I think it came in with Power2Go. I needed a CD burner to write a disk image. I got lazy during the install and in hind sight remember 'blind clicking' ACCEPT a few times. Bad me.
I have uninstalled Mixi.DJ, cleaned out IE and Chrome extensions, settings, home page etc. Not sure if it is really gone or what else it did. I read that it may log internet activity and password entry including financial sites.... is this true?
I am now running mbam to see what it finds.
Since this forum helped me with some of the work I had done so far, I thought I would post because the next steps in the forum involve a lot of malware removal tools and reading logs generated by them. Not my day job!
Any help would be appreciated.
OK, reread how to post here. Ran OTL. Will Post the log and log from MBAM that just finished!
Gotta Reboot now to finish MBAM removal of a file.
Thanks
Ian
OTL logfile created on: 21/03/2013 10:52:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.50 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 31.87% Memory free
7.00 Gb Paging File | 4.04 Gb Available in Paging File | 57.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 803.21 Gb Free Space | 86.24% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 3.61 Gb Free Space | 96.58% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 198.28 Gb Free Space | 42.57% Space Free | Partition Type: NTFS
Computer Name: MARSH | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/21 22:51:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/02/19 08:32:30 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/29 19:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 15:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/10/02 15:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/08/23 00:09:24 | 001,707,632 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Power2Go8\Power2GoExpress8.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/06/07 23:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/08/28 05:43:14 | 001,486,848 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2007/04/20 13:24:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxblcoms.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/10 20:22:06 | 000,459,728 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 20:22:05 | 012,662,224 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 20:22:04 | 004,050,896 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 20:21:18 | 000,596,944 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 20:21:18 | 000,124,368 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 20:21:16 | 001,552,848 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/14 21:41:49 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll
MOD - [2013/01/29 19:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
MOD - [2013/01/29 19:45:00 | 000,112,128 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
MOD - [2013/01/10 20:24:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\905d0fe3e43b186b139b93d8ed082208\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 22:24:00 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/09 22:23:54 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/09 22:23:51 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll
MOD - [2013/01/09 22:23:50 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/09 22:23:46 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012/08/27 23:18:11 | 000,176,656 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go8\CLVistaAudioMixer.dll
MOD - [2012/08/27 23:17:41 | 000,303,120 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go8\runtime\authoring\EditingMgrWrapperU.dll
MOD - [2012/08/27 23:17:27 | 001,694,736 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go8\runtime\authoring\AuroraU.dll
MOD - [2012/08/27 23:17:21 | 000,807,440 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go8\UNO.dll
MOD - [2012/08/01 06:47:06 | 001,319,024 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go8\Language\Enu\P2GRC.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 23:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/01 08:45:35 | 000,770,856 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go8\runtime\mediacache\MediaObj.dll
MOD - [2009/08/27 23:31:08 | 047,628,288 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009/05/07 04:53:18 | 000,106,496 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009/05/07 04:50:46 | 000,073,728 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008/02/14 01:57:00 | 000,094,208 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
========== Services (SafeList) ==========
SRV - [2013/03/16 19:04:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)
SRV - [2010/12/28 17:46:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/20 13:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxblcoms.exe -- (lxbl_device)
========== Driver Services (SafeList) ==========
