Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 Rielus

Rielus

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 01 June 2011 - 12:55 PM

Clicking a google search result usually ends up redirecting me to another webpage.

I have run a freshly updated malware bytes and I have an up to date version of avira running, neither have fixed the problem. I would be grateful for any help you guys can provide!

Heres my dds log...

.
DDS (Ver_2011-06-01.06) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Ryan at 3:46:27 on 2011-06-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.4094.2302 [GMT 10:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\DAODx.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\lxdccoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NetMeter\NetMeter.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://au.zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5A2796A5-729C-44D1-9211-5E7C0E2E7008} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5A2796A5-729C-44D1-9211-5E7C0E2E7008}\254523536313F513 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E3049B46-E2E4-4AEB-890A-8236DB25501D} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Right-Click-Link: {AA6F0803-145A-4200-8E5E-68898D02B5B3} - %profile%\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
FF - Ext: Youtube: Show Video Rating Stars in Search: {d18de924-5045-4196-84ec-8fe73a418a41} - %profile%\extensions\{d18de924-5045-4196-84ec-8fe73a418a41}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{a3442e61-57b7-4a7f-

b0c8-e1e20a2278a9}: {a3442e61-57b7-4a7f-b0c8-e1e20a2278a9} - %profile%\extensions\{a3442e61-57b7-4a7f-b0c8-e1e20a2278a9}
FF - Ext: Youtube: Show Video Rating Stars of Related Videos: {443a8bc4-55ca-44e0-9928-58b1b5f175d9} - %profile%\extensions\{443a8bc4-55ca-44e0-9928-58b1b5f175d9}
FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-29 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-29 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 lxdc_device;lxdc_device;C:\Windows\system32\lxdccoms.exe -service --> C:\Windows\system32\lxdccoms.exe -service [?]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files

(x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdcserv.exe [2007-5-25 34224]
S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]
.
=============== Created Last 30 ================
.
2011-05-29 15:40:26 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Avira
2011-05-29 11:07:20 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-05-29 11:07:19 -------- d-----w- C:\ProgramData\Avira
2011-05-29 11:07:19 -------- d-----w- C:\Program Files (x86)\Avira
2011-05-29 08:16:24 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Malwarebytes
2011-05-29 08:16:21 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 08:16:20 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-29 08:16:17 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-29 08:16:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-29 08:00:26 114688 --sha-r- C:\Windows\SysWow64\KBDDIV1D.dll
2011-05-28 09:31:13 -------- d-----w- C:\Users\Ryan\AppData\Roaming\go
2011-05-28 09:31:12 -------- d-----w- C:\ProgramData\Easybits GO
2011-05-26 08:36:59 -------- d-----w- C:\Users\Ryan\AppData\Local\Sidhe
2011-05-14 06:39:40 -------- d-----w- C:\Program Files (x86)\GRETECH
2011-05-06 19:44:43 -------- d-----w- C:\Program Files (x86)\SQUARE ENIX - Eidos Interactive
2011-05-04 10:57:35 -------- d-----w- C:\Program Files (x86)\Super Meat Boy
.
==================== Find3M ====================
.
2011-04-17 07:57:07 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-04-17 07:56:48 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-04-17 07:56:48 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-03-04 07:57:52 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
.
============= FINISH: 3:47:21.01 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 PM

Posted 09 June 2011 - 10:20 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Rielus

Rielus
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 09 June 2011 - 04:24 PM

Thanks for your help!

Rootkit unhooker won't run. It says "Sorry, but unhandled exception has occured. Program will be terminated." It creates the following error log:

Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF

Heres the OTL.txt

OTL logfile created on: 10/06/2011 7:16:36 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ryan\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.42% Memory free
7.99 Gb Paging File | 6.48 Gb Available in Paging File | 81.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 64.61 Gb Free Space | 6.94% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 115.29 Gb Free Space | 24.75% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2011/06/02 00:27:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/02 05:10:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/17 17:57:07 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/18 06:29:49 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2009/09/08 17:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 17:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/08/09 15:08:02 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\NetMeter\NetMeter.exe
PRC - [2009/03/30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (SafeList) ==========

MOD - [2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/29 11:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/05/25 08:39:04 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV:64bit: - [2007/05/25 08:38:54 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdccoms.exe -- (lxdc_device)
SRV - [2011/04/18 17:10:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/17 17:57:07 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/24 07:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/16 06:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/08 17:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/25 08:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdccoms.exe -- (lxdc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/29 12:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/29 11:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/05/31 13:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/11 11:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/04/27 11:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 11:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/23 01:54:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/02 21:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 16:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2005/10/20 14:01:12 | 000,222,720 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT2500.sys -- (RT2500)
DRV - [2011/06/10 07:10:01 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2850416976-854691333-250921961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-2850416976-854691333-250921961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2850416976-854691333-250921961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2850416976-854691333-250921961-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 3C 80 27 C9 C6 CA 01 [binary data]
IE - HKU\S-1-5-21-2850416976-854691333-250921961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.blackle.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {AA6F0803-145A-4200-8E5E-68898D02B5B3}:1.1.5
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/10 20:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/02 04:02:19 | 000,000,000 | ---D | M]

[2010/03/19 04:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/06/10 07:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions
[2010/05/14 01:56:53 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2010/03/23 20:21:16 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2010/05/07 12:34:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/29 11:46:36 | 000,000,000 | ---D | M] ("Flash Video Downloader (Youtube Downloader)") -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\artur.dubovoy@gmail.com
[2010/12/04 20:01:07 | 000,012,703 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\imdb.xml
[2011/01/18 21:09:19 | 000,001,959 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\lastfm.xml
[2010/03/20 06:32:53 | 000,001,011 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\torrentz-search.xml
[2010/11/29 00:58:41 | 000,001,548 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\wowhead.xml
[2010/12/01 15:22:07 | 000,002,445 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\wowpedia-en.xml
[2010/03/20 01:35:19 | 000,002,057 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\youtube-video-search.xml
[2011/06/10 03:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/04 02:38:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/04 02:38:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/26 00:02:56 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/26 00:02:56 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/26 00:02:57 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/26 00:02:57 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/02 23:35:37 | 000,000,164 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-2850416976-854691333-250921961-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2850416976-854691333-250921961-1000..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKU\S-1-5-21-2850416976-854691333-250921961-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2850416976-854691333-250921961-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-2850416976-854691333-250921961-1002..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2850416976-854691333-250921961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://au.zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3eff4c10-38fb-11e0-8784-20cf30e2619e}\Shell - "" = AutoRun
O33 - MountPoints2\{3eff4c10-38fb-11e0-8784-20cf30e2619e}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6a136fb3-35cb-11df-aa2d-0018f3049065}\Shell - "" = AutoRun
O33 - MountPoints2\{6a136fb3-35cb-11df-aa2d-0018f3049065}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuu.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuu.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 07:10:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/06/06 23:22:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\SC2 reps oc thor
[2011/06/03 01:00:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/06/03 00:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Witcher 2
[2011/06/03 00:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\The Witcher 2
[2011/06/03 00:40:25 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/06/03 00:40:25 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/06/03 00:40:23 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/06/03 00:40:23 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/06/03 00:40:23 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/06/03 00:40:22 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/06/03 00:40:22 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/06/03 00:40:22 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/06/03 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2011/06/03 00:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/06/03 00:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011/06/03 00:12:13 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2011/06/03 00:12:12 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2011/06/03 00:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2011/06/03 00:12:00 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/06/03 00:12:00 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/06/03 00:11:59 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/06/03 00:11:59 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/06/03 00:11:59 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/06/03 00:11:59 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/06/03 00:11:58 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/06/03 00:11:58 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/06/02 07:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011/06/02 07:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2011/06/02 03:45:14 | 000,607,294 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2011/05/30 01:40:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Avira
[2011/05/29 21:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/29 21:07:20 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/29 21:07:20 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/29 21:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/29 21:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/29 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2011/05/29 18:16:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 18:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/29 18:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/29 18:16:17 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/29 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/29 18:13:59 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/29 18:06:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2011/05/29 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Starcraft 2 stuff
[2011/05/29 10:52:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Games
[2011/05/28 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\go
[2011/05/28 19:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/26 18:36:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Sidhe
[2011/05/24 01:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeter
[2011/05/14 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\GRETECH
[2011/05/14 16:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2010/03/19 07:40:42 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcserv.dll
[2010/03/19 07:40:42 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcusb1.dll
[2010/03/19 07:40:42 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdchbn3.dll
[2010/03/19 07:40:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccomc.dll
[2010/03/19 07:40:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcpmui.dll
[2010/03/19 07:40:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdclmpm.dll
[2010/03/19 07:40:42 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccoms.exe
[2010/03/19 07:40:42 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccomm.dll
[2010/03/19 07:40:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcinpa.dll
[2010/03/19 07:40:42 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdciesc.dll
[2010/03/19 07:40:42 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcih.exe
[2010/03/19 07:40:42 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcppls.exe
[2010/03/19 07:40:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcprox.dll
[2010/03/19 07:40:42 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcpplc.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/10 07:19:20 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/10 07:15:09 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\rtwfh.job
[2011/06/10 07:15:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/10 07:14:58 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/10 07:13:06 | 000,000,216 | ---- | M] () -- C:\Users\Ryan\defogger_reenable
[2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/06/10 07:08:59 | 000,139,264 | ---- | M] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.EXE
[2011/06/10 07:05:50 | 000,130,604 | ---- | M] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.zip
[2011/06/10 06:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2850416976-854691333-250921961-1000UA.job
[2011/06/10 02:59:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 02:59:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 18:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/06/09 17:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/06/09 17:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/06/09 00:32:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2850416976-854691333-250921961-1000Core.job
[2011/06/05 23:51:26 | 1353,766,894 | ---- | M] () -- C:\Users\Ryan\Desktop\red stream.flv.htm
[2011/06/03 01:05:58 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2011/06/03 00:59:45 | 000,005,493 | ---- | M] () -- C:\Users\Ryan\Documents\ax_files.xml
[2011/06/03 00:38:05 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2011/06/03 00:12:11 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/06/03 00:12:11 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/06/02 23:35:37 | 000,000,164 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/02 03:45:15 | 000,607,294 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2011/05/30 12:10:48 | 435,041,510 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/30 01:39:09 | 000,009,774 | -HS- | M] () -- C:\ProgramData\cuwo18pkojklj48c60y33130t1yq4
[2011/05/30 01:39:07 | 000,009,774 | -HS- | M] () -- C:\Users\Ryan\AppData\Local\cuwo18pkojklj48c60y33130t1yq4
[2011/05/29 21:26:08 | 000,050,477 | ---- | M] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2011/05/29 21:07:39 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/29 21:06:18 | 052,676,424 | ---- | M] () -- C:\Users\Ryan\Desktop\avira_antivir_personal_en.exe
[2011/05/29 18:16:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 18:14:23 | 001,007,108 | ---- | M] () -- C:\Users\Ryan\Desktop\rkill.com
[2011/05/29 18:14:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/29 18:06:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2011/05/29 18:02:50 | 000,009,392 | -HS- | M] () -- C:\Users\Ryan\AppData\Local\08s8760v80874e8ca0sdtd431
[2011/05/29 18:02:50 | 000,009,392 | -HS- | M] () -- C:\ProgramData\08s8760v80874e8ca0sdtd431
[2011/05/29 18:00:26 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\KBDDIV1D.dll
[2011/05/29 11:44:24 | 000,003,526 | ---- | M] () -- C:\Users\Ryan\Desktop\Super Meat Boy - Shortcut.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/28 08:11:22 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/28 08:11:22 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/28 08:11:22 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/24 01:04:24 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\NetMeter.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/10 07:13:05 | 000,000,216 | ---- | C] () -- C:\Users\Ryan\defogger_reenable
[2011/06/10 07:05:48 | 000,130,604 | ---- | C] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.zip
[2011/06/10 07:05:18 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/10 07:04:49 | 000,139,264 | ---- | C] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.EXE
[2011/06/05 22:52:40 | 1353,766,894 | ---- | C] () -- C:\Users\Ryan\Desktop\red stream.flv.htm
[2011/06/03 00:38:05 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2011/06/03 00:17:41 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/06/03 00:11:43 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2011/05/30 01:34:44 | 000,009,774 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\cuwo18pkojklj48c60y33130t1yq4
[2011/05/30 01:34:44 | 000,009,774 | -HS- | C] () -- C:\ProgramData\cuwo18pkojklj48c60y33130t1yq4
[2011/05/29 21:26:07 | 000,050,477 | ---- | C] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2011/05/29 21:07:39 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/29 21:04:29 | 052,676,424 | ---- | C] () -- C:\Users\Ryan\Desktop\avira_antivir_personal_en.exe
[2011/05/29 18:16:21 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 18:14:22 | 001,007,108 | ---- | C] () -- C:\Users\Ryan\Desktop\rkill.com
[2011/05/29 18:02:19 | 000,009,392 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\08s8760v80874e8ca0sdtd431
[2011/05/29 18:00:27 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\rtwfh.job
[2011/05/29 18:00:26 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\KBDDIV1D.dll
[2011/05/29 17:43:34 | 000,009,392 | -HS- | C] () -- C:\ProgramData\08s8760v80874e8ca0sdtd431
[2011/05/29 11:44:24 | 000,003,526 | ---- | C] () -- C:\Users\Ryan\Desktop\Super Meat Boy - Shortcut.lnk
[2011/05/24 01:04:24 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/11/18 07:02:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/18 05:48:06 | 000,029,196 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/18 04:44:14 | 000,000,890 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2010/08/01 03:14:29 | 000,007,605 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2010/06/16 08:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/18 11:44:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/11 09:26:08 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010/05/10 05:30:49 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2010/04/06 13:31:54 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/20 19:30:25 | 000,149,792 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/03/20 04:37:47 | 001,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\V2WCDRV.sys
[2010/03/19 12:22:45 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/19 12:22:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/19 12:22:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/19 11:11:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/19 07:40:42 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdccomx.dll
[2010/03/19 07:40:42 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDCinst.dll
[2010/03/19 04:46:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 22:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 16:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

