Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win64/Sirefef.AB and Trojan:Win64/Sirefef.W


  • This topic is locked This topic is locked
17 replies to this topic

#1 Paradoxymoron

Paradoxymoron

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 07 August 2012 - 02:03 PM

Hiya,

I have been having some difficulty with the viruses named above. I do not know how I managed to get them, as I stay away from what I would consider harmful sites, and only really use Facebook/Google/Youtube/My Uni's Own Website

I keep running scans on Microsoft Security Essentials, which keep identifying these viruses (Sometimes as often as every 2/3 minutes). I keep trying to remove them, but they don't seem to go.

I'm running Windows 7

I found a similar topic on this forum, where someone suggested downloading Farbar Recovery Scan Tool, and running it in System Recovery, and then posting the FRST.txt file that was saved. I have done this, and this is the content of the file

---------

Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 07-08-2012 19:10:24
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2010-10-29] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-10-31] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-10-29] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Martin\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Martin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Martin\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Martin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-16] (Google Inc.)
HKU\Martin\...\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi [x]
HKU\Martin\...\Run: [Facebook Update] "C:\Users\Martin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Martin\...\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-22] (Google Inc.)
HKU\Martin\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Martin\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Martin\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Martin\...\Run: [mdhcf] rundll32.exe "C:\Users\Martin\AppData\Roaming\mdhcf.dll",SetColumns [156160 2012-08-06] (Crytek)
HKU\Martin\...\Run: [Lyazma] C:\Users\Martin\AppData\Roaming\Cuni\qede.exe [273408 2010-09-28] ()
HKU\Martin\...\Run: [bisan] rundll32.exe "C:\Users\Martin\AppData\Roaming\bisan.dll",Unlock [116224 2012-08-07] (Crytek inc.)
HKU\Martin\...\Run: [dllhdctr] rundll32 "C:\Users\Martin\AppData\Local\Temp\drivkill.dll",CreateProcessNotify [57344 2012-08-07] (AhnLab, Inc.)
HKU\Martin\...\Run: [Loca] rundll32 "C:\Users\Martin\AppData\Local\Temp\drivkill64.dll",CreateProcessNotify [63488 2012-08-07] (FRISK Software International)
HKU\Martin\...\Run: [Azuvpyih] C:\Users\Martin\AppData\Roaming\Riahes\olamz.exe [184832 2011-01-21] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Startup: C:\Users\Martin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Martin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2010-10-29] (Andrea Electronics Corporation)
2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-10-29] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120403.002\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
2 mdvrmng; C:\Windows\SysWow64\Drivers\mdvrmng.sys [10240 2010-01-28] ()
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2012-02-03] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
4 eabfiltr; [x]
1 MpKsl029328d7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D924DF6-67DA-4E28-BE82-B74123D9F40F}\MpKsl029328d7.sys [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120402.002\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120402.002\EX64.SYS [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-07 09:59 - 2012-08-07 10:02 - 00000112 ____A C:\Windows\setupact.log
2012-08-07 09:59 - 2012-08-07 09:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 09:27 - 2012-08-07 09:27 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-07 09:27 - 2012-08-07 09:27 - 00000000 ____D C:\Program Files\CCleaner
2012-08-07 08:01 - 2012-08-07 08:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{50F46683-AD69-4920-983F-25DCBA3C59E1}
2012-08-07 05:57 - 2012-08-07 06:18 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Amdi
2012-08-07 05:57 - 2012-08-07 05:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Riahes
2012-08-07 05:57 - 2012-08-07 05:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Quytef
2012-08-07 05:51 - 2012-08-07 05:51 - 00116224 __ASH (Crytek inc.) C:\Users\Martin\AppData\Roaming\bisan.dll
2012-08-07 03:11 - 2012-08-07 08:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{C7D6FCA0-D542-428C-9A8C-B23E38961609}
2012-08-06 10:40 - 2012-08-06 10:40 - 00451072 ____A (BitTorrent, Inc.) C:\Users\Martin\AppData\Roaming\rcsedc.dll
2012-08-06 10:40 - 2012-08-06 10:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{208D7785-DFF6-11E1-8270-B8AC6F996F26}
2012-08-06 10:39 - 2012-08-07 09:56 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2012-08-06 10:39 - 2012-08-06 10:38 - 00156160 __ASH (Crytek) C:\Users\Martin\AppData\Roaming\mdhcf.dll
2012-08-06 10:38 - 2012-08-06 11:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Ysepa
2012-08-06 10:38 - 2012-08-06 10:38 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Qyugo
2012-08-06 10:38 - 2012-08-06 10:38 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Cuni
2012-08-06 02:31 - 2012-08-06 02:32 - 00000000 ____D C:\Users\Martin\AppData\Local\{A3863049-A808-43D9-B802-4074493B563F}
2012-08-06 02:31 - 2012-08-06 02:31 - 00000000 ____D C:\Users\Martin\AppData\Local\{D2462B56-41F2-4497-B08C-0156532529FA}
2012-08-05 07:59 - 2012-08-05 07:59 - 00000000 ____D C:\Users\Martin\AppData\Local\{9D602043-9F2F-41EB-95FD-81D7EC1AE16B}
2012-08-05 07:59 - 2012-08-05 07:59 - 00000000 ____D C:\Users\Martin\AppData\Local\{83A1ECEA-2485-47BB-AC7A-1856901337AE}
2012-08-04 04:15 - 2012-08-04 04:15 - 00000000 ____D C:\Users\Martin\AppData\Local\{F46513CD-C421-466E-9E4C-2CC1B31B63DD}
2012-08-04 04:14 - 2012-08-04 04:15 - 00000000 ____D C:\Users\Martin\AppData\Local\{D6307133-84D3-41E9-B693-47D389C70BA2}
2012-08-03 03:39 - 2012-08-03 03:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{E0701E12-71F1-4DF9-8BC4-8A11A08F64D4}
2012-08-03 03:39 - 2012-08-03 03:39 - 00000000 ____D C:\Users\Martin\AppData\Local\{41464AE8-042E-48C0-ACCE-0EB816C3F4F5}
2012-08-02 15:21 - 2012-08-02 15:21 - 00000000 ____D C:\Users\Martin\AppData\Local\{FD4B3133-C4A7-4FBA-A29F-28E167B8901A}
2012-08-02 15:21 - 2012-08-02 15:21 - 00000000 ____D C:\Users\Martin\AppData\Local\{6852289A-031B-4BEF-A823-1A83BC7D606E}
2012-08-02 03:20 - 2012-08-02 03:20 - 00000000 ____D C:\Users\Martin\AppData\Local\{F56D193D-9BC2-48FA-AE61-EDE415528E6C}
2012-08-02 03:20 - 2012-08-02 03:20 - 00000000 ____D C:\Users\Martin\AppData\Local\{68DB97F0-0C9D-4790-8ABF-DAA7C285FEFF}
2012-08-01 05:39 - 2012-08-01 05:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{8BCA594E-A36D-479C-83A4-E73064CA2C73}
2012-08-01 05:39 - 2012-08-01 05:39 - 00000000 ____D C:\Users\Martin\AppData\Local\{8954B5D1-49E7-4772-831B-9F3DEBA38C5C}
2012-07-31 03:40 - 2012-07-31 03:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{4189B1BF-7BD4-44F6-9652-B540B6AFB4C0}
2012-07-31 03:39 - 2012-07-31 03:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{ABB3601E-084F-48A8-BF0C-62E64C1BBEBA}
2012-07-30 04:00 - 2012-07-30 04:00 - 00000000 ____D C:\Users\Martin\AppData\Local\{0886B48A-29D6-4976-9A1F-C1DF96E7828B}
2012-07-30 03:59 - 2012-07-30 03:59 - 00000000 ____D C:\Users\Martin\AppData\Local\{52120FCC-15DE-47A3-9A2C-D5AA32B30A56}
2012-07-29 08:49 - 2012-07-29 08:50 - 00000000 ____D C:\Users\Martin\AppData\Local\{812A1D46-80BA-4756-A53A-91AB525B1449}