DRV - [2013/03/21 21:52:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/01/16 21:12:08 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\VirusDefs\20130321.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 21:12:08 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\VirusDefs\20130321.017\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/15 22:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/10 22:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/28 15:14:58 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2012/08/31 20:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\IPSDefs\20130321.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/09 21:01:05 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 21:01:05 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/05 22:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 22:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 00:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ccsetx86.sys -- (ccSet_NAV)
DRV - [2012/05/21 21:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys -- (SymEFA)
DRV - [2012/04/17 22:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symnets.sys -- (SymNetS)
DRV - [2012/04/17 21:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ironx86.sys -- (SymIRON)
DRV - [2012/03/23 13:33:50 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/16 02:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys -- (SymDS)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/08/23 01:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/08/17 07:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/15 23:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {034429BA-9141-4B77-9C03-BAA7B87BA8B5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B E7 F1 E5 F2 45 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\IPSFFPlgn\ [2012/03/18 20:05:52 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.condui...2651000527&UM=2
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKCU..\Run: [Power2GoExpress8] C:\Program Files\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCA48D31-8950-4BD9-A04B-170CA61F0AF6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/21 21:50:52 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/03/21 21:50:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013/03/21 21:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/21 21:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/21 21:50:41 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/21 21:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/21 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013/03/21 20:32:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{946ABC37-5A20-4D69-97FC-C80DD405ECBA}
[2013/03/20 19:46:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6A9A7EE6-400B-4B4B-8BD9-FEB036DA6C4E}
[2013/03/19 19:38:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4DF8D8F2-A64D-4986-9864-F39D5ABAC36D}
[2013/03/18 13:40:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A71A2F8F-7F55-421C-8D83-D181E1619C78}
[2013/03/18 01:40:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9D1AB599-EFCC-4375-9933-9DF78770E62F}
[2013/03/17 21:43:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA
[2013/03/17 21:42:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Power2Go8
[2013/03/17 21:37:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\CyberLink
[2013/03/17 21:37:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2013/03/17 21:33:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
[2013/03/17 21:32:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
[2013/03/17 21:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2013/03/17 21:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013/03/17 21:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/03/17 21:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013/03/17 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/03/17 21:23:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit
[2013/03/17 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SearchProtect
[2013/03/17 21:23:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CRE
[2013/03/17 21:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/03/17 13:39:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{06154FA9-82BD-4C93-BEB0-934D54C04A91}
[2013/03/16 19:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/03/16 19:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/16 18:58:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{64B8A795-80E5-4251-BA4E-7343C4D7732B}
[2013/03/14 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F63B7AA9-D885-4DD4-B841-FD5E4964FAE8}
[2013/03/11 20:02:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6667E7AB-71F9-4EF7-8C82-D4D95353A93A}
[2013/03/10 12:41:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EF05A093-C3A7-4531-AA2E-AF6F854A991C}
[2013/03/09 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8A9B709F-371F-46D0-9462-65D8545D0BED}
[2013/03/09 09:15:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A263D73C-3C23-4318-98AC-1C8D9703FEBC}
[2013/03/08 21:14:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B614314F-1778-4C67-9FDC-1CDAC71F942B}
[2013/03/07 20:52:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1D068A03-6520-4459-9FD3-7563DC3D7594}
[2013/03/06 19:11:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{86AC68A9-6E24-4091-9FEF-B01340C1AA5B}
[2013/03/05 21:20:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CB417C1D-9A00-4DB8-9F05-2F008E71BB56}
[2013/03/04 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{783D8AF6-A019-4D24-81C3-4FB7B5465B4C}
[2013/03/03 22:26:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E277DCDF-2293-4EAA-9E9C-EFF3FECA5327}