< End of report >

Heres is extras.txt

OTL Extras logfile created on: 10/06/2011 7:16:36 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ryan\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.42% Memory free
7.99 Gb Paging File | 6.48 Gb Available in Paging File | 81.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 64.61 Gb Free Space | 6.94% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 115.29 Gb Free Space | 24.75% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuu.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuu.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-2850416976-854691333-250921961-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Google is still redirecting.

Edited by Rielus, 09 June 2011 - 04:26 PM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 PM

Posted 09 June 2011 - 04:34 PM

Hi!

You're running a 64 bit version of Windows, so RKU won't work on it.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-2850416976-854691333-250921961-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-21-2850416976-854691333-250921961-1002..\RunOnce: [mctadmin] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{3eff4c10-38fb-11e0-8784-20cf30e2619e}\Shell - "" = AutoRun
    O33 - MountPoints2\{3eff4c10-38fb-11e0-8784-20cf30e2619e}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{6a136fb3-35cb-11df-aa2d-0018f3049065}\Shell - "" = AutoRun
    O33 - MountPoints2\{6a136fb3-35cb-11df-aa2d-0018f3049065}\Shell\AutoRun\command - "" = G:\setup.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuu.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuu.exe" -a "%1" %*
    [2011/05/29 18:13:59 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/30 01:39:09 | 000,009,774 | -HS- | M] () -- C:\ProgramData\cuwo18pkojklj48c60y33130t1yq4
    [2011/05/30 01:39:07 | 000,009,774 | -HS- | M] () -- C:\Users\Ryan\AppData\Local\cuwo18pkojklj48c60y33130t1yq4
    [2011/05/29 18:02:50 | 000,009,392 | -HS- | M] () -- C:\Users\Ryan\AppData\Local\08s8760v80874e8ca0sdtd431
    [2011/05/29 18:02:50 | 000,009,392 | -HS- | M] () -- C:\ProgramData\08s8760v80874e8ca0sdtd431
    [2011/05/29 18:00:26 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\KBDDIV1D.dll
    [2011/05/30 01:34:44 | 000,009,774 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\cuwo18pkojklj48c60y33130t1yq4
    [2011/05/30 01:34:44 | 000,009,774 | -HS- | C] () -- C:\ProgramData\cuwo18pkojklj48c60y33130t1yq4
    [2011/05/29 18:02:19 | 000,009,392 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\08s8760v80874e8ca0sdtd431
    [2011/05/29 18:00:27 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\rtwfh.job
    [2011/05/29 18:00:26 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\KBDDIV1D.dll
    
    :Reg
    
    :Files
    C:\Windows\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 PM

Posted 11 June 2011 - 09:41 AM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Rielus

Rielus
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 11 June 2011 - 09:12 PM

OTL

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2850416976-854691333-250921961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2850416976-854691333-250921961-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2850416976-854691333-250921961-1002\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2850416976-854691333-250921961-1002\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eff4c10-38fb-11e0-8784-20cf30e2619e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eff4c10-38fb-11e0-8784-20cf30e2619e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eff4c10-38fb-11e0-8784-20cf30e2619e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eff4c10-38fb-11e0-8784-20cf30e2619e}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a136fb3-35cb-11df-aa2d-0018f3049065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a136fb3-35cb-11df-aa2d-0018f3049065}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a136fb3-35cb-11df-aa2d-0018f3049065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a136fb3-35cb-11df-aa2d-0018f3049065}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Setup.exe not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Ryan\Desktop\mbam-setup-1.50.1.1100.exe moved successfully.
C:\ProgramData\cuwo18pkojklj48c60y33130t1yq4 moved successfully.
C:\Users\Ryan\AppData\Local\cuwo18pkojklj48c60y33130t1yq4 moved successfully.
C:\Users\Ryan\AppData\Local\08s8760v80874e8ca0sdtd431 moved successfully.
C:\ProgramData\08s8760v80874e8ca0sdtd431 moved successfully.
File move failed. C:\Windows\SysWOW64\KBDDIV1D.dll scheduled to be moved on reboot.
File C:\Users\Ryan\AppData\Local\cuwo18pkojklj48c60y33130t1yq4 not found.
File C:\ProgramData\cuwo18pkojklj48c60y33130t1yq4 not found.
File C:\Users\Ryan\AppData\Local\08s8760v80874e8ca0sdtd431 not found.
File move failed. C:\Windows\Tasks\rtwfh.job scheduled to be moved on reboot.
File move failed. C:\Windows\SysWOW64\KBDDIV1D.dll scheduled to be moved on reboot.
========== REGISTRY ==========
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ryan\Desktop\cmd.bat deleted successfully.
C:\Users\Ryan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.

OTL by OldTimer - Version 3.2.23.0 log created on 06102011_073545

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\KBDDIV1D.dll scheduled to be moved on reboot.

MBAM

MBAM log...