2012-07-29 08:49 - 2012-07-29 08:49 - 00000000 ____D C:\Users\Martin\AppData\Local\{B36D1CB3-C15F-460E-BAFF-095D4FEFC4EF}
2012-07-27 11:02 - 2012-07-27 11:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{77F03977-7C2E-47C0-BDE2-65BE3A3344CB}
2012-07-27 03:54 - 2012-07-27 03:54 - 00000000 ____D C:\Users\Martin\AppData\Local\{672E8C39-14BF-403F-B15B-F5EE8061DB69}
2012-07-26 13:56 - 2012-07-26 13:57 - 00000000 ____D C:\Users\Martin\AppData\Local\{F98CA884-AE5E-4C01-89F7-DD8378005F20}
2012-07-26 13:56 - 2012-07-26 13:56 - 00000000 ____D C:\Users\Martin\AppData\Local\{E16806B7-514F-458D-8780-333794F831A5}
2012-07-26 01:55 - 2012-07-26 01:56 - 00000000 ____D C:\Users\Martin\AppData\Local\{823316BD-F80F-4225-9A26-E732E7EAAFCB}
2012-07-26 01:55 - 2012-07-26 01:55 - 00000000 ____D C:\Users\Martin\AppData\Local\{FC6D0189-57F8-4257-9329-04EE73ED4EAD}
2012-07-25 04:01 - 2012-07-25 04:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{6B9AE50B-8F52-46FA-B067-C60DCAD75192}
2012-07-25 04:00 - 2012-07-25 04:00 - 00000000 ____D C:\Users\Martin\AppData\Local\{0DA9D791-79C3-491F-96BF-22D8536E5C4F}
2012-07-24 05:23 - 2012-07-24 05:24 - 00000000 ____D C:\Users\Martin\AppData\Local\{DE0AFD37-BFFB-4C0B-8B6B-92348B99B419}
2012-07-24 05:23 - 2012-07-24 05:23 - 00000000 ____D C:\Users\Martin\AppData\Local\{D261B02C-BF68-4327-8B9A-E66D8047B4FF}
2012-07-23 11:20 - 2012-07-23 11:20 - 00000000 ____D C:\Users\Martin\AppData\Local\{E4C8881E-52CC-4A83-B34C-8B871388C60B}
2012-07-23 11:20 - 2012-07-23 11:20 - 00000000 ____D C:\Users\Martin\AppData\Local\{64D587CC-E375-433B-96B5-3792A8715D7B}
2012-07-22 11:12 - 2012-07-22 11:12 - 00000000 ____D C:\Users\Martin\AppData\Local\{C9915C79-0614-4375-B107-91CF6E63E6F6}
2012-07-22 11:12 - 2012-07-22 11:12 - 00000000 ____D C:\Users\Martin\AppData\Local\{C69FD1CA-A871-4D49-83D1-DB84EA09EB8D}
2012-07-21 07:15 - 2012-07-21 07:16 - 00000000 ____D C:\Users\Martin\AppData\Local\{5B88FEB7-76ED-4EAE-87F2-122334EB15B4}
2012-07-21 07:15 - 2012-07-21 07:15 - 00000000 ____D C:\Users\Martin\AppData\Local\{7841954A-F181-4ACD-91F3-BE11B82A9B4B}
2012-07-19 07:36 - 2012-07-19 07:36 - 00000000 ____D C:\Users\Martin\AppData\Local\{CCD6397A-764C-41A2-B99A-96CB2F5FF7E4}
2012-07-19 07:35 - 2012-07-19 07:36 - 00000000 ____D C:\Users\Martin\AppData\Local\{81AD2D56-CD77-4AFF-8FA9-520F5F0E9432}
2012-07-18 08:09 - 2012-07-18 08:09 - 00000000 ____D C:\Users\Martin\AppData\Local\{EA8DFC6F-8A1F-4F85-A13A-DACC2C3BAB47}
2012-07-18 08:09 - 2012-07-18 08:09 - 00000000 ____D C:\Users\Martin\AppData\Local\{AB9B230B-E09B-4B8C-AA67-26FF37FED1F1}
2012-07-17 12:01 - 2012-07-17 12:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{9B0944A7-5069-4A1E-B511-0892EBADE479}
2012-07-17 12:00 - 2012-07-17 12:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{BA72955A-E7CA-4803-8D72-7BE36FE70966}
2012-07-16 09:51 - 2012-07-16 09:51 - 00000000 ____D C:\Users\Martin\AppData\Local\{5D36F93E-0365-4DDE-A6AD-3598CCD1DCC7}
2012-07-16 09:50 - 2012-07-16 09:50 - 00000000 ____D C:\Users\Martin\AppData\Local\{FA77AD5B-3FCE-4B25-809F-F3C053C6B52A}
2012-07-15 04:01 - 2012-07-15 04:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{22A0FBDE-DB70-45CB-B9BD-A49B5A0F205F}
2012-07-15 04:00 - 2012-07-15 04:00 - 00000000 ____D C:\Users\Martin\AppData\Local\{5CC6C5C4-6F19-4A77-B62F-D5B3C6A10C8D}
2012-07-14 11:58 - 2012-07-14 11:59 - 00000000 ____D C:\Users\Martin\AppData\Local\{7E6B6E5A-B4BF-4484-BEE7-D3001E5FC869}
2012-07-14 11:58 - 2012-07-14 11:58 - 00000000 ____D C:\Users\Martin\AppData\Local\{ECD5E1E9-76B2-4655-ADE1-4BD8367323EE}
2012-07-13 10:44 - 2012-07-13 10:44 - 00000000 ____D C:\Users\Martin\AppData\Local\{FCEFDDA8-74ED-48A9-94D0-A35EE1255220}
2012-07-13 10:43 - 2012-07-13 10:44 - 00000000 ____D C:\Users\Martin\AppData\Local\{A0321BDF-3E38-4E20-A870-24E4DE0FDDA2}
2012-07-12 18:11 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 18:03 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 18:03 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 18:03 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 18:03 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 18:03 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 18:03 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 18:03 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 18:03 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 18:03 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 18:03 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 18:03 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 18:03 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 18:03 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 18:03 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 18:03 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 18:03 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 18:03 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 18:03 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 18:03 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 18:03 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 18:03 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 18:03 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 18:03 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 18:03 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 18:03 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 18:03 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 18:03 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 18:03 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 12:05 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-12 12:05 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-12 12:05 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-12 12:05 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-12 12:05 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-12 12:05 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-12 12:04 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-12 12:04 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-12 12:04 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-12 12:04 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-12 12:04 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-12 12:04 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-12 12:04 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-12 12:04 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-12 12:04 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-12 12:04 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-12 12:04 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-12 12:04 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-12 12:04 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-12 11:49 - 2012-07-12 11:50 - 00000000 ____D C:\Users\Martin\AppData\Local\{2A49CF42-B532-44B2-A361-F85B00EF35BE}
2012-07-12 11:49 - 2012-07-12 11:49 - 00000000 ____D C:\Users\Martin\AppData\Local\{5C05678A-3619-4258-8C99-DA965B99BE0F}
2012-07-10 10:31 - 2012-07-10 10:31 - 00000000 ____D C:\Users\Martin\AppData\Local\{ACB372CC-CAD2-4F6C-B75B-92823271B0FF}
2012-07-10 10:30 - 2012-07-10 10:31 - 00000000 ____D C:\Users\Martin\AppData\Local\{95036FFB-DF1F-4BA6-9552-6C6BC3833BF3}
2012-07-09 04:09 - 2012-07-09 04:09 - 00000000 ____D C:\Users\Martin\AppData\Local\{5B2337E8-EFC1-4DB9-B31C-6B35AC3542B2}
2012-07-08 13:02 - 2012-07-08 13:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{61DBC898-FC86-4F0B-919B-236CD61F038F}
2012-07-08 13:02 - 2012-07-08 13:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{36CDC978-79B9-4308-951E-7C4D77C86917}