[2013/03/03 10:25:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{357D6067-53C7-4F2D-9F8E-2B672B42B66C}
[2013/03/02 14:43:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4461B04A-53A1-48F1-B1BD-ECB584A92564}
[2013/03/01 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A6CBB768-D039-45F9-A1CF-D40A2955257A}
[2013/02/28 20:49:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FBEABAB9-38A1-4508-A880-2277F7B9B930}
[2013/02/27 21:43:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2BD92E5F-9768-445F-B1C8-162E0837C231}
[2013/02/26 20:34:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6792BB9C-A17F-4CBA-9494-028E2E696ADF}
[2013/02/25 20:15:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DF485855-2228-4796-A0A0-09198F308B5F}
[2013/02/24 22:17:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{240B945A-2004-4952-9E0B-AA7BC2A954FF}
[2013/02/24 10:17:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0B862DB7-F77F-4C38-92FC-087BF1BA1A29}
[2013/02/23 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{92D6B14B-4012-4474-AD6A-DE99BF72751C}
[2013/02/22 13:56:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{72B47266-9BD3-4F75-8B33-98DCD3076B99}
[2013/02/20 08:51:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{56285099-426B-44A1-A004-1B48347D0B6E}
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/03/21 22:37:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4215553431-3862215306-3237111303-1000UA.job
[2013/03/21 22:04:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/21 21:52:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/03/21 21:50:44 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/21 20:38:50 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 20:38:50 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 20:35:58 | 000,628,414 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/21 20:35:58 | 000,110,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/21 20:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/21 20:31:24 | 2817,925,120 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/18 07:37:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4215553431-3862215306-3237111303-1000Core.job
[2013/03/17 22:07:52 | 000,007,600 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/03/17 21:33:16 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\WaveEditor.lnk
[2013/03/17 21:32:21 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink Power2Go 8.lnk
[2013/03/17 21:24:38 | 000,000,009 | ---- | M] () -- C:\END
[2013/03/17 21:23:11 | 000,000,836 | ---- | M] () -- C:\Users\User\Desktop\CyberLink_Power2Go_Downloader.lnk
[2013/03/17 15:14:34 | 011,077,632 | ---- | M] () -- C:\Users\User\Desktop\dban-2.2.7_i586.iso
[2013/03/14 20:39:16 | 000,002,360 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2013/03/04 22:24:43 | 000,185,003 | ---- | M] () -- C:\Users\User\Documents\Payment Successful.pdf
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/21 21:50:43 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/17 21:33:15 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\WaveEditor.lnk
[2013/03/17 21:32:20 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink Power2Go 8.lnk
[2013/03/17 21:23:11 | 000,000,836 | ---- | C] () -- C:\Users\User\Desktop\CyberLink_Power2Go_Downloader.lnk
[2013/03/17 21:23:08 | 000,000,009 | ---- | C] () -- C:\END
[2013/03/17 21:06:32 | 011,077,632 | ---- | C] () -- C:\Users\User\Desktop\dban-2.2.7_i586.iso
[2013/03/04 22:24:15 | 000,185,003 | ---- | C] () -- C:\Users\User\Documents\Payment Successful.pdf
[2011/12/29 11:58:30 | 000,000,287 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/06/18 09:41:46 | 000,027,650 | ---- | C] () -- C:\Windows\System32\icnotli.dll
[2011/06/18 09:41:46 | 000,020,482 | ---- | C] () -- C:\Windows\System32\eytauni.dll
[2011/04/19 00:02:35 | 000,007,600 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/01/08 12:05:24 | 001,760,039 | ---- | C] () -- C:\Users\User\IMG_3553.JPG
[2011/01/08 12:05:24 | 001,584,105 | ---- | C] () -- C:\Users\User\IMG_3554.JPG
[2011/01/08 12:05:24 | 000,153,600 | ---- | C] () -- C:\Users\User\01149946.dot
[2011/01/08 11:17:47 | 000,018,591 | ---- | C] () -- C:\Users\User\Re_ Potential role with our client Everest.eml
========== ZeroAccess Check ==========
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/07/14 10:27:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\canon
[2012/07/14 10:38:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon_Inc_IC
[2011/04/21 08:37:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenCandy
[2013/03/17 21:23:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SearchProtect
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 836 bytes -> C:\Users\User\Re_ Potential role with our client Everest.eml:OECustomProperty
< End of report >
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.22.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
User :: MARSH [administrator]
Protection: Enabled
21/03/2013 9:52:50 PM
MBAM-log-2013-03-21 (22-56-13).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393809
Time elapsed: 1 hour(s), 3 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\User\Downloads\setup.exe (PUP.BundleInstaller.VG) -> No action taken.
(end)
Edited by Ian7, 21 March 2013 - 09:07 PM.