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6822

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/06/2011 7:45:09 AM
mbam-log-2011-06-10 (07-45-09).txt

Scan type: Quick scan
Objects scanned: 180145
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET


C:\Program Files (x86)\Super Meat Boy\Uninstall.exe probably a variant of Win32/Agent.MFNJEN trojan
C:\Users\Ryan\AppData\Local\Temp\jar_cache2417622558552639088.tmp multiple threats
C:\Users\Ryan\AppData\Local\Temp\jar_cache4698569293861104006.tmp multiple threats
C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\76dd46aa-67a8791b multiple threats
C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5d22d0f5-124cabb6 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\nssplc[1].exe a variant of Win32/Kryptik.OFR trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\script[1].js JS/Kryptik.AL trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[6].php HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\icpcom[1].exe Win32/Olmarik.AMN trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\icpcom[1].exe Win32/Olmarik.AMN trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\nssplc[1].exe a variant of Win32/Kryptik.OFR trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\readme[1].exe a variant of Win32/Kryptik.OKX trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-68ccf4c5 Java/TrojanDownloader.Agent.ME trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\nssplc[1].exe a variant of Win32/Kryptik.OFR trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\script[1].js JS/Kryptik.AL trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[6].php HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\icpcom[1].exe Win32/Olmarik.AMN trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\icpcom[1].exe Win32/Olmarik.AMN trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\nssplc[1].exe a variant of Win32/Kryptik.OFR trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\readme[1].exe a variant of Win32/Kryptik.OKX trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-68ccf4c5 Java/TrojanDownloader.Agent.ME trojan
C:\Windows\Temp\jar_cache8465654958764507751.tmp a variant of J2ME/Agent.AA trojan

