select reports and post the detected threats
.

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button

Posted Image