============ 3 Months Modified Files ========================

2012-08-07 10:02 - 2012-08-07 09:59 - 00000112 ____A C:\Windows\setupact.log
2012-08-07 10:02 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-07 09:59 - 2012-08-07 09:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 09:59 - 2010-02-16 00:19 - 01235635 ____A C:\Windows\WindowsUpdate.log
2012-08-07 09:50 - 2012-04-18 11:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-07 09:39 - 2010-10-16 12:53 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-07 09:38 - 2011-12-09 14:17 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000UA.job
2012-08-07 09:31 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-07 09:27 - 2012-08-07 09:27 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-07 08:39 - 2010-10-16 12:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-07 07:54 - 2011-10-08 10:43 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000UA.job
2012-08-07 05:51 - 2012-08-07 05:51 - 00116224 __ASH (Crytek inc.) C:\Users\Martin\AppData\Roaming\bisan.dll
2012-08-07 05:43 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-07 05:43 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-06 13:54 - 2011-10-08 10:43 - 00000908 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000Core.job
2012-08-06 11:38 - 2011-12-09 14:17 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000Core.job
2012-08-06 10:40 - 2012-08-06 10:40 - 00451072 ____A (BitTorrent, Inc.) C:\Users\Martin\AppData\Roaming\rcsedc.dll
2012-08-06 10:38 - 2012-08-06 10:39 - 00156160 __ASH (Crytek) C:\Users\Martin\AppData\Roaming\mdhcf.dll
2012-08-05 13:40 - 2012-02-03 18:12 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForMARTIN-PC$.job
2012-08-05 08:10 - 2010-09-03 05:00 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-02 13:50 - 2012-04-18 11:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 13:50 - 2011-09-16 11:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-02 03:54 - 2011-12-09 14:18 - 00002459 ____A C:\Users\Martin\Desktop\Google Chrome.lnk
2012-07-30 04:10 - 2011-11-03 15:09 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-13 10:40 - 2009-07-13 20:45 - 00378920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 18:05 - 2011-01-09 12:38 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 07:29 - 2012-07-05 07:29 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-01 11:11 - 2011-01-26 07:16 - 00002198 ____A C:\Windows\epplauncher.mif
2012-06-18 12:50 - 2012-06-18 12:50 - 00000052 ____A C:\Users\All Users\nfhzbtbmszncdbn
2012-06-14 05:46 - 2012-06-14 05:46 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-14 05:41 - 2012-06-14 05:41 - 00000221 ____A C:\Users\Martin\Desktop\LIMBO.url
2012-06-14 05:40 - 2011-02-16 16:03 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-06-11 19:08 - 2012-07-12 18:11 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 06:32 - 2011-11-23 07:00 - 00001021 ____A C:\Users\Martin\Desktop\Dropbox.lnk
2012-06-08 21:43 - 2012-07-12 12:04 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-12 12:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-12 12:05 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-12 12:05 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-12 12:04 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-12 12:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-12 12:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-12 12:04 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-07-01 10:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-07-01 10:38 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-07-01 10:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-07-01 10:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-07-01 10:38 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-07-01 10:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-07-01 10:38 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-07-01 10:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-07-01 10:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 18:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 18:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 18:03 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 18:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 18:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 18:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 18:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 18:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 18:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 18:03 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 18:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 18:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 18:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 18:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 18:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 18:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 18:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 18:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 18:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 18:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 18:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 18:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 18:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 18:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 18:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 18:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 18:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 18:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-12 12:04 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-12 12:04 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-12 12:04 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-12 12:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-12 12:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-12 12:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-12 12:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-12 12:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-12 12:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-29 09:13 - 2012-05-29 09:13 - 00000220 ____A C:\Users\Martin\Desktop\Plants vs. Zombies Game of the Year.url
2012-05-29 09:02 - 2012-05-29 09:02 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-24 23:53 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT


ZeroAccess:
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\@
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\L
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\U
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\U\00000001.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3836.2 MB
Available physical RAM: 3131.47 MB
Total Pagefile: 3834.34 MB
Available Pagefile: 3130.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:284.28 GB) (Free:211 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.52 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:0.94 GB) (Free:0.63 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 963 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 963 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-05-28 06:26

======================= End Of Log ==========================


---

What would you suggest to do now?

Thank you

(PS, I'm not the best with computers, but can follow the instructions given, so as long as there isn't too much jargon, I should be able to follow!)

EDIT

Also - now Microsoft Security Essentials has found VirTool:Win32/Obfuscator.XT and Trojan:Win32/Medfos.gen!A

EDIT 2

And now VirTool:Win32/DelfInject.AF and Trojan:Win32/Sirefef.P

Edited by Paradoxymoron, 08 August 2012 - 08:53 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:26 PM

Posted 10 August 2012 - 11:27 AM

Hi Paradoxymoron,

Welcome to the forum.

We need a fresh log of the latest FRST.

Please delete your copy of FRST and download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 Paradoxymoron

Paradoxymoron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 12 August 2012 - 11:45 AM

Hiya,

I've just run the Farbar Recovery Tool - log pasted below.

I should also mention that further Microsoft Security Essentials scans have also come up with the following viruses/exploits.

- TrojanDownloader:Java/OpenConnection.px
- TrojanDownloader:Win32/Karagany.I
- Trojan:Win32/Medfos.B
- Exploit:Java/CVE-2012-1723.DG
- Exploit:Java/CVE_2012-1723
- VirTool:Win32/DelfInject.AF
- Trojan:Win32/Sirefef.P