Security Check
Results of screen317's Security Check version 0.99.13
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 20
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineScannerApp.exe
``````````End of Log````````````

Google is still redirecting.

Edited by Rielus, 11 June 2011 - 11:22 PM.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 PM

Posted 12 June 2011 - 09:20 AM

Hi!

Your SecurityCheck log is indicating that your version of Flash Player is outdated. I suggest you remove the out of date version and install that latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Users\Ryan\AppData\Local\Temp\jar_cache2417622558552639088.tmp
    C:\Users\Ryan\AppData\Local\Temp\jar_cache4698569293861104006.tmp
    C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\76dd46aa-67a8791b
    C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5d22d0f5-124cabb6
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\nssplc[1].exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\script[1].js
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[6].php
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\icpcom[1].exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\icpcom[1].exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\nssplc[1].exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\readme[1].exe
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-68ccf4c5
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\nssplc[1].exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\script[1].js
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[6].php
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\icpcom[1].exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\icpcom[1].exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\nssplc[1].exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\readme[1].exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-68ccf4c5
    C:\Windows\Temp\jar_cache8465654958764507751.tmp
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Rielus

Rielus
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 12 June 2011 - 09:49 AM

First report

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Ryan\AppData\Local\Temp\jar_cache2417622558552639088.tmp moved successfully.
C:\Users\Ryan\AppData\Local\Temp\jar_cache4698569293861104006.tmp moved successfully.
C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\76dd46aa-67a8791b moved successfully.
C:\Users\Ryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5d22d0f5-124cabb6 moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\nssplc[1].exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\script[1].js moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[6].php moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\icpcom[1].exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\icpcom[1].exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\nssplc[1].exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\readme[1].exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-68ccf4c5 moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\nssplc[1].exe not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\script[1].js not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[6].php not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\icpcom[1].exe not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\icpcom[1].exe not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\nssplc[1].exe not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\readme[1].exe not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-68ccf4c5 not found.
C:\Windows\Temp\jar_cache8465654958764507751.tmp moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ryan\Desktop\cmd.bat deleted successfully.
C:\Users\Ryan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Public

User: Ryan
->Temp folder emptied: 7518419183 bytes
->Temporary Internet Files folder emptied: 141170179 bytes
->Java cache emptied: 14367199 bytes
->FireFox cache emptied: 101232347 bytes
->Google Chrome cache emptied: 65639439 bytes
->Flash cache emptied: 182848 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 4857232 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8786169 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,492.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: postgres
->Flash cache emptied: 0 bytes

User: Public

User: Ryan
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06132011_003451

Files\Folders moved on Reboot...
C:\Users\Ryan\AppData\Local\Temp\MessengerCache\HtyhcUPb7AYElKC5Z0iRM7iXfl8= moved successfully.
C:\Users\Ryan\AppData\Local\Temp\MessengerCache\IzXcEuXeQdzY1OOV8SaygjZLUeI= moved successfully.
C:\Users\Ryan\AppData\Local\Temp\MessengerCache\o2Y9HPaJ39i1Ii0zdAzw2uku67Y= moved successfully.
C:\Users\Ryan\AppData\Local\Temp\MessengerCache\OSFNHsTEcH73kMGkmnQ7yBF6N2F8= moved successfully.
C:\Users\Ryan\AppData\Local\Temp\MessengerCache\SaXJZjqlD2FrHsbcoYjPSQFDvPWs= moved successfully.
C:\Users\Ryan\AppData\Local\Temp\MessengerCache\wJAdC3JOH11xF8LnTkQru1GeMTo= moved successfully.
C:\Users\Ryan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3VBOD2G\ADSAdClient31[1].txt not found!
File\Folder C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N2W40AAL\01[1].htm not found!

Registry entries deleted on Reboot...

Second report

OTL logfile created on: 13/06/2011 12:41:01 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ryan\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.21% Memory free
7.99 Gb Paging File | 6.18 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 143.56 Gb Free Space | 15.41% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 115.29 Gb Free Space | 24.75% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2011/06/02 00:27:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/05/02 05:10:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/17 17:57:07 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/18 06:29:49 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2009/09/08 17:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 17:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/08/09 15:08:02 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\NetMeter\NetMeter.exe
PRC - [2009/03/30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (SafeList) ==========

MOD - [2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/29 11:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/05/25 08:39:04 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV:64bit: - [2007/05/25 08:38:54 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdccoms.exe -- (lxdc_device)
SRV - [2011/04/18 17:10:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/17 17:57:07 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/24 07:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/16 06:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/08 17:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/25 08:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdccoms.exe -- (lxdc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/29 12:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/29 11:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/05/31 13:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/11 11:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/04/27 11:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 11:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/23 01:54:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/02 21:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 16:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2005/10/20 14:01:12 | 000,222,720 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT2500.sys -- (RT2500)
DRV - [2011/06/10 07:19:20 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 3C 80 27 C9 C6 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.blackle.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {AA6F0803-145A-4200-8E5E-68898D02B5B3}:1.1.5
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.7
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/10 20:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/02 04:02:19 | 000,000,000 | ---D | M]

[2010/03/19 04:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/06/13 00:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions
[2010/05/14 01:56:53 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2010/03/23 20:21:16 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2010/05/07 12:34:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/29 11:46:36 | 000,000,000 | ---D | M] ("Flash Video Downloader (Youtube Downloader)") -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\artur.dubovoy@gmail.com
[2010/12/04 20:01:07 | 000,012,703 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\imdb.xml
[2011/01/18 21:09:19 | 000,001,959 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\lastfm.xml
[2010/03/20 06:32:53 | 000,001,011 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\torrentz-search.xml
[2010/11/29 00:58:41 | 000,001,548 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\wowhead.xml
[2010/12/01 15:22:07 | 000,002,445 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\wowpedia-en.xml
[2010/03/20 01:35:19 | 000,002,057 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\youtube-video-search.xml
[2011/06/13 00:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/04 02:38:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/26 00:02:56 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/26 00:02:56 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/26 00:02:57 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/26 00:02:57 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/13 00:34:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://au.zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 00:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/12 20:58:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2011/06/12 20:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2011/06/12 20:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2011/06/11 22:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/06/10 20:26:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Foxit Software
[2011/06/10 07:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/10 07:51:01 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ryan\Desktop\esetsmartinstaller_enu.exe
[2011/06/10 07:35:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/10 07:10:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/06/06 23:22:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\SC2 reps oc thor
[2011/06/03 01:00:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/06/03 00:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Witcher 2
[2011/06/03 00:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\The Witcher 2
[2011/06/03 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2011/06/03 00:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/06/03 00:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011/06/03 00:12:12 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2011/06/03 00:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2011/06/02 07:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011/06/02 07:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2011/06/02 03:45:14 | 000,607,294 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2011/05/30 01:40:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Avira
[2011/05/29 21:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/29 21:07:20 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/29 21:07:20 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/29 21:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/29 21:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/29 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2011/05/29 18:16:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 18:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/29 18:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/29 18:16:17 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/29 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/29 18:06:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2011/05/29 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Starcraft 2 stuff
[2011/05/29 10:52:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Games
[2011/05/28 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\go
[2011/05/28 19:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/26 18:36:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Sidhe
[2011/05/24 01:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeter
[2011/05/14 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\GRETECH
[2011/05/14 16:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2010/03/19 07:40:42 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcserv.dll
[2010/03/19 07:40:42 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcusb1.dll
[2010/03/19 07:40:42 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdchbn3.dll
[2010/03/19 07:40:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccomc.dll
[2010/03/19 07:40:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcpmui.dll
[2010/03/19 07:40:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdclmpm.dll
[2010/03/19 07:40:42 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccoms.exe
[2010/03/19 07:40:42 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccomm.dll
[2010/03/19 07:40:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcinpa.dll
[2010/03/19 07:40:42 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdciesc.dll
[2010/03/19 07:40:42 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcih.exe
[2010/03/19 07:40:42 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcppls.exe
[2010/03/19 07:40:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcprox.dll
[2010/03/19 07:40:42 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/13 00:37:48 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\rtwfh.job
[2011/06/13 00:37:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 00:37:35 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 00:36:44 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 00:36:44 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 00:34:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/06/13 00:32:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2850416976-854691333-250921961-1000UA.job
[2011/06/13 00:32:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2850416976-854691333-250921961-1000Core.job
[2011/06/12 20:58:01 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/06/12 14:09:27 | 000,879,099 | ---- | M] () -- C:\Users\Ryan\Desktop\SecurityCheck.exe
[2011/06/10 07:51:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ryan\Desktop\esetsmartinstaller_enu.exe
[2011/06/10 07:19:20 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/10 07:13:06 | 000,000,216 | ---- | M] () -- C:\Users\Ryan\defogger_reenable
[2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/06/10 07:08:59 | 000,139,264 | ---- | M] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.EXE
[2011/06/10 07:05:50 | 000,130,604 | ---- | M] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.zip
[2011/06/05 23:51:26 | 1353,766,894 | ---- | M] () -- C:\Users\Ryan\Desktop\red stream.flv.htm
[2011/06/03 01:05:58 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2011/06/03 00:59:45 | 000,005,493 | ---- | M] () -- C:\Users\Ryan\Documents\ax_files.xml
[2011/06/03 00:38:05 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2011/06/02 03:45:15 | 000,607,294 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2011/05/30 12:10:48 | 435,041,510 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/29 21:26:08 | 000,050,477 | ---- | M] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2011/05/29 21:07:39 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/29 21:06:18 | 052,676,424 | ---- | M] () -- C:\Users\Ryan\Desktop\avira_antivir_personal_en.exe
[2011/05/29 18:16:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 18:14:23 | 001,007,108 | ---- | M] () -- C:\Users\Ryan\Desktop\rkill.com
[2011/05/29 18:06:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2011/05/29 18:00:26 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\KBDDIV1D.dll
[2011/05/29 11:44:24 | 000,003,526 | ---- | M] () -- C:\Users\Ryan\Desktop\Super Meat Boy - Shortcut.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/28 08:11:22 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/28 08:11:22 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/28 08:11:22 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/24 01:04:24 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\NetMeter.lnk

========== Files Created - No Company Name ==========

[2011/06/12 20:58:01 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/06/12 14:09:26 | 000,879,099 | ---- | C] () -- C:\Users\Ryan\Desktop\SecurityCheck.exe
[2011/06/10 07:13:05 | 000,000,216 | ---- | C] () -- C:\Users\Ryan\defogger_reenable
[2011/06/10 07:05:48 | 000,130,604 | ---- | C] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.zip
[2011/06/10 07:05:18 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/10 07:04:49 | 000,139,264 | ---- | C] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.EXE
[2011/06/05 22:52:40 | 1353,766,894 | ---- | C] () -- C:\Users\Ryan\Desktop\red stream.flv.htm
[2011/06/03 00:38:05 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2011/06/03 00:17:41 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/06/03 00:11:43 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2011/05/29 21:26:07 | 000,050,477 | ---- | C] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2011/05/29 21:07:39 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/29 21:04:29 | 052,676,424 | ---- | C] () -- C:\Users\Ryan\Desktop\avira_antivir_personal_en.exe
[2011/05/29 18:16:21 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 18:14:22 | 001,007,108 | ---- | C] () -- C:\Users\Ryan\Desktop\rkill.com
[2011/05/29 18:00:27 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\rtwfh.job
[2011/05/29 18:00:26 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\KBDDIV1D.dll
[2011/05/29 11:44:24 | 000,003,526 | ---- | C] () -- C:\Users\Ryan\Desktop\Super Meat Boy - Shortcut.lnk
[2011/05/24 01:04:24 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/11/18 07:02:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/18 05:48:06 | 000,029,196 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/18 04:44:14 | 000,000,890 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2010/08/01 03:14:29 | 000,007,605 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2010/06/16 08:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/18 11:44:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/11 09:26:08 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010/05/10 05:30:49 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2010/04/06 13:31:54 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/20 19:30:25 | 000,149,792 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/03/20 04:37:47 | 001,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\V2WCDRV.sys
[2010/03/19 12:22:45 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/19 12:22:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/19 12:22:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/19 11:11:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/19 07:40:42 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdccomx.dll
[2010/03/19 07:40:42 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDCinst.dll
[2010/03/19 04:46:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 22:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 16:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

========== LOP Check ==========

[2010/09/19 15:17:48 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\.minecraft
[2010/03/23 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Braid
[2011/05/30 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Dagyi
[2011/06/10 20:26:31 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Foxit Software
[2011/06/13 00:08:19 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\go
[2010/05/17 00:51:53 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient
[2010/03/19 12:02:27 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/03/21 10:14:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\NetMeter
[2011/06/12 20:58:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2011/03/19 20:55:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PunkBuster
[2011/01/19 16:57:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\runic games
[2010/03/23 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TS3Client
[2010/04/28 04:00:36 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Ubisoft
[2011/05/30 12:30:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Upfec
[2011/06/09 00:04:49 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2010/03/20 04:37:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Video2Webcam
[2011/06/13 00:37:48 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\rtwfh.job
[2011/03/15 16:23:58 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/02 05:10:28 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/02 05:10:28 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/02 05:10:28 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/05/02 05:10:28 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 15:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 15:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 15:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/06 15:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2009/07/14 11:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/03/26 19:55:26 | 000,001,757 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\.ChromotingConfig.json
[2011/06/05 15:09:49 | 000,000,004 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/06/05 15:09:49 | 000,018,768 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Local State
[2011/06/05 15:06:20 | 006,325,516 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/06/05 15:06:21 | 002,042,215 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/03/26 19:55:25 | 000,000,055 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Service State
[2011/06/01 22:44:06 | 000,299,008 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/03/26 19:54:39 | 000,020,850 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/03/26 19:54:39 | 000,020,850 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/06/05 15:09:49 | 000,064,512 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/06/05 15:09:49 | 000,056,205 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/06/05 15:09:49 | 000,020,130 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2011/06/05 15:05:28 | 000,049,152 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/06/05 15:09:49 | 000,868,352 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\History
[2011/06/01 22:44:07 | 000,098,304 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-03
[2011/05/29 21:02:30 | 000,065,536 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05
[2011/06/05 15:09:49 | 000,098,304 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-06
[2011/06/02 03:51:37 | 000,000,351 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/06/02 03:51:35 | 000,000,008 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/03/26 20:00:03 | 000,012,288 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/06/05 15:09:49 | 000,025,800 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/03/26 19:54:39 | 000,020,480 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/06/05 15:09:49 | 000,131,072 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/06/05 15:04:04 | 000,077,824 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/05/29 21:06:54 | 000,020,386 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\icon-128.png
[2011/05/29 21:06:54 | 000,000,740 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\manifest.json
[2011/03/26 19:56:34 | 000,005,677 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\adblock.js
[2011/03/26 19:56:34 | 000,005,748 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\adblock_start.js
[2011/03/26 19:56:34 | 000,025,912 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\background.html
[2011/03/26 19:56:34 | 000,004,351 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklister.js
[2011/03/26 19:56:34 | 000,000,838 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\broadcast_channel.js
[2011/03/26 19:56:34 | 000,001,769 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\functions.js
[2011/03/26 19:56:34 | 000,010,019 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\Icon.png
[2011/03/26 19:56:34 | 000,002,288 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\Info.plist
[2011/03/26 19:56:34 | 000,001,568 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\manifest.json
[2011/03/26 19:56:34 | 000,012,524 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\port.js
[2011/03/26 19:56:34 | 000,002,435 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\whitelister.js
[2011/03/26 19:56:34 | 000,042,640 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ar\messages.json
[2011/03/26 19:56:34 | 000,044,697 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\cs\messages.json
[2011/03/26 19:56:34 | 000,042,438 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\de\messages.json
[2011/03/26 19:56:34 | 000,054,395 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\el\messages.json
[2011/03/26 19:56:34 | 000,040,953 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\en\messages.json
[2011/03/26 19:56:34 | 000,024,867 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\es\messages.json
[2011/03/26 19:56:34 | 000,042,760 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\fi\messages.json
[2011/03/26 19:56:34 | 000,024,094 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\fr\messages.json
[2011/03/26 19:56:34 | 000,025,040 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\hu\messages.json
[2011/03/26 19:56:34 | 000,026,318 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\id\messages.json
[2011/03/26 19:56:34 | 000,023,381 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\it\messages.json
[2011/03/26 19:56:34 | 000,031,087 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ja\messages.json
[2011/03/26 19:56:34 | 000,050,181 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ko\messages.json
[2011/03/26 19:56:34 | 000,024,521 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\mk\messages.json
[2011/03/26 19:56:34 | 000,024,381 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\nb\messages.json
[2011/03/26 19:56:34 | 000,038,672 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\nl\messages.json
[2011/03/26 19:56:34 | 000,025,965 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\pl\messages.json
[2011/03/26 19:56:34 | 000,024,298 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\pt_BR\messages.json
[2011/03/26 19:56:34 | 000,041,470 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ro\messages.json
[2011/03/26 19:56:34 | 000,075,674 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ru\messages.json
[2011/03/26 19:56:34 | 000,029,839 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\sl\messages.json
[2011/03/26 19:56:34 | 000,026,485 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\tr\messages.json
[2011/03/26 19:56:34 | 000,030,353 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\zh_CN\messages.json
[2011/03/26 19:56:34 | 000,030,060 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\zh_TW\messages.json
[2011/03/26 19:56:34 | 000,001,811 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\app\app.js
[2011/03/26 19:56:34 | 000,001,248 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\app\both_installed.html
[2011/03/26 19:56:34 | 000,012,671 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklisting\blacklistui.js
[2011/03/26 19:56:34 | 000,006,657 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklisting\clickwatcher.js
[2011/03/26 19:56:34 | 000,001,290 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklisting\elementchain.js
[2011/03/26 19:56:34 | 000,001,075 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklisting\overlay.js
[2011/03/26 19:56:34 | 000,002,254 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\button\popup.css
[2011/03/26 19:56:34 | 000,012,527 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\button\popup.html
[2011/03/26 19:56:34 | 000,000,922 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\fifocache.js
[2011/03/26 19:56:34 | 000,010,406 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\filternormalizer.js
[2011/03/26 19:56:34 | 000,000,725 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\filteroptions.js
[2011/03/26 19:56:34 | 000,005,611 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\filterset.js
[2011/03/26 19:56:34 | 000,011,185 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\filtertypes.js
[2011/03/26 19:56:34 | 000,019,497 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\myfilters.js
[2011/03/26 19:56:34 | 000,000,848 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\delete.gif
[2011/03/26 19:56:34 | 000,009,863 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon128.png
[2011/03/26 19:56:34 | 000,003,100 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon16-grayscale.png
[2011/03/26 19:56:34 | 000,000,753 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon16.png
[2011/03/26 19:56:34 | 000,000,869 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon19-grayscale.png
[2011/03/26 19:56:34 | 000,001,829 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon19-whitelisted.png
[2011/03/26 19:56:34 | 000,000,687 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon19.png
[2011/03/26 19:56:34 | 000,002,299 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon24.png
[2011/03/26 19:56:34 | 000,001,904 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon32.png
[2011/03/26 19:56:34 | 000,003,307 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon48.png
[2011/03/26 19:56:34 | 000,003,337 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon_screenshot.png
[2011/03/26 19:56:34 | 000,000,064 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\sort.gif
[2011/03/26 19:56:34 | 000,000,054 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\sortasc.gif
[2011/03/26 19:56:34 | 000,000,054 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\sortdesc.gif
[2011/03/26 19:56:34 | 000,066,023 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\jquery-ui.custom.min.js
[2011/03/26 19:56:34 | 000,004,246 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\jquery.cookie.js
[2011/03/26 19:56:34 | 000,085,260 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\jquery.min.js
[2011/03/26 19:56:34 | 000,012,795 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\jquery.tablesorter.min.js
[2011/03/26 19:56:34 | 000,001,365 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\override-page.css
[2011/03/26 19:56:34 | 000,030,831 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\jquery-ui-1.8.custom.css
[2011/03/26 19:56:34 | 000,000,180 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_flat_55_999999_40x100.png
[2011/03/26 19:56:34 | 000,000,180 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_flat_75_aaaaaa_40x100.png
[2011/03/26 19:56:34 | 000,000,136 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_glass_45_0078ae_1x400.png
[2011/03/26 19:56:34 | 000,000,131 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_glass_55_f8da4e_1x400.png
[2011/03/26 19:56:34 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_glass_75_79c9ec_1x400.png
[2011/03/26 19:56:34 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_gloss-wave_50_38cfff_500x100.png
[2011/03/26 19:56:34 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_gloss-wave_75_2191c0_500x100.png
[2011/03/26 19:56:34 | 000,000,088 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
[2011/03/26 19:56:34 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-icons_0078ae_256x240.png
[2011/03/26 19:56:34 | 000,005,355 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-icons_056b93_256x240.png
[2011/03/26 19:56:34 | 000,004,369 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-icons_d8e7f3_256x240.png
[2011/03/26 19:56:34 | 000,010,835 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\customize.html
[2011/03/26 19:56:34 | 000,012,752 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\filters.html
[2011/03/26 19:56:34 | 000,002,198 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\general.html
[2011/03/26 19:56:34 | 000,003,780 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\index.html
[2011/03/26 19:56:34 | 000,001,487 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\options.css
[2011/03/26 19:56:34 | 000,014,853 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\pages\adreport.html
[2011/03/26 19:56:34 | 000,004,867 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\pages\installed.html
[2011/03/26 19:56:34 | 000,023,875 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\pages\resourceblock.html
[2011/03/26 19:56:34 | 000,003,257 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\pages\subscribe.html
[2011/05/29 21:06:54 | 000,014,514 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\icon_poppit.png
[2011/05/29 21:06:54 | 000,000,767 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\manifest.json
[4 C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[1 C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2011/06/05 15:04:10 | 000,776,192 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
[2011/06/05 15:05:33 | 000,003,072 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage
[2011/06/05 15:05:21 | 000,003,072 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pro.majorleaguegaming.com_0.localstorage
[2011/06/05 15:05:25 | 000,003,072 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.coveritlive.com_0.localstorage
[2011/06/05 15:05:29 | 000,260,096 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage
[2010/03/23 20:21:12 | 000,017,408 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2010/03/23 20:21:12 | 000,019,456 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2011/03/26 19:54:37 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


google still redirecting

my avira guard was on while i did the fix, was it supposed to be off? the avira guard popped up while doing the fix saying it blocked acess to the files so i clicked to close the message. I guess you can probably tell if that messed up the fix or not.

Edited by Rielus, 12 June 2011 - 09:53 AM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 PM

Posted 12 June 2011 - 11:18 AM

Hi!

my avira guard was on while i did the fix, was it supposed to be off? the avira guard popped up while doing the fix saying it blocked acess to the files so i clicked to close the message. I guess you can probably tell if that messed up the fix or not.

That's fine. You didn't need to disable it.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    [2011/06/10 07:51:01 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ryan\Desktop\esetsmartinstaller_enu.exe
    [2011/06/13 00:37:48 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\rtwfh.job
    [2011/06/10 07:51:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Ryan\Desktop\esetsmartinstaller_enu.exe
    [2011/05/29 18:00:26 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\KBDDIV1D.dll
    [2011/05/29 18:00:27 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\rtwfh.job
    [2011/05/29 18:00:26 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\KBDDIV1D.dll
    [2011/06/13 00:37:48 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\rtwfh.job
    
    :Reg
    
    :Files
    dir /s /a "C:\Users\Ryan\AppData\Roaming\Dagyi" /c
    dir /s /a "C:\ProgramData\DSS" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Still experiencing the redirects?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Rielus

Rielus
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 12 June 2011 - 11:25 AM

Still getting the redirects unfortunately. Heres the log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Ryan\Desktop\esetsmartinstaller_enu.exe moved successfully.
File move failed. C:\Windows\Tasks\rtwfh.job scheduled to be moved on reboot.
File C:\Users\Ryan\Desktop\esetsmartinstaller_enu.exe not found.
File move failed. C:\Windows\SysWOW64\KBDDIV1D.dll scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\rtwfh.job scheduled to be moved on reboot.
File move failed. C:\Windows\SysWOW64\KBDDIV1D.dll scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\rtwfh.job scheduled to be moved on reboot.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\Users\Ryan\AppData\Roaming\Dagyi" /c >
Volume in drive C has no label.
Volume Serial Number is C428-56DC