Log posted below

--
Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 12-08-2012 17:36:19
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2010-10-29] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-10-31] (Sun Microsystems, Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-10-29] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Martin\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Martin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Martin\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Martin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-16] (Google Inc.)
HKU\Martin\...\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi [x]
HKU\Martin\...\Run: [Facebook Update] "C:\Users\Martin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Martin\...\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-22] (Google Inc.)
HKU\Martin\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Martin\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Martin\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Martin\...\Run: [dllhdctr] rundll32 "C:\Users\Martin\AppData\Local\Temp\drivkill.dll",CreateProcessNotify [57344 2012-08-07] (AhnLab, Inc.)
HKU\Martin\...\Run: [Loca] rundll32 "C:\Users\Martin\AppData\Local\Temp\drivkill64.dll",CreateProcessNotify [63488 2012-08-07] (FRISK Software International)
HKU\Martin\...\Run: [Azuvpyih] C:\Users\Martin\AppData\Roaming\Riahes\olamz.exe [185344 2011-05-26] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Startup: C:\Users\Martin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Martin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2010-10-29] (Andrea Electronics Corporation)
2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-10-29] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120403.002\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
2 mdvrmng; C:\Windows\SysWow64\Drivers\mdvrmng.sys [10240 2010-01-28] ()
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2012-02-03] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
4 eabfiltr; [x]
1 MpKsl029328d7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D924DF6-67DA-4E28-BE82-B74123D9F40F}\MpKsl029328d7.sys [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120402.002\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120402.002\EX64.SYS [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-12 08:24 - 2012-08-12 08:24 - 00000000 ____D C:\Users\Martin\AppData\Local\{C62B8AF3-0B48-4FE0-8566-4007FBBD44F1}
2012-08-10 09:31 - 2012-08-10 09:31 - 00000000 ____D C:\Users\Martin\AppData\Local\{8228F447-11DD-40D4-8840-9C9B244FD1E4}
2012-08-10 09:30 - 2012-08-10 09:31 - 00000000 ____D C:\Users\Martin\AppData\Local\{ED74AC75-AC8F-4818-82C9-676CAA7EB3E4}
2012-08-09 15:23 - 2012-08-09 15:23 - 00000000 ____D C:\Users\Martin\AppData\Local\{BF40488A-B25E-4331-BDD6-5882201DF39A}
2012-08-09 15:23 - 2012-08-09 15:23 - 00000000 ____D C:\Users\Martin\AppData\Local\{7B553838-16D1-44FF-898C-8F14E7D1AAB4}
2012-08-09 03:21 - 2012-08-09 03:21 - 00000000 ____D C:\Users\Martin\AppData\Local\{8A55725E-2172-4CAA-A4DE-B21BEF989879}
2012-08-09 03:20 - 2012-08-09 03:21 - 00000000 ____D C:\Users\Martin\AppData\Local\{2904F0D7-3AF4-4BDF-948A-D358AC285FDF}
2012-08-09 03:20 - 2012-08-09 03:20 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Wocy
2012-08-09 03:20 - 2012-08-09 03:20 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Iwiw
2012-08-09 03:20 - 2012-08-09 03:20 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Ivdy
2012-08-08 04:46 - 2012-08-08 04:46 - 00000000 ____D C:\Users\Martin\AppData\Local\{BF25D574-63A0-4FAF-B1D9-47035FF67D7B}
2012-08-08 04:45 - 2012-08-08 04:46 - 00000000 ____D C:\Users\Martin\AppData\Local\{C50B7980-5A78-499F-8F9D-0C25C0835521}
2012-08-07 19:10 - 2012-08-07 19:10 - 00000000 ____D C:\FRST
2012-08-07 09:59 - 2012-08-12 08:32 - 00007560 ____A C:\Windows\setupact.log
2012-08-07 09:59 - 2012-08-07 09:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 09:27 - 2012-08-07 09:27 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-07 09:27 - 2012-08-07 09:27 - 00000000 ____D C:\Program Files\CCleaner
2012-08-07 08:01 - 2012-08-07 08:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{50F46683-AD69-4920-983F-25DCBA3C59E1}
2012-08-07 05:57 - 2012-08-09 15:31 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Amdi
2012-08-07 05:57 - 2012-08-07 05:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Riahes
2012-08-07 05:57 - 2012-08-07 05:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Quytef
2012-08-07 03:11 - 2012-08-07 08:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{C7D6FCA0-D542-428C-9A8C-B23E38961609}
2012-08-06 10:40 - 2012-08-06 10:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{208D7785-DFF6-11E1-8270-B8AC6F996F26}
2012-08-06 10:39 - 2012-08-07 09:56 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2012-08-06 10:38 - 2012-08-07 11:04 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Cuni
2012-08-06 10:38 - 2012-08-06 11:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Ysepa
2012-08-06 10:38 - 2012-08-06 10:38 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Qyugo
2012-08-06 02:31 - 2012-08-06 02:32 - 00000000 ____D C:\Users\Martin\AppData\Local\{A3863049-A808-43D9-B802-4074493B563F}
2012-08-06 02:31 - 2012-08-06 02:31 - 00000000 ____D C:\Users\Martin\AppData\Local\{D2462B56-41F2-4497-B08C-0156532529FA}
2012-08-05 07:59 - 2012-08-05 07:59 - 00000000 ____D C:\Users\Martin\AppData\Local\{9D602043-9F2F-41EB-95FD-81D7EC1AE16B}
2012-08-05 07:59 - 2012-08-05 07:59 - 00000000 ____D C:\Users\Martin\AppData\Local\{83A1ECEA-2485-47BB-AC7A-1856901337AE}
2012-08-04 04:15 - 2012-08-04 04:15 - 00000000 ____D C:\Users\Martin\AppData\Local\{F46513CD-C421-466E-9E4C-2CC1B31B63DD}
2012-08-04 04:14 - 2012-08-04 04:15 - 00000000 ____D C:\Users\Martin\AppData\Local\{D6307133-84D3-41E9-B693-47D389C70BA2}
2012-08-03 03:39 - 2012-08-03 03:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{E0701E12-71F1-4DF9-8BC4-8A11A08F64D4}
2012-08-03 03:39 - 2012-08-03 03:39 - 00000000 ____D C:\Users\Martin\AppData\Local\{41464AE8-042E-48C0-ACCE-0EB816C3F4F5}
2012-08-02 15:21 - 2012-08-02 15:21 - 00000000 ____D C:\Users\Martin\AppData\Local\{FD4B3133-C4A7-4FBA-A29F-28E167B8901A}
2012-08-02 15:21 - 2012-08-02 15:21 - 00000000 ____D C:\Users\Martin\AppData\Local\{6852289A-031B-4BEF-A823-1A83BC7D606E}
2012-08-02 03:20 - 2012-08-02 03:20 - 00000000 ____D C:\Users\Martin\AppData\Local\{F56D193D-9BC2-48FA-AE61-EDE415528E6C}
2012-08-02 03:20 - 2012-08-02 03:20 - 00000000 ____D C:\Users\Martin\AppData\Local\{68DB97F0-0C9D-4790-8ABF-DAA7C285FEFF}
2012-08-01 05:39 - 2012-08-01 05:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{8BCA594E-A36D-479C-83A4-E73064CA2C73}
2012-08-01 05:39 - 2012-08-01 05:39 - 00000000 ____D C:\Users\Martin\AppData\Local\{8954B5D1-49E7-4772-831B-9F3DEBA38C5C}
2012-07-31 03:40 - 2012-07-31 03:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{4189B1BF-7BD4-44F6-9652-B540B6AFB4C0}
2012-07-31 03:39 - 2012-07-31 03:40 - 00000000 ____D C:\Users\Martin\AppData\Local\{ABB3601E-084F-48A8-BF0C-62E64C1BBEBA}
2012-07-30 04:00 - 2012-07-30 04:00 - 00000000 ____D C:\Users\Martin\AppData\Local\{0886B48A-29D6-4976-9A1F-C1DF96E7828B}
2012-07-30 03:59 - 2012-07-30 03:59 - 00000000 ____D C:\Users\Martin\AppData\Local\{52120FCC-15DE-47A3-9A2C-D5AA32B30A56}
2012-07-29 08:49 - 2012-07-29 08:50 - 00000000 ____D C:\Users\Martin\AppData\Local\{812A1D46-80BA-4756-A53A-91AB525B1449}
2012-07-29 08:49 - 2012-07-29 08:49 - 00000000 ____D C:\Users\Martin\AppData\Local\{B36D1CB3-C15F-460E-BAFF-095D4FEFC4EF}
2012-07-27 11:02 - 2012-07-27 11:02 - 00000000 ____D C:\Users\Martin\AppData\Local\{77F03977-7C2E-47C0-BDE2-65BE3A3344CB}
2012-07-27 03:54 - 2012-07-27 03:54 - 00000000 ____D C:\Users\Martin\AppData\Local\{672E8C39-14BF-403F-B15B-F5EE8061DB69}
2012-07-26 13:56 - 2012-07-26 13:57 - 00000000 ____D C:\Users\Martin\AppData\Local\{F98CA884-AE5E-4C01-89F7-DD8378005F20}
2012-07-26 13:56 - 2012-07-26 13:56 - 00000000 ____D C:\Users\Martin\AppData\Local\{E16806B7-514F-458D-8780-333794F831A5}
2012-07-26 01:55 - 2012-07-26 01:56 - 00000000 ____D C:\Users\Martin\AppData\Local\{823316BD-F80F-4225-9A26-E732E7EAAFCB}
2012-07-26 01:55 - 2012-07-26 01:55 - 00000000 ____D C:\Users\Martin\AppData\Local\{FC6D0189-57F8-4257-9329-04EE73ED4EAD}
2012-07-25 04:01 - 2012-07-25 04:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{6B9AE50B-8F52-46FA-B067-C60DCAD75192}
2012-07-25 04:00 - 2012-07-25 04:00 - 00000000 ____D C:\Users\Martin\AppData\Local\{0DA9D791-79C3-491F-96BF-22D8536E5C4F}
2012-07-24 05:23 - 2012-07-24 05:24 - 00000000 ____D C:\Users\Martin\AppData\Local\{DE0AFD37-BFFB-4C0B-8B6B-92348B99B419}
2012-07-24 05:23 - 2012-07-24 05:23 - 00000000 ____D C:\Users\Martin\AppData\Local\{D261B02C-BF68-4327-8B9A-E66D8047B4FF}
2012-07-23 11:20 - 2012-07-23 11:20 - 00000000 ____D C:\Users\Martin\AppData\Local\{E4C8881E-52CC-4A83-B34C-8B871388C60B}
2012-07-23 11:20 - 2012-07-23 11:20 - 00000000 ____D C:\Users\Martin\AppData\Local\{64D587CC-E375-433B-96B5-3792A8715D7B}
2012-07-22 11:12 - 2012-07-22 11:12 - 00000000 ____D C:\Users\Martin\AppData\Local\{C9915C79-0614-4375-B107-91CF6E63E6F6}
2012-07-22 11:12 - 2012-07-22 11:12 - 00000000 ____D C:\Users\Martin\AppData\Local\{C69FD1CA-A871-4D49-83D1-DB84EA09EB8D}
2012-07-21 07:15 - 2012-07-21 07:16 - 00000000 ____D C:\Users\Martin\AppData\Local\{5B88FEB7-76ED-4EAE-87F2-122334EB15B4}
2012-07-21 07:15 - 2012-07-21 07:15 - 00000000 ____D C:\Users\Martin\AppData\Local\{7841954A-F181-4ACD-91F3-BE11B82A9B4B}
2012-07-19 07:36 - 2012-07-19 07:36 - 00000000 ____D C:\Users\Martin\AppData\Local\{CCD6397A-764C-41A2-B99A-96CB2F5FF7E4}
2012-07-19 07:35 - 2012-07-19 07:36 - 00000000 ____D C:\Users\Martin\AppData\Local\{81AD2D56-CD77-4AFF-8FA9-520F5F0E9432}
2012-07-18 08:09 - 2012-07-18 08:09 - 00000000 ____D C:\Users\Martin\AppData\Local\{EA8DFC6F-8A1F-4F85-A13A-DACC2C3BAB47}
2012-07-18 08:09 - 2012-07-18 08:09 - 00000000 ____D C:\Users\Martin\AppData\Local\{AB9B230B-E09B-4B8C-AA67-26FF37FED1F1}
2012-07-17 12:01 - 2012-07-17 12:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{9B0944A7-5069-4A1E-B511-0892EBADE479}
2012-07-17 12:00 - 2012-07-17 12:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{BA72955A-E7CA-4803-8D72-7BE36FE70966}
2012-07-16 09:51 - 2012-07-16 09:51 - 00000000 ____D C:\Users\Martin\AppData\Local\{5D36F93E-0365-4DDE-A6AD-3598CCD1DCC7}
2012-07-16 09:50 - 2012-07-16 09:50 - 00000000 ____D C:\Users\Martin\AppData\Local\{FA77AD5B-3FCE-4B25-809F-F3C053C6B52A}
2012-07-15 04:01 - 2012-07-15 04:01 - 00000000 ____D C:\Users\Martin\AppData\Local\{22A0FBDE-DB70-45CB-B9BD-A49B5A0F205F}
2012-07-15 04:00 - 2012-07-15 04:00 - 00000000 ____D C:\Users\Martin\AppData\Local\{5CC6C5C4-6F19-4A77-B62F-D5B3C6A10C8D}
2012-07-14 11:58 - 2012-07-14 11:59 - 00000000 ____D C:\Users\Martin\AppData\Local\{7E6B6E5A-B4BF-4484-BEE7-D3001E5FC869}
2012-07-14 11:58 - 2012-07-14 11:58 - 00000000 ____D C:\Users\Martin\AppData\Local\{ECD5E1E9-76B2-4655-ADE1-4BD8367323EE}
2012-07-13 10:44 - 2012-07-13 10:44 - 00000000 ____D C:\Users\Martin\AppData\Local\{FCEFDDA8-74ED-48A9-94D0-A35EE1255220}
2012-07-13 10:43 - 2012-07-13 10:44 - 00000000 ____D C:\Users\Martin\AppData\Local\{A0321BDF-3E38-4E20-A870-24E4DE0FDDA2}

============ 3 Months Modified Files ========================

2012-08-12 08:32 - 2012-08-07 09:59 - 00007560 ____A C:\Windows\setupact.log
2012-08-12 08:32 - 2010-02-16 00:19 - 01458736 ____A C:\Windows\WindowsUpdate.log
2012-08-12 08:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-12 08:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-12 08:22 - 2010-10-16 12:53 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-12 08:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-10 09:49 - 2012-04-18 11:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-10 09:39 - 2010-10-16 12:53 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-10 09:38 - 2011-12-09 14:17 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000UA.job
2012-08-09 13:54 - 2011-10-08 10:43 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000UA.job
2012-08-09 13:54 - 2011-10-08 10:43 - 00000908 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000Core.job
2012-08-09 11:38 - 2011-12-09 14:17 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000Core.job
2012-08-09 09:08 - 2009-07-13 21:13 - 00729880 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 03:43 - 2011-12-09 14:18 - 00002459 ____A C:\Users\Martin\Desktop\Google Chrome.lnk
2012-08-07 09:59 - 2012-08-07 09:59 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 09:27 - 2012-08-07 09:27 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-05 13:40 - 2012-02-03 18:12 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForMARTIN-PC$.job
2012-08-05 08:10 - 2010-09-03 05:00 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-02 13:50 - 2012-04-18 11:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 13:50 - 2011-09-16 11:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-30 04:10 - 2011-11-03 15:09 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-13 10:40 - 2009-07-13 20:45 - 00378920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 18:05 - 2011-01-09 12:38 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-05 07:29 - 2012-07-05 07:29 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-01 11:11 - 2011-01-26 07:16 - 00002198 ____A C:\Windows\epplauncher.mif
2012-06-18 12:50 - 2012-06-18 12:50 - 00000052 ____A C:\Users\All Users\nfhzbtbmszncdbn
2012-06-14 05:46 - 2012-06-14 05:46 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-14 05:41 - 2012-06-14 05:41 - 00000221 ____A C:\Users\Martin\Desktop\LIMBO.url
2012-06-14 05:40 - 2011-02-16 16:03 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-06-11 19:08 - 2012-07-12 18:11 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 06:32 - 2011-11-23 07:00 - 00001021 ____A C:\Users\Martin\Desktop\Dropbox.lnk
2012-06-08 21:43 - 2012-07-12 12:04 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-12 12:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-12 12:05 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-12 12:05 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-12 12:04 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-12 12:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-12 12:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-12 12:04 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-07-01 10:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-07-01 10:38 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-07-01 10:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-07-01 10:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-07-01 10:38 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-07-01 10:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-07-01 10:38 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-07-01 10:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-07-01 10:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 18:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 18:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 18:03 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 18:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 18:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 18:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 18:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 18:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 18:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 18:03 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 18:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 18:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 18:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 18:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 18:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 18:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 18:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 18:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 18:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 18:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 18:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 18:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 18:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 18:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 18:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 18:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 18:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 18:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-12 12:04 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-12 12:04 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-12 12:04 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-12 12:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-12 12:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-12 12:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-12 12:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-12 12:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-12 12:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-29 09:13 - 2012-05-29 09:13 - 00000220 ____A C:\Users\Martin\Desktop\Plants vs. Zombies Game of the Year.url
2012-05-29 09:02 - 2012-05-29 09:02 - 00000917 ____A C:\Users\Public\Desktop\Steam.lnk
2012-05-24 23:53 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT


ZeroAccess:
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\@
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\L
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\U
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce}\U\00000001.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3836.2 MB
Available physical RAM: 3127.21 MB
Total Pagefile: 3834.34 MB
Available Pagefile: 3118.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:284.28 GB) (Free:211.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.52 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:0.94 GB) (Free:0.63 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 963 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 963 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Last Boot: 2012-05-28 06:26

======================= End Of Log ==========================

--

Thank you

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:26 PM

Posted 12 August 2012 - 12:45 PM

  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Please download Attached File  Fixlist.txt   1.49KB   4 downloads
    Save it to your flash drive.
    Boot to System Recovery Options and select "Command Prompt".

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either Norton Internet Security or Microsoft Security Essentials.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#5 Paradoxymoron

Paradoxymoron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 14 August 2012 - 06:15 PM

Ok, just ran the script, removed Norton (in favour of Microsoft Security Essentials) and downloaded the Anti-Malware. (Before I could run the Anti-Malware I had some trouble with a fake Security Application that made running the Anti-Malware difficult - Live Security Platinum. Any idea where this came from?)

Here is the Fixlog:

---
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-14 23:10:39 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_USERS\Martin\Software\Microsoft\Windows\CurrentVersion\Run\\dllhdctr Value not found.
C:\Users\Martin\AppData\Local\Temp\drivkill.dll moved successfully.
HKEY_USERS\Martin\Software\Microsoft\Windows\CurrentVersion\Run\\Loca Value deleted successfully.
C:\Users\Martin\AppData\Local\Temp\drivkill64.dll moved successfully.
HKEY_USERS\Martin\Software\Microsoft\Windows\CurrentVersion\Run\\Azuvpyih Value deleted successfully.
C:\Users\Martin\AppData\Roaming\Riahes\olamz.exe moved successfully.
C:\Users\Martin\AppData\Roaming\Wocy moved successfully.
C:\Users\Martin\AppData\Roaming\Iwiw moved successfully.
C:\Users\Martin\AppData\Roaming\Ivdy moved successfully.
C:\Users\Martin\AppData\Roaming\Amdi moved successfully.
C:\Users\Martin\AppData\Roaming\Riahes moved successfully.
C:\Users\Martin\AppData\Roaming\Quytef moved successfully.
C:\Users\Martin\AppData\Roaming\Cuni moved successfully.
C:\Users\Martin\AppData\Roaming\Ysepa moved successfully.
C:\Users\Martin\AppData\Roaming\Qyugo moved successfully.
C:\Users\Martin\AppData\Local\{63781c0e-9709-3549-22ac-296523ea73ce} moved successfully.
C:\Users\All Users\nfhzbtbmszncdbn moved successfully.

==== End of Fixlog ====

---

And here is the MBAM log:

---

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

Protection: Disabled

14/08/2012 23:53:59
mbam-log-2012-08-14 (23-53-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194749
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|0C1D173402D4A6A3DB057943F875F002 (Trojan.LameShield) -> Data: C:\ProgramData\0C1D173402D4A6A3DB057943F875F002\0C1D173402D4A6A3DB057943F875F002.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

Files Detected: 6
C:\ProgramData\0C1D173402D4A6A3DB057943F875F002\0C1D173402D4A6A3DB057943F875F002.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Martin\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\Martin\AppData\Local\Temp\~!#858D.tmp (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\Martin\AppData\Local\Temp\~!#9586.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Martin\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

(end)

---

What should I do next? And how would I prevent my laptop from getting further viruses in the meantime?

Thank you

Paradoxymoron

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:26 PM

Posted 14 August 2012 - 06:47 PM

Any idea where this came from?

how would I prevent my laptop from getting further viruses in the meantime?

This could have been hidden or downloaded if you used the computer. You are now out of woods, but I recommend not to use the computer unless we are done and fill up all the security wholes.