Directory of C:\Users\Ryan\AppData\Roaming\Dagyi
30/05/2011 12:12 PM <DIR> .
30/05/2011 12:12 PM <DIR> ..
30/05/2011 12:41 PM 4,891 icve.buy
1 File(s) 4,891 bytes
Total Files Listed:
1 File(s) 4,891 bytes
2 Dir(s) 154,085,806,080 bytes free
C:\Users\Ryan\Desktop\cmd.bat deleted successfully.
C:\Users\Ryan\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\ProgramData\DSS" /c >
Volume in drive C has no label.
Volume Serial Number is C428-56DC
Directory of C:\ProgramData\DSS
03/06/2011 01:00 AM <DIR> .
03/06/2011 01:00 AM <DIR> ..
03/06/2011 01:00 AM <DIR> Content Activation
0 File(s) 0 bytes
Directory of C:\ProgramData\DSS\Content Activation
03/06/2011 01:00 AM <DIR> .
03/06/2011 01:00 AM <DIR> ..
03/06/2011 01:00 AM 4,357 readme.txt
03/06/2011 01:32 AM <DIR> {1F22114E046473B222E364141B429662}
1 File(s) 4,357 bytes
Directory of C:\ProgramData\DSS\Content Activation\{1F22114E046473B222E364141B429662}
03/06/2011 01:32 AM <DIR> .
03/06/2011 01:32 AM <DIR> ..
03/06/2011 01:32 AM 3,228 dfa_dirt3_20110603-0132-36.dfl
1 File(s) 3,228 bytes
Total Files Listed:
2 File(s) 7,585 bytes
8 Dir(s) 154,085,801,984 bytes free
C:\Users\Ryan\Desktop\cmd.bat deleted successfully.
C:\Users\Ryan\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ryan\Desktop\cmd.bat deleted successfully.
C:\Users\Ryan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error creating restore point.

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Ryan
->Temp folder emptied: 21809 bytes
->Temporary Internet Files folder emptied: 1618532 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55111979 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1026 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: postgres
->Flash cache emptied: 0 bytes

User: Public

User: Ryan
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06132011_022117

Files\Folders moved on Reboot...
File move failed. C:\Windows\Tasks\rtwfh.job scheduled to be moved on reboot.
File move failed. C:\Windows\SysWOW64\KBDDIV1D.dll scheduled to be moved on reboot.
C:\Users\Ryan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLG26WRG\01[1].htm not found!
File\Folder C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLG26WRG\ADSAdClient31[1].txt not found!

Registry entries deleted on Reboot...

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 PM

Posted 12 June 2011 - 12:05 PM

Run this tool;


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Rielus

Rielus
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 12 June 2011 - 10:06 PM

2011/06/13 13:01:03.0702 5792 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/13 13:01:04.0639 5792 ================================================================================
2011/06/13 13:01:04.0639 5792 SystemInfo:
2011/06/13 13:01:04.0639 5792
2011/06/13 13:01:04.0639 5792 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/13 13:01:04.0639 5792 Product type: Workstation
2011/06/13 13:01:04.0640 5792 ComputerName: RYAN-PC
2011/06/13 13:01:04.0640 5792 UserName: Ryan
2011/06/13 13:01:04.0640 5792 Windows directory: C:\Windows
2011/06/13 13:01:04.0640 5792 System windows directory: C:\Windows
2011/06/13 13:01:04.0640 5792 Running under WOW64
2011/06/13 13:01:04.0640 5792 Processor architecture: Intel x64
2011/06/13 13:01:04.0640 5792 Number of processors: 6
2011/06/13 13:01:04.0640 5792 Page size: 0x1000
2011/06/13 13:01:04.0640 5792 Boot type: Normal boot
2011/06/13 13:01:04.0640 5792 ================================================================================
2011/06/13 13:01:11.0891 5792 Initialize success
2011/06/13 13:01:25.0990 5996 ================================================================================
2011/06/13 13:01:25.0990 5996 Scan started
2011/06/13 13:01:25.0990 5996 Mode: Manual;
2011/06/13 13:01:25.0990 5996 ================================================================================
2011/06/13 13:01:27.0131 5996 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/13 13:01:27.0164 5996 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/13 13:01:27.0182 5996 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/13 13:01:27.0237 5996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/13 13:01:27.0270 5996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/13 13:01:27.0298 5996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/13 13:01:27.0350 5996 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/13 13:01:27.0370 5996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/13 13:01:27.0428 5996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/13 13:01:27.0469 5996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/13 13:01:27.0484 5996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/13 13:01:27.0719 5996 amdkmdag (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/13 13:01:27.0904 5996 amdkmdap (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/13 13:01:27.0943 5996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/13 13:01:27.0965 5996 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/13 13:01:27.0984 5996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/13 13:01:28.0040 5996 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/13 13:01:28.0064 5996 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/13 13:01:28.0102 5996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/13 13:01:28.0120 5996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/13 13:01:28.0156 5996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/13 13:01:28.0179 5996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/13 13:01:28.0244 5996 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/13 13:01:28.0307 5996 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/13 13:01:28.0332 5996 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/13 13:01:28.0370 5996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/13 13:01:28.0435 5996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/13 13:01:28.0513 5996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/13 13:01:28.0602 5996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/13 13:01:28.0618 5996 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/13 13:01:28.0637 5996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/13 13:01:28.0656 5996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/13 13:01:28.0684 5996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/13 13:01:28.0731 5996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/13 13:01:28.0744 5996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/13 13:01:28.0766 5996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/13 13:01:28.0807 5996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/13 13:01:28.0865 5996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/13 13:01:28.0880 5996 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/13 13:01:28.0927 5996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/13 13:01:28.0992 5996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/13 13:01:29.0032 5996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/13 13:01:29.0044 5996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/13 13:01:29.0060 5996 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/13 13:01:29.0072 5996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/13 13:01:29.0110 5996 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/13 13:01:29.0174 5996 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
2011/06/13 13:01:29.0249 5996 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
2011/06/13 13:01:29.0289 5996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/13 13:01:29.0340 5996 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/06/13 13:01:29.0410 5996 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/13 13:01:29.0423 5996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/13 13:01:29.0434 5996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/13 13:01:29.0478 5996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/13 13:01:29.0511 5996 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/13 13:01:29.0799 5996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/13 13:01:30.0202 5996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/13 13:01:30.0234 5996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/13 13:01:30.0359 5996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/13 13:01:30.0393 5996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/13 13:01:30.0451 5996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/13 13:01:30.0508 5996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/13 13:01:30.0548 5996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/13 13:01:30.0589 5996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/13 13:01:30.0616 5996 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/13 13:01:30.0669 5996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/13 13:01:30.0866 5996 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/13 13:01:30.0904 5996 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/13 13:01:30.0920 5996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/13 13:01:30.0962 5996 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/13 13:01:31.0162 5996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/13 13:01:31.0207 5996 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/13 13:01:31.0248 5996 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/13 13:01:31.0284 5996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/13 13:01:31.0305 5996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/13 13:01:31.0318 5996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/13 13:01:31.0371 5996 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/13 13:01:31.0405 5996 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/13 13:01:31.0443 5996 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/13 13:01:31.0469 5996 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/13 13:01:31.0479 5996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/13 13:01:31.0507 5996 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/13 13:01:31.0540 5996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/13 13:01:31.0699 5996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/13 13:01:31.0771 5996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/13 13:01:31.0800 5996 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/13 13:01:31.0834 5996 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/13 13:01:31.0864 5996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/13 13:01:32.0026 5996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/13 13:01:32.0298 5996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/13 13:01:32.0351 5996 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/13 13:01:32.0404 5996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/13 13:01:32.0453 5996 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/13 13:01:32.0486 5996 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/13 13:01:32.0501 5996 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/13 13:01:32.0511 5996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/13 13:01:32.0550 5996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/13 13:01:32.0572 5996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/13 13:01:32.0593 5996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/13 13:01:32.0621 5996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/13 13:01:32.0643 5996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/13 13:01:32.0663 5996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/13 13:01:32.0719 5996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/13 13:01:32.0746 5996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/13 13:01:32.0765 5996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/13 13:01:32.0810 5996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/13 13:01:32.0822 5996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/13 13:01:32.0842 5996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/13 13:01:32.0855 5996 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/13 13:01:32.0879 5996 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/13 13:01:32.0894 5996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/13 13:01:32.0919 5996 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/13 13:01:32.0942 5996 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/13 13:01:32.0964 5996 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/13 13:01:32.0984 5996 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/13 13:01:33.0000 5996 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/13 13:01:33.0026 5996 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/13 13:01:33.0057 5996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/13 13:01:33.0076 5996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/13 13:01:33.0224 5996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/13 13:01:33.0443 5996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/13 13:01:33.0470 5996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/13 13:01:33.0496 5996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/13 13:01:33.0525 5996 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/13 13:01:33.0540 5996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/13 13:01:33.0560 5996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/13 13:01:33.0648 5996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/13 13:01:33.0749 5996 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/13 13:01:33.0778 5996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/13 13:01:33.0820 5996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/13 13:01:33.0901 5996 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/13 13:01:33.0923 5996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/13 13:01:33.0939 5996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/13 13:01:33.0951 5996 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/13 13:01:33.0973 5996 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/13 13:01:33.0987 5996 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/13 13:01:34.0014 5996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/13 13:01:34.0036 5996 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/13 13:01:34.0075 5996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/13 13:01:34.0096 5996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/13 13:01:34.0136 5996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/13 13:01:34.0177 5996 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/13 13:01:34.0223 5996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/13 13:01:34.0382 5996 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/06/13 13:01:34.0475 5996 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/06/13 13:01:34.0519 5996 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/13 13:01:34.0571 5996 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/13 13:01:34.0609 5996 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/13 13:01:34.0634 5996 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/13 13:01:34.0679 5996 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/13 13:01:34.0706 5996 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/13 13:01:34.0724 5996 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/13 13:01:34.0741 5996 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/13 13:01:34.0761 5996 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/13 13:01:34.0786 5996 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/13 13:01:34.0810 5996 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/13 13:01:34.0892 5996 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/13 13:01:34.0935 5996 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/13 13:01:34.0965 5996 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/13 13:01:35.0004 5996 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/13 13:01:35.0046 5996 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/13 13:01:35.0079 5996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/13 13:01:35.0101 5996 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/13 13:01:35.0113 5996 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/13 13:01:35.0133 5996 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/13 13:01:35.0153 5996 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/13 13:01:35.0167 5996 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/13 13:01:35.0190 5996 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/13 13:01:35.0393 5996 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/13 13:01:35.0435 5996 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/13 13:01:35.0475 5996 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/06/13 13:01:35.0490 5996 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/13 13:01:35.0505 5996 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/13 13:01:35.0536 5996 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/13 13:01:35.0569 5996 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/13 13:01:35.0604 5996 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/13 13:01:35.0676 5996 RT2500 (6fea06f138c4cd0b09ba3995548604ca) C:\Windows\system32\DRIVERS\RT2500.sys
2011/06/13 13:01:35.0750 5996 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys
2011/06/13 13:01:35.0813 5996 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/13 13:01:35.0853 5996 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/13 13:01:35.0882 5996 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/13 13:01:35.0908 5996 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/13 13:01:35.0946 5996 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/13 13:01:35.0976 5996 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/13 13:01:35.0993 5996 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/13 13:01:36.0007 5996 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/13 13:01:36.0031 5996 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/13 13:01:36.0050 5996 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/13 13:01:36.0062 5996 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/13 13:01:36.0086 5996 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/13 13:01:36.0114 5996 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/13 13:01:36.0134 5996 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/13 13:01:36.0168 5996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/13 13:01:36.0187 5996 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/13 13:01:36.0278 5996 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/06/13 13:01:36.0352 5996 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/06/13 13:01:36.0378 5996 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/13 13:01:36.0401 5996 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/13 13:01:36.0619 5996 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/13 13:01:36.0671 5996 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/13 13:01:36.0692 5996 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/13 13:01:36.0706 5996 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/13 13:01:36.0776 5996 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/06/13 13:01:36.0827 5996 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/13 13:01:36.0859 5996 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/13 13:01:36.0950 5996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/13 13:01:36.0980 5996 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/13 13:01:37.0007 5996 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/13 13:01:37.0033 5996 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/13 13:01:37.0069 5996 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/13 13:01:37.0105 5996 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/13 13:01:37.0134 5996 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/13 13:01:37.0157 5996 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/13 13:01:37.0182 5996 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/13 13:01:37.0214 5996 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/13 13:01:37.0241 5996 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/13 13:01:37.0305 5996 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/13 13:01:37.0350 5996 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/13 13:01:37.0372 5996 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/13 13:01:37.0423 5996 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/13 13:01:37.0466 5996 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/13 13:01:37.0499 5996 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/13 13:01:37.0513 5996 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/13 13:01:37.0537 5996 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/13 13:01:37.0551 5996 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/13 13:01:37.0580 5996 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/13 13:01:37.0592 5996 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/13 13:01:37.0609 5996 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/13 13:01:37.0640 5996 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/13 13:01:37.0903 5996 VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys
2011/06/13 13:01:38.0006 5996 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/13 13:01:38.0064 5996 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/13 13:01:38.0080 5996 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/13 13:01:38.0093 5996 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/13 13:01:38.0121 5996 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/13 13:01:38.0147 5996 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/13 13:01:38.0165 5996 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/13 13:01:38.0182 5996 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/13 13:01:38.0196 5996 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/13 13:01:38.0228 5996 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/13 13:01:38.0245 5996 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/13 13:01:38.0278 5996 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/13 13:01:38.0289 5996 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/13 13:01:38.0315 5996 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/13 13:01:38.0341 5996 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/13 13:01:38.0386 5996 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/13 13:01:38.0407 5996 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/13 13:01:38.0486 5996 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/13 13:01:38.0540 5996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/13 13:01:38.0570 5996 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/13 13:01:38.0592 5996 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/13 13:01:38.0622 5996 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/13 13:01:38.0682 5996 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
2011/06/13 13:01:38.0767 5996 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/06/13 13:01:38.0783 5996 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/13 13:01:38.0815 5996 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/06/13 13:01:38.0821 5996 ================================================================================
2011/06/13 13:01:38.0821 5996 Scan finished
2011/06/13 13:01:38.0821 5996 ================================================================================
2011/06/13 13:01:38.0832 6016 Detected object count: 1
2011/06/13 13:01:38.0832 6016 Actual detected object count: 1
2011/06/13 13:01:48.0503 6016 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/13 13:01:48.0503 6016 \Device\Harddisk0\DR0 - ok
2011/06/13 13:01:48.0504 6016 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/13 13:02:15.0892 5104 Deinitialize success

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 PM

Posted 13 June 2011 - 11:14 AM

Hi!

Looks like TDSSKiller found the main culprit.

The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/06/13 13:01:38.0832 6016 Detected object count: 1
2011/06/13 13:01:38.0832 6016 Actual detected object count: 1
2011/06/13 13:01:48.0503 6016 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/13 13:01:48.0503 6016 \Device\Harddisk0\DR0 - ok
2011/06/13 13:01:48.0504 6016 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/13 13:02:15.0892 5104 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Rielus

Rielus
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 15 June 2011 - 06:22 AM

Google still redirecting

OTL logfile created on: 15/06/2011 9:11:45 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ryan\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.64% Memory free
7.99 Gb Paging File | 5.11 Gb Available in Paging File | 63.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 143.48 Gb Free Space | 15.40% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 115.29 Gb Free Space | 24.75% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
PRC - [2011/06/02 00:27:23 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Ryan\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/21 19:20:23 | 002,498,560 | ---- | M] () -- C:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.25\deploy\LoLLauncher.exe
PRC - [2011/05/21 19:19:56 | 001,302,528 | ---- | M] () -- C:\Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/05/02 05:10:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/17 17:57:07 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/18 06:29:49 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/09/08 16:56:04 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.48\deploy\LolClient.exe
PRC - [2009/09/08 17:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 17:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009/08/09 15:08:02 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\NetMeter\NetMeter.exe
PRC - [2009/03/30 16:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009/03/19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe


========== Modules (SafeList) ==========

MOD - [2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/29 11:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/05/25 08:39:04 | 000,034,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV:64bit: - [2007/05/25 08:38:54 | 000,567,216 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdccoms.exe -- (lxdc_device)
SRV - [2011/04/18 17:10:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/17 17:57:07 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/24 07:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/16 06:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/09/08 17:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/25 08:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdccoms.exe -- (lxdc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:59 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:59 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/29 12:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/29 11:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/05/31 13:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/11 11:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/04/27 11:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 11:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/23 01:54:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/02 21:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/08/28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:40:11 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 16:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2005/10/20 14:01:12 | 000,222,720 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT2500.sys -- (RT2500)
DRV - [2011/06/10 07:19:20 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 3C 80 27 C9 C6 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.blackle.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {AA6F0803-145A-4200-8E5E-68898D02B5B3}:1.1.5
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/10 20:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/02 04:02:19 | 000,000,000 | ---D | M]

[2010/03/19 04:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/06/15 17:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions
[2011/06/13 13:05:25 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2010/03/23 20:21:16 | 000,000,000 | ---D | M] (Right-Click-Link) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}
[2011/06/13 13:05:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/29 11:46:36 | 000,000,000 | ---D | M] ("Flash Video Downloader (Youtube Downloader)") -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\extensions\artur.dubovoy@gmail.com
[2010/12/04 20:01:07 | 000,012,703 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\imdb.xml
[2011/01/18 21:09:19 | 000,001,959 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\lastfm.xml
[2010/03/20 06:32:53 | 000,001,011 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\torrentz-search.xml
[2010/11/29 00:58:41 | 000,001,548 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\wowhead.xml
[2010/12/01 15:22:07 | 000,002,445 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\wowpedia-en.xml
[2010/03/20 01:35:19 | 000,002,057 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\ap0e7g4y.default\searchplugins\youtube-video-search.xml
[2011/06/13 00:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/04 02:38:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/26 00:02:56 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/26 00:02:56 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/26 00:02:57 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/26 00:02:57 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/13 02:21:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://au.zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 17:07:26 | 000,000,000 | ---D | C] -- C:\SC2Replay Archive
[2011/06/13 13:01:01 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ryan\Desktop\TDSSKiller.exe
[2011/06/13 00:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/12 20:58:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2011/06/12 20:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2011/06/12 20:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2011/06/11 22:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/06/10 20:26:31 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Foxit Software
[2011/06/10 07:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/10 07:35:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/10 07:10:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/06/06 23:22:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\SC2 reps oc thor
[2011/06/03 01:00:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/06/03 00:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Witcher 2
[2011/06/03 00:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\The Witcher 2
[2011/06/03 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2011/06/03 00:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/06/03 00:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011/06/03 00:12:12 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2011/06/03 00:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2011/06/02 07:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011/06/02 07:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2011/06/02 03:45:14 | 000,607,294 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2011/05/30 01:40:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Avira
[2011/05/29 21:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/29 21:07:20 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/05/29 21:07:20 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/05/29 21:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/29 21:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/29 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2011/05/29 18:16:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 18:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/29 18:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/29 18:16:17 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/29 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/29 18:06:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2011/05/29 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Starcraft 2 stuff
[2011/05/29 10:52:32 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Games
[2011/05/28 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\go
[2011/05/28 19:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/26 18:36:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Sidhe
[2011/05/24 01:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeter
[2010/03/19 07:40:42 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcserv.dll
[2010/03/19 07:40:42 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcusb1.dll
[2010/03/19 07:40:42 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdchbn3.dll
[2010/03/19 07:40:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccomc.dll
[2010/03/19 07:40:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcpmui.dll
[2010/03/19 07:40:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdclmpm.dll
[2010/03/19 07:40:42 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccoms.exe
[2010/03/19 07:40:42 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdccomm.dll
[2010/03/19 07:40:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcinpa.dll
[2010/03/19 07:40:42 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdciesc.dll
[2010/03/19 07:40:42 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcih.exe
[2010/03/19 07:40:42 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcppls.exe
[2010/03/19 07:40:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcprox.dll
[2010/03/19 07:40:42 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdcpplc.dll

========== Files - Modified Within 30 Days ==========

[2011/06/15 20:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2850416976-854691333-250921961-1000UA.job
[2011/06/15 00:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2850416976-854691333-250921961-1000Core.job
[2011/06/14 17:37:16 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/14 17:37:16 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/14 17:28:35 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\rtwfh.job
[2011/06/14 17:28:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/14 17:28:21 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 13:00:46 | 001,305,136 | ---- | M] () -- C:\Users\Ryan\Desktop\tdsskiller.zip
[2011/06/13 02:21:19 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/06/12 20:58:01 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/06/12 14:09:27 | 000,879,099 | ---- | M] () -- C:\Users\Ryan\Desktop\SecurityCheck.exe
[2011/06/10 07:19:20 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/10 07:13:06 | 000,000,216 | ---- | M] () -- C:\Users\Ryan\defogger_reenable
[2011/06/10 07:10:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2011/06/10 07:08:59 | 000,139,264 | ---- | M] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.EXE
[2011/06/10 07:05:50 | 000,130,604 | ---- | M] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.zip
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ryan\Desktop\TDSSKiller.exe
[2011/06/05 23:51:26 | 1353,766,894 | ---- | M] () -- C:\Users\Ryan\Desktop\red stream.flv.htm
[2011/06/03 01:05:58 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2011/06/03 00:59:45 | 000,005,493 | ---- | M] () -- C:\Users\Ryan\Documents\ax_files.xml
[2011/06/03 00:38:05 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2011/06/02 03:45:15 | 000,607,294 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2011/05/30 12:10:48 | 435,041,510 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/29 21:26:08 | 000,050,477 | ---- | M] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2011/05/29 21:07:39 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/29 21:06:18 | 052,676,424 | ---- | M] () -- C:\Users\Ryan\Desktop\avira_antivir_personal_en.exe
[2011/05/29 18:16:21 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 18:14:23 | 001,007,108 | ---- | M] () -- C:\Users\Ryan\Desktop\rkill.com
[2011/05/29 18:06:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2011/05/29 18:00:26 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\KBDDIV1D.dll
[2011/05/29 11:44:24 | 000,003,526 | ---- | M] () -- C:\Users\Ryan\Desktop\Super Meat Boy - Shortcut.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/28 08:11:22 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/28 08:11:22 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/28 08:11:22 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/24 01:04:24 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\NetMeter.lnk

========== Files Created - No Company Name ==========

[2011/06/13 03:19:11 | 001,305,136 | ---- | C] () -- C:\Users\Ryan\Desktop\tdsskiller.zip