  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#7 Paradoxymoron

Paradoxymoron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 14 August 2012 - 07:39 PM

Heya,

Ran both scans - these are the logs created:

FSS Log

---

Farbar Service Scanner Version: 06-08-2012
Ran by Martin (administrator) on 15-08-2012 at 01:19:21
Running from "C:\Users\Martin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

---

And the OTL.txt:

---

OTL logfile created on: 8/15/2012 1:21:39 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 50.37% Memory free
7.49 Gb Paging File | 5.19 Gb Available in Paging File | 69.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.28 Gb Total Space | 211.92 Gb Free Space | 74.55% Space Free | Partition Type: NTFS
Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 96.77 Mb Free Space | 97.42% Space Free | Partition Type: FAT32
Drive G: | 962.73 Mb Total Space | 639.20 Mb Free Space | 66.39% Space Free | Partition Type: FAT

Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 01:20:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2012/08/04 13:14:08 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/08/02 22:50:11 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/08/01 19:33:51 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/29 16:28:47 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/10/21 15:55:03 | 000,186,368 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Hyel\quazi.exe
PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/10/06 08:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 22:09:49 | 000,162,304 | -HS- | M] () -- C:\Users\Martin\AppData\Roaming\dlobr.dll
MOD - [2012/08/01 19:33:45 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/01 19:33:27 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/01 19:33:26 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/01 19:33:26 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/01 19:33:26 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/13 17:13:08 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 17:12:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 17:11:47 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/12 12:18:42 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 12:13:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 12:12:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 12:12:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 12:11:11 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/12 12:11:10 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/05/12 12:10:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 12:10:33 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 12:10:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 12:10:21 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 12:10:09 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/10/21 15:55:03 | 000,186,368 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Hyel\quazi.exe
MOD - [2011/09/24 23:50:15 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/10/06 08:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/09/29 23:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 23:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 23:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 23:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 23:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 23:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 23:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/09/29 23:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/08/20 21:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 21:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 21:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/29 19:10:05 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/29 19:10:04 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/08/05 05:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 22:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2012/08/02 22:50:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/01 19:33:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/29 19:10:05 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe -- (STacSV)
SRV - [2010/10/29 19:10:04 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/29 19:12:45 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/10/29 19:10:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/05 06:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 08:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 22:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 22:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 20:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 15:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{E794932D-A04D-4D67-8F8A-F8FEC221000F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E794932D-A04D-4D67-8F8A-F8FEC221000F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\SearchScopes,DefaultScope = {D57EEB94-D1D7-4BAD-9BF0-6EADBAD85848}
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\SearchScopes\{72BFEBCA-D085-44F2-B0BF-E07A98529D8A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=57D80BF6-84FE-408C-9F49-54E40470041F&apn_sauid=7CD49AC3-1D2A-4489-82E1-5CE44F2F1A9D
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\SearchScopes\{D57EEB94-D1D7-4BAD-9BF0-6EADBAD85848}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7SKPT_enGB401
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\SearchScopes\{E794932D-A04D-4D67-8F8A-F8FEC221000F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Martin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Martin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000..\Run: [dlobr] C:\Users\Martin\AppData\Roaming\dlobr.dll ()
O4 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000..\Run: [Facebook Update] C:\Users\Martin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000..\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi.exe ()
O4 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000..\Run: [Qivyuqzay] C:\Users\Martin\AppData\Roaming\Hyel\quazi.exe ()
O4 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18F10EF6-F402-44B2-BE3D-95475126CAAB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BE3E02C-5D76-45DE-9AE2-796E327F3A8C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1B89B9E-B0CC-4443-AF52-2F49D253DDD6}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2468178e-bc60-11df-9e94-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{2468178e-bc60-11df-9e94-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{246817ae-bc60-11df-9e94-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{246817ae-bc60-11df-9e94-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{516027e0-b78d-11df-b54d-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{516027e0-b78d-11df-b54d-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{81422ea8-df92-11e0-9a9a-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{81422ea8-df92-11e0-9a9a-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a63cda0a-b762-11df-a266-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{a63cda0a-b762-11df-a266-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b814f0ed-b156-11df-bd83-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{b814f0ed-b156-11df-bd83-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b814f0f6-b156-11df-bd83-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{b814f0f6-b156-11df-bd83-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d5a53a62-593c-11e0-bfb4-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{d5a53a62-593c-11e0-bfb4-c80aa90b0183}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f4a063ed-5ead-11e0-a7b5-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a063ed-5ead-11e0-a7b5-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f4a0641a-5ead-11e0-a7b5-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a0641a-5ead-11e0-a7b5-c80aa90b0183}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 01:20:32 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012/08/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Luzip
[2012/08/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Hyel
[2012/08/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Adfu
[2012/08/14 23:49:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 22:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D173402D4A6A3DB057943F875F002
[2012/08/14 13:55:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{474DEEBD-5062-4A6B-8D06-B598E8525BA0}
[2012/08/14 13:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{16E694CC-EAC3-443B-81A5-32F2FB3F1117}
[2012/08/12 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{078F6E5F-27DD-4572-B43D-F78410F5B21F}
[2012/08/12 17:41:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{ADAC7971-E3D7-476B-9015-95D6F48BF859}
[2012/08/12 17:24:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C62B8AF3-0B48-4FE0-8566-4007FBBD44F1}
[2012/08/10 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{8228F447-11DD-40D4-8840-9C9B244FD1E4}
[2012/08/10 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{ED74AC75-AC8F-4818-82C9-676CAA7EB3E4}
[2012/08/10 00:23:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{BF40488A-B25E-4331-BDD6-5882201DF39A}
[2012/08/10 00:23:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{7B553838-16D1-44FF-898C-8F14E7D1AAB4}
[2012/08/09 12:21:30 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{8A55725E-2172-4CAA-A4DE-B21BEF989879}
[2012/08/09 12:20:55 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{2904F0D7-3AF4-4BDF-948A-D358AC285FDF}
[2012/08/08 13:46:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{BF25D574-63A0-4FAF-B1D9-47035FF67D7B}
[2012/08/08 13:45:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C50B7980-5A78-499F-8F9D-0C25C0835521}
[2012/08/08 04:10:17 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/07 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/07 18:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/07 17:01:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{50F46683-AD69-4920-983F-25DCBA3C59E1}
[2012/08/07 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C7D6FCA0-D542-428C-9A8C-B23E38961609}
[2012/08/06 19:40:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{208D7785-DFF6-11E1-8270-B8AC6F996F26}
[2012/08/06 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\CrashDumps
[2012/08/06 11:31:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{A3863049-A808-43D9-B802-4074493B563F}
[2012/08/06 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{D2462B56-41F2-4497-B08C-0156532529FA}
[2012/08/05 16:59:32 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{83A1ECEA-2485-47BB-AC7A-1856901337AE}
[2012/08/05 16:59:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{9D602043-9F2F-41EB-95FD-81D7EC1AE16B}
[2012/08/04 13:15:26 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{F46513CD-C421-466E-9E4C-2CC1B31B63DD}
[2012/08/04 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{D6307133-84D3-41E9-B693-47D389C70BA2}
[2012/08/03 12:39:49 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{E0701E12-71F1-4DF9-8BC4-8A11A08F64D4}
[2012/08/03 12:39:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{41464AE8-042E-48C0-ACCE-0EB816C3F4F5}
[2012/08/03 00:21:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{6852289A-031B-4BEF-A823-1A83BC7D606E}
[2012/08/03 00:21:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{FD4B3133-C4A7-4FBA-A29F-28E167B8901A}
[2012/08/02 12:20:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{68DB97F0-0C9D-4790-8ABF-DAA7C285FEFF}
[2012/08/02 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{F56D193D-9BC2-48FA-AE61-EDE415528E6C}
[2012/08/01 14:39:52 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{8BCA594E-A36D-479C-83A4-E73064CA2C73}
[2012/08/01 14:39:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{8954B5D1-49E7-4772-831B-9F3DEBA38C5C}
[2012/07/31 12:40:06 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{4189B1BF-7BD4-44F6-9652-B540B6AFB4C0}
[2012/07/31 12:39:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{ABB3601E-084F-48A8-BF0C-62E64C1BBEBA}
[2012/07/30 13:00:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{0886B48A-29D6-4976-9A1F-C1DF96E7828B}
[2012/07/30 12:59:14 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{52120FCC-15DE-47A3-9A2C-D5AA32B30A56}
[2012/07/29 17:49:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{812A1D46-80BA-4756-A53A-91AB525B1449}
[2012/07/29 17:49:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{B36D1CB3-C15F-460E-BAFF-095D4FEFC4EF}
[2012/07/27 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{77F03977-7C2E-47C0-BDE2-65BE3A3344CB}
[2012/07/27 12:54:08 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{672E8C39-14BF-403F-B15B-F5EE8061DB69}
[2012/07/26 22:56:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{F98CA884-AE5E-4C01-89F7-DD8378005F20}
[2012/07/26 22:56:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{E16806B7-514F-458D-8780-333794F831A5}
[2012/07/26 10:55:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{823316BD-F80F-4225-9A26-E732E7EAAFCB}
[2012/07/26 10:55:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{FC6D0189-57F8-4257-9329-04EE73ED4EAD}
[2012/07/25 13:01:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{6B9AE50B-8F52-46FA-B067-C60DCAD75192}
[2012/07/25 13:00:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{0DA9D791-79C3-491F-96BF-22D8536E5C4F}
[2012/07/24 14:23:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{DE0AFD37-BFFB-4C0B-8B6B-92348B99B419}
[2012/07/24 14:23:27 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{D261B02C-BF68-4327-8B9A-E66D8047B4FF}
[2012/07/23 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{E4C8881E-52CC-4A83-B34C-8B871388C60B}
[2012/07/23 20:20:17 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{64D587CC-E375-433B-96B5-3792A8715D7B}
[2012/07/22 20:12:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C69FD1CA-A871-4D49-83D1-DB84EA09EB8D}
[2012/07/22 20:12:01 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C9915C79-0614-4375-B107-91CF6E63E6F6}
[2012/07/21 16:15:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{5B88FEB7-76ED-4EAE-87F2-122334EB15B4}
[2012/07/21 16:15:27 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{7841954A-F181-4ACD-91F3-BE11B82A9B4B}
[2012/07/19 16:36:19 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{CCD6397A-764C-41A2-B99A-96CB2F5FF7E4}
[2012/07/19 16:35:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{81AD2D56-CD77-4AFF-8FA9-520F5F0E9432}
[2012/07/18 17:09:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{AB9B230B-E09B-4B8C-AA67-26FF37FED1F1}
[2012/07/18 17:09:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{EA8DFC6F-8A1F-4F85-A13A-DACC2C3BAB47}
[2012/07/17 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{9B0944A7-5069-4A1E-B511-0892EBADE479}
[2012/07/17 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{BA72955A-E7CA-4803-8D72-7BE36FE70966}
[2012/07/16 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{5D36F93E-0365-4DDE-A6AD-3598CCD1DCC7}
[2012/07/16 18:50:30 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{FA77AD5B-3FCE-4B25-809F-F3C053C6B52A}
[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 01:20:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012/08/15 01:19:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 01:19:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 01:11:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 01:11:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 01:11:20 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 00:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 00:39:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 00:38:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000UA.job
[2012/08/14 23:50:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 23:16:08 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 23:16:08 | 000,631,002 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 23:16:08 | 000,112,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 22:54:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000UA.job
[2012/08/14 22:54:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000Core.job
[2012/08/14 22:13:58 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000Core.job
[2012/08/14 22:09:49 | 000,162,304 | -HS- | M] () -- C:\Users\Martin\AppData\Roaming\dlobr.dll
[2012/08/14 22:08:52 | 000,002,459 | ---- | M] () -- C:\Users\Martin\Desktop\Google Chrome.lnk
[2012/08/14 13:50:26 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMartin.job
[2012/08/07 18:27:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/05 22:40:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMARTIN-PC$.job
[2012/08/02 22:50:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 22:50:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 23:50:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 22:10:04 | 000,162,304 | -HS- | C] () -- C:\Users\Martin\AppData\Roaming\dlobr.dll
[2012/08/12 20:28:31 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMartin.job
[2012/08/07 18:27:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/13 02:05:13 | 000,000,000 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\wklnhst.dat
[2012/02/22 04:15:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/07/23 14:56:37 | 000,523,136 | ---- | C] () -- C:\Users\Martin\AppData\Local\tmp2.JPG
[2011/07/23 14:56:36 | 001,861,650 | ---- | C] () -- C:\Users\Martin\AppData\Local\tmp2.0
[2011/02/19 18:55:12 | 000,001,854 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\GhostObjGAFix.xml
[2011/01/26 16:16:36 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/28 12:42:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/26 14:36:05 | 000,071,259 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/08/26 14:36:02 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys

< End of report >

----

And the Extra.txt file is attached.

Thank you

Attached Files



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:26 PM

Posted 15 August 2012 - 05:45 AM

Hi,

One of the infections is regenerated.

  • Please reformat your flash drive to clean it:
    Copy the files or folder you know on your flash drive to another place.
    Go to Start => Computer (or My computer).
    Right-click the flash drive and select "Format..."
    Press Start and confirm any prompt.
  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      O4 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000..\Run: [dlobr] C:\Users\Martin\AppData\Roaming\dlobr.dll ()
      O4 - HKU\S-1-5-21-1781893649-2917393759-2575885653-1000..\Run: [Qivyuqzay] C:\Users\Martin\AppData\Roaming\Hyel\quazi.exe ()
      O33 - MountPoints2\{2468178e-bc60-11df-9e94-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{2468178e-bc60-11df-9e94-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{246817ae-bc60-11df-9e94-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{246817ae-bc60-11df-9e94-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{516027e0-b78d-11df-b54d-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{516027e0-b78d-11df-b54d-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{81422ea8-df92-11e0-9a9a-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{81422ea8-df92-11e0-9a9a-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{a63cda0a-b762-11df-a266-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{a63cda0a-b762-11df-a266-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{b814f0ed-b156-11df-bd83-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{b814f0ed-b156-11df-bd83-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{b814f0f6-b156-11df-bd83-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{b814f0f6-b156-11df-bd83-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{f4a063ed-5ead-11e0-a7b5-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{f4a063ed-5ead-11e0-a7b5-c80aa90b0183}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{f4a0641a-5ead-11e0-a7b5-c80aa90b0183}\Shell - "" = AutoRun
      O33 - MountPoints2\{f4a0641a-5ead-11e0-a7b5-c80aa90b0183}\Shell\AutoRun\command - "" = H:\AutoRun.exe
      O33 - MountPoints2\G\Shell - "" = AutoRun
      O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\I\Shell - "" = AutoRun
      O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
      :files
      C:\Users\Martin\AppData\Roaming\dlobr.dll
      C:\Users\Martin\AppData\Roaming\Hyel\quazi.exe
      C:\Users\Martin\AppData\Roaming\Luzip
      C:\Users\Martin\AppData\Roaming\Hyel
      C:\Users\Martin\AppData\Roaming\Adfu
      [emptytemp]
      
    • Click Run Fix button.
    • After finished a log will open. Copy and paste the log to your reply.
  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • Please run OTL.exe, click scan and post only OTL.txt to your reply.


#9 Paradoxymoron

Paradoxymoron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 15 August 2012 - 07:19 AM

Hiya,

Flash Drive reformated, and fixes/scans run.

These are the logs:

OTL Custom Scans/Fixes Log:

---
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a63cda0a-b762-11df-a266-c80aa90b0183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a63cda0a-b762-11df-a266-c80aa90b0183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a63cda0a-b762-11df-a266-c80aa90b0183}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b814f0ed-b156-11df-bd83-c80aa90b0183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b814f0ed-b156-11df-bd83-c80aa90b0183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b814f0ed-b156-11df-bd83-c80aa90b0183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b814f0ed-b156-11df-bd83-c80aa90b0183}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b814f0f6-b156-11df-bd83-c80aa90b0183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b814f0f6-b156-11df-bd83-c80aa90b0183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b814f0f6-b156-11df-bd83-c80aa90b0183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b814f0f6-b156-11df-bd83-c80aa90b0183}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4a063ed-5ead-11e0-a7b5-c80aa90b0183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4a063ed-5ead-11e0-a7b5-c80aa90b0183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4a063ed-5ead-11e0-a7b5-c80aa90b0183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4a063ed-5ead-11e0-a7b5-c80aa90b0183}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4a0641a-5ead-11e0-a7b5-c80aa90b0183}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4a0641a-5ead-11e0-a7b5-c80aa90b0183}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4a0641a-5ead-11e0-a7b5-c80aa90b0183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4a0641a-5ead-11e0-a7b5-c80aa90b0183}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\AutoRun.exe not found.
========== FILES ==========
File\Folder C:\Users\Martin\AppData\Roaming\dlobr.dll not found.
File\Folder C:\Users\Martin\AppData\Roaming\Hyel\quazi.exe not found.
C:\Users\Martin\AppData\Roaming\Luzip folder moved successfully.
C:\Users\Martin\AppData\Roaming\Hyel folder moved successfully.
C:\Users\Martin\AppData\Roaming\Adfu folder moved successfully.
File\Folder [emptytemp] not found.