[2011/06/12 20:58:01 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/06/12 14:09:26 | 000,879,099 | ---- | C] () -- C:\Users\Ryan\Desktop\SecurityCheck.exe
[2011/06/10 07:13:05 | 000,000,216 | ---- | C] () -- C:\Users\Ryan\defogger_reenable
[2011/06/10 07:05:48 | 000,130,604 | ---- | C] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.zip
[2011/06/10 07:05:18 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2011/06/10 07:04:49 | 000,139,264 | ---- | C] () -- C:\Users\Ryan\Desktop\RKUnhookerLE.EXE
[2011/06/05 22:52:40 | 1353,766,894 | ---- | C] () -- C:\Users\Ryan\Desktop\red stream.flv.htm
[2011/06/03 00:38:05 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2011/06/03 00:17:41 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/06/03 00:11:43 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2011/05/29 21:26:07 | 000,050,477 | ---- | C] () -- C:\Users\Ryan\Desktop\Defogger.exe
[2011/05/29 21:07:39 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/29 21:04:29 | 052,676,424 | ---- | C] () -- C:\Users\Ryan\Desktop\avira_antivir_personal_en.exe
[2011/05/29 18:16:21 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/29 18:14:22 | 001,007,108 | ---- | C] () -- C:\Users\Ryan\Desktop\rkill.com
[2011/05/29 18:00:27 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\rtwfh.job
[2011/05/29 18:00:26 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\KBDDIV1D.dll
[2011/05/29 11:44:24 | 000,003,526 | ---- | C] () -- C:\Users\Ryan\Desktop\Super Meat Boy - Shortcut.lnk
[2011/05/24 01:04:24 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/11/18 07:02:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/18 05:48:06 | 000,029,196 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/18 04:44:14 | 000,000,890 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2010/08/01 03:14:29 | 000,007,605 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2010/06/16 08:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/18 11:44:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/11 09:26:08 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010/05/10 05:30:49 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2010/04/06 13:31:54 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/03/20 19:30:25 | 000,149,792 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/03/20 04:37:47 | 001,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\V2WCDRV.sys
[2010/03/19 12:22:45 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/03/19 12:22:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/19 12:22:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/19 11:11:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/19 07:40:42 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdccomx.dll
[2010/03/19 07:40:42 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDCinst.dll
[2010/03/19 04:46:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 22:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/30 16:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe

========== LOP Check ==========

[2010/09/19 15:17:48 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\.minecraft
[2010/03/23 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Braid
[2011/05/30 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Dagyi
[2011/06/10 20:26:31 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Foxit Software
[2011/06/15 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\go
[2010/05/17 00:51:53 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient
[2010/03/19 12:02:27 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/03/21 10:14:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\NetMeter
[2011/06/12 20:58:12 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ooVoo Details
[2011/03/19 20:55:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PunkBuster
[2011/01/19 16:57:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\runic games
[2010/03/23 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TS3Client
[2010/04/28 04:00:36 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Ubisoft
[2011/05/30 12:30:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Upfec
[2011/06/09 00:04:49 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2010/03/20 04:37:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Video2Webcam
[2011/06/14 17:28:35 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\rtwfh.job
[2011/03/15 16:23:58 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/02 05:10:28 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/02 05:10:28 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/02 05:10:28 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/05/02 05:10:28 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/14 09:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/14 09:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/14 09:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/14 09:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 11:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2009/07/14 11:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/03/26 19:55:26 | 000,001,757 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\.ChromotingConfig.json
[2011/06/05 15:09:49 | 000,000,004 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/06/05 15:09:49 | 000,018,768 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Local State
[2011/06/05 15:06:20 | 006,325,516 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/06/05 15:06:21 | 002,042,215 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/03/26 19:55:25 | 000,000,055 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Service State
[2011/06/01 22:44:06 | 000,299,008 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/03/26 19:54:39 | 000,020,850 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/03/26 19:54:39 | 000,020,850 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/06/05 15:09:49 | 000,064,512 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/06/05 15:09:49 | 000,056,205 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/06/05 15:09:49 | 000,020,130 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2011/06/05 15:05:28 | 000,049,152 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/06/05 15:09:49 | 000,868,352 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\History
[2011/06/01 22:44:07 | 000,098,304 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-03
[2011/05/29 21:02:30 | 000,065,536 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05
[2011/06/05 15:09:49 | 000,098,304 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-06
[2011/06/02 03:51:37 | 000,000,351 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/06/02 03:51:35 | 000,000,008 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/03/26 20:00:03 | 000,012,288 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/06/05 15:09:49 | 000,025,800 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/03/26 19:54:39 | 000,020,480 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/06/05 15:09:49 | 000,131,072 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/06/05 15:04:04 | 000,077,824 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/05/29 21:06:54 | 000,020,386 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\icon-128.png
[2011/05/29 21:06:54 | 000,000,740 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\manifest.json
[2011/03/26 19:56:34 | 000,005,677 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\adblock.js
[2011/03/26 19:56:34 | 000,005,748 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\adblock_start.js
[2011/03/26 19:56:34 | 000,025,912 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\background.html
[2011/03/26 19:56:34 | 000,004,351 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklister.js
[2011/03/26 19:56:34 | 000,000,838 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\broadcast_channel.js
[2011/03/26 19:56:34 | 000,001,769 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\functions.js
[2011/03/26 19:56:34 | 000,010,019 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\Icon.png
[2011/03/26 19:56:34 | 000,002,288 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\Info.plist
[2011/03/26 19:56:34 | 000,001,568 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\manifest.json
[2011/03/26 19:56:34 | 000,012,524 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\port.js
[2011/03/26 19:56:34 | 000,002,435 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\whitelister.js
[2011/03/26 19:56:34 | 000,042,640 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ar\messages.json
[2011/03/26 19:56:34 | 000,044,697 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\cs\messages.json
[2011/03/26 19:56:34 | 000,042,438 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\de\messages.json
[2011/03/26 19:56:34 | 000,054,395 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\el\messages.json
[2011/03/26 19:56:34 | 000,040,953 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\en\messages.json
[2011/03/26 19:56:34 | 000,024,867 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\es\messages.json
[2011/03/26 19:56:34 | 000,042,760 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\fi\messages.json
[2011/03/26 19:56:34 | 000,024,094 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\fr\messages.json
[2011/03/26 19:56:34 | 000,025,040 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\hu\messages.json
[2011/03/26 19:56:34 | 000,026,318 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\id\messages.json
[2011/03/26 19:56:34 | 000,023,381 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\it\messages.json
[2011/03/26 19:56:34 | 000,031,087 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ja\messages.json
[2011/03/26 19:56:34 | 000,050,181 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ko\messages.json
[2011/03/26 19:56:34 | 000,024,521 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\mk\messages.json
[2011/03/26 19:56:34 | 000,024,381 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\nb\messages.json
[2011/03/26 19:56:34 | 000,038,672 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\nl\messages.json
[2011/03/26 19:56:34 | 000,025,965 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\pl\messages.json
[2011/03/26 19:56:34 | 000,024,298 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\pt_BR\messages.json
[2011/03/26 19:56:34 | 000,041,470 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ro\messages.json
[2011/03/26 19:56:34 | 000,075,674 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\ru\messages.json
[2011/03/26 19:56:34 | 000,029,839 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\sl\messages.json
[2011/03/26 19:56:34 | 000,026,485 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\tr\messages.json
[2011/03/26 19:56:34 | 000,030,353 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\zh_CN\messages.json
[2011/03/26 19:56:34 | 000,030,060 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\_locales\zh_TW\messages.json
[2011/03/26 19:56:34 | 000,001,811 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\app\app.js
[2011/03/26 19:56:34 | 000,001,248 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\app\both_installed.html
[2011/03/26 19:56:34 | 000,012,671 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklisting\blacklistui.js
[2011/03/26 19:56:34 | 000,006,657 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklisting\clickwatcher.js
[2011/03/26 19:56:34 | 000,001,290 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklisting\elementchain.js
[2011/03/26 19:56:34 | 000,001,075 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\blacklisting\overlay.js
[2011/03/26 19:56:34 | 000,002,254 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\button\popup.css
[2011/03/26 19:56:34 | 000,012,527 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\button\popup.html
[2011/03/26 19:56:34 | 000,000,922 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\fifocache.js
[2011/03/26 19:56:34 | 000,010,406 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\filternormalizer.js
[2011/03/26 19:56:34 | 000,000,725 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\filteroptions.js
[2011/03/26 19:56:34 | 000,005,611 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\filterset.js
[2011/03/26 19:56:34 | 000,011,185 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\filtertypes.js
[2011/03/26 19:56:34 | 000,019,497 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\filtering\myfilters.js
[2011/03/26 19:56:34 | 000,000,848 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\delete.gif
[2011/03/26 19:56:34 | 000,009,863 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon128.png
[2011/03/26 19:56:34 | 000,003,100 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon16-grayscale.png
[2011/03/26 19:56:34 | 000,000,753 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon16.png
[2011/03/26 19:56:34 | 000,000,869 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon19-grayscale.png
[2011/03/26 19:56:34 | 000,001,829 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon19-whitelisted.png
[2011/03/26 19:56:34 | 000,000,687 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon19.png
[2011/03/26 19:56:34 | 000,002,299 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon24.png
[2011/03/26 19:56:34 | 000,001,904 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon32.png
[2011/03/26 19:56:34 | 000,003,307 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon48.png
[2011/03/26 19:56:34 | 000,003,337 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\icon_screenshot.png
[2011/03/26 19:56:34 | 000,000,064 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\sort.gif
[2011/03/26 19:56:34 | 000,000,054 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\sortasc.gif
[2011/03/26 19:56:34 | 000,000,054 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\img\sortdesc.gif
[2011/03/26 19:56:34 | 000,066,023 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\jquery-ui.custom.min.js
[2011/03/26 19:56:34 | 000,004,246 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\jquery.cookie.js
[2011/03/26 19:56:34 | 000,085,260 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\jquery.min.js
[2011/03/26 19:56:34 | 000,012,795 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\jquery.tablesorter.min.js
[2011/03/26 19:56:34 | 000,001,365 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\override-page.css
[2011/03/26 19:56:34 | 000,030,831 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\jquery-ui-1.8.custom.css
[2011/03/26 19:56:34 | 000,000,180 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_flat_55_999999_40x100.png
[2011/03/26 19:56:34 | 000,000,180 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_flat_75_aaaaaa_40x100.png
[2011/03/26 19:56:34 | 000,000,136 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_glass_45_0078ae_1x400.png
[2011/03/26 19:56:34 | 000,000,131 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_glass_55_f8da4e_1x400.png
[2011/03/26 19:56:34 | 000,000,132 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_glass_75_79c9ec_1x400.png
[2011/03/26 19:56:34 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_gloss-wave_50_38cfff_500x100.png
[2011/03/26 19:56:34 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_gloss-wave_75_2191c0_500x100.png
[2011/03/26 19:56:34 | 000,000,088 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
[2011/03/26 19:56:34 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-icons_0078ae_256x240.png
[2011/03/26 19:56:34 | 000,005,355 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-icons_056b93_256x240.png
[2011/03/26 19:56:34 | 000,004,369 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\jquery\css\custom-theme\images\ui-icons_d8e7f3_256x240.png
[2011/03/26 19:56:34 | 000,010,835 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\customize.html
[2011/03/26 19:56:34 | 000,012,752 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\filters.html
[2011/03/26 19:56:34 | 000,002,198 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\general.html
[2011/03/26 19:56:34 | 000,003,780 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\index.html
[2011/03/26 19:56:34 | 000,001,487 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\options\options.css
[2011/03/26 19:56:34 | 000,014,853 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\pages\adreport.html
[2011/03/26 19:56:34 | 000,004,867 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\pages\installed.html
[2011/03/26 19:56:34 | 000,023,875 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\pages\resourceblock.html
[2011/03/26 19:56:34 | 000,003,257 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.3.22_0\pages\subscribe.html
[2011/05/29 21:06:54 | 000,014,514 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\icon_poppit.png
[2011/05/29 21:06:54 | 000,000,767 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\manifest.json
[4 C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[1 C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2011/06/05 15:04:10 | 000,776,192 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
[2011/06/05 15:05:33 | 000,003,072 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage
[2011/06/05 15:05:21 | 000,003,072 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pro.majorleaguegaming.com_0.localstorage
[2011/06/05 15:05:25 | 000,003,072 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.coveritlive.com_0.localstorage
[2011/06/05 15:05:29 | 000,260,096 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage
[2010/03/23 20:21:12 | 000,017,408 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2010/03/23 20:21:12 | 000,019,456 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2011/03/26 19:54:37 | 000,000,000 | ---- | M] () -- C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 PM

Posted 15 June 2011 - 03:25 PM

Hi!

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    [2011/06/14 17:28:35 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\rtwfh.job
    [2011/05/29 18:00:26 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\KBDDIV1D.dll
    [2011/05/29 18:00:27 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\rtwfh.job
    [2011/05/29 18:00:26 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\KBDDIV1D.dll
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Redirects still occurring?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users