OTL by OldTimer - Version 3.2.57.0 log created on 08152012_124312

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
---

MBAM Log:

---

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

Protection: Enabled

15/08/2012 12:47:40
mbam-log-2012-08-15 (12-47-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195522
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---

OTL.txt

---

OTL logfile created on: 8/15/2012 12:56:11 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 54.47% Memory free
7.49 Gb Paging File | 5.29 Gb Available in Paging File | 70.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.28 Gb Total Space | 211.41 Gb Free Space | 74.37% Space Free | Partition Type: NTFS
Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 96.77 Mb Free Space | 97.42% Space Free | Partition Type: FAT32
Drive G: | 962.73 Mb Total Space | 962.73 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 01:20:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2012/08/04 13:14:08 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/08/02 22:50:11 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/08/01 19:33:51 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/29 16:28:47 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/10/06 08:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/01 19:33:45 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/01 19:33:27 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/01 19:33:26 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/01 19:33:26 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/01 19:33:26 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/13 17:13:08 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 17:12:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 17:11:47 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/12 12:18:42 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/12 12:13:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 12:12:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 12:12:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 12:11:11 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/12 12:10:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 12:10:33 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 12:10:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 12:10:21 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 12:10:09 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/24 23:50:15 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/10/06 08:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/09/29 23:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 23:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 23:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 23:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 23:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 23:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 23:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/09/29 23:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/08/20 21:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 21:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 21:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/29 19:10:05 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/29 19:10:04 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/08/05 05:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 22:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2012/08/02 22:50:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/01 19:33:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/29 19:10:05 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe -- (STacSV)
SRV - [2010/10/29 19:10:04 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/29 19:12:45 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/10/29 19:10:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/24 13:58:36 | 000,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/05 06:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 08:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 22:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 22:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 20:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 15:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{E794932D-A04D-4D67-8F8A-F8FEC221000F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E794932D-A04D-4D67-8F8A-F8FEC221000F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {D57EEB94-D1D7-4BAD-9BF0-6EADBAD85848}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{72BFEBCA-D085-44F2-B0BF-E07A98529D8A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=57D80BF6-84FE-408C-9F49-54E40470041F&apn_sauid=7CD49AC3-1D2A-4489-82E1-5CE44F2F1A9D
IE - HKCU\..\SearchScopes\{D57EEB94-D1D7-4BAD-9BF0-6EADBAD85848}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7SKPT_enGB401
IE - HKCU\..\SearchScopes\{E794932D-A04D-4D67-8F8A-F8FEC221000F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Martin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Martin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Martin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18F10EF6-F402-44B2-BE3D-95475126CAAB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BE3E02C-5D76-45DE-9AE2-796E327F3A8C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1B89B9E-B0CC-4443-AF52-2F49D253DDD6}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d5a53a62-593c-11e0-bfb4-c80aa90b0183}\Shell - "" = AutoRun
O33 - MountPoints2\{d5a53a62-593c-11e0-bfb4-c80aa90b0183}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 12:43:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/15 12:25:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{BCC99553-02D3-417D-BC14-13B04B6B1CA7}
[2012/08/15 12:23:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{61839CD4-C382-4E2D-9174-09CF361AE66F}
[2012/08/15 01:20:32 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012/08/14 23:49:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 22:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1D173402D4A6A3DB057943F875F002
[2012/08/14 13:55:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{474DEEBD-5062-4A6B-8D06-B598E8525BA0}
[2012/08/14 13:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{16E694CC-EAC3-443B-81A5-32F2FB3F1117}
[2012/08/12 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{078F6E5F-27DD-4572-B43D-F78410F5B21F}
[2012/08/12 17:41:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{ADAC7971-E3D7-476B-9015-95D6F48BF859}
[2012/08/12 17:24:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C62B8AF3-0B48-4FE0-8566-4007FBBD44F1}
[2012/08/10 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{8228F447-11DD-40D4-8840-9C9B244FD1E4}
[2012/08/10 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{ED74AC75-AC8F-4818-82C9-676CAA7EB3E4}
[2012/08/10 00:23:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{BF40488A-B25E-4331-BDD6-5882201DF39A}
[2012/08/10 00:23:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{7B553838-16D1-44FF-898C-8F14E7D1AAB4}
[2012/08/09 12:21:30 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{8A55725E-2172-4CAA-A4DE-B21BEF989879}
[2012/08/09 12:20:55 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{2904F0D7-3AF4-4BDF-948A-D358AC285FDF}
[2012/08/08 13:46:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{BF25D574-63A0-4FAF-B1D9-47035FF67D7B}
[2012/08/08 13:45:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C50B7980-5A78-499F-8F9D-0C25C0835521}
[2012/08/08 04:10:17 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/07 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/07 18:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/07 17:01:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{50F46683-AD69-4920-983F-25DCBA3C59E1}
[2012/08/07 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C7D6FCA0-D542-428C-9A8C-B23E38961609}
[2012/08/06 19:40:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{208D7785-DFF6-11E1-8270-B8AC6F996F26}
[2012/08/06 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\CrashDumps
[2012/08/06 11:31:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{A3863049-A808-43D9-B802-4074493B563F}
[2012/08/06 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{D2462B56-41F2-4497-B08C-0156532529FA}
[2012/08/05 16:59:32 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{83A1ECEA-2485-47BB-AC7A-1856901337AE}
[2012/08/05 16:59:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{9D602043-9F2F-41EB-95FD-81D7EC1AE16B}
[2012/08/04 13:15:26 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{F46513CD-C421-466E-9E4C-2CC1B31B63DD}
[2012/08/04 13:14:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{D6307133-84D3-41E9-B693-47D389C70BA2}
[2012/08/03 12:39:49 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{E0701E12-71F1-4DF9-8BC4-8A11A08F64D4}
[2012/08/03 12:39:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{41464AE8-042E-48C0-ACCE-0EB816C3F4F5}
[2012/08/03 00:21:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{6852289A-031B-4BEF-A823-1A83BC7D606E}
[2012/08/03 00:21:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{FD4B3133-C4A7-4FBA-A29F-28E167B8901A}
[2012/08/02 12:20:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{68DB97F0-0C9D-4790-8ABF-DAA7C285FEFF}
[2012/08/02 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{F56D193D-9BC2-48FA-AE61-EDE415528E6C}
[2012/08/01 14:39:52 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{8BCA594E-A36D-479C-83A4-E73064CA2C73}
[2012/08/01 14:39:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{8954B5D1-49E7-4772-831B-9F3DEBA38C5C}
[2012/07/31 12:40:06 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{4189B1BF-7BD4-44F6-9652-B540B6AFB4C0}
[2012/07/31 12:39:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{ABB3601E-084F-48A8-BF0C-62E64C1BBEBA}
[2012/07/30 13:00:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{0886B48A-29D6-4976-9A1F-C1DF96E7828B}
[2012/07/30 12:59:14 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{52120FCC-15DE-47A3-9A2C-D5AA32B30A56}
[2012/07/29 17:49:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{812A1D46-80BA-4756-A53A-91AB525B1449}
[2012/07/29 17:49:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{B36D1CB3-C15F-460E-BAFF-095D4FEFC4EF}
[2012/07/27 20:02:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{77F03977-7C2E-47C0-BDE2-65BE3A3344CB}
[2012/07/27 12:54:08 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{672E8C39-14BF-403F-B15B-F5EE8061DB69}
[2012/07/26 22:56:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{F98CA884-AE5E-4C01-89F7-DD8378005F20}
[2012/07/26 22:56:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{E16806B7-514F-458D-8780-333794F831A5}
[2012/07/26 10:55:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{823316BD-F80F-4225-9A26-E732E7EAAFCB}
[2012/07/26 10:55:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{FC6D0189-57F8-4257-9329-04EE73ED4EAD}
[2012/07/25 13:01:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{6B9AE50B-8F52-46FA-B067-C60DCAD75192}
[2012/07/25 13:00:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{0DA9D791-79C3-491F-96BF-22D8536E5C4F}
[2012/07/24 14:23:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{DE0AFD37-BFFB-4C0B-8B6B-92348B99B419}
[2012/07/24 14:23:27 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{D261B02C-BF68-4327-8B9A-E66D8047B4FF}
[2012/07/23 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{E4C8881E-52CC-4A83-B34C-8B871388C60B}
[2012/07/23 20:20:17 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{64D587CC-E375-433B-96B5-3792A8715D7B}
[2012/07/22 20:12:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C69FD1CA-A871-4D49-83D1-DB84EA09EB8D}
[2012/07/22 20:12:01 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C9915C79-0614-4375-B107-91CF6E63E6F6}
[2012/07/21 16:15:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{5B88FEB7-76ED-4EAE-87F2-122334EB15B4}
[2012/07/21 16:15:27 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{7841954A-F181-4ACD-91F3-BE11B82A9B4B}
[2012/07/19 16:36:19 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{CCD6397A-764C-41A2-B99A-96CB2F5FF7E4}
[2012/07/19 16:35:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{81AD2D56-CD77-4AFF-8FA9-520F5F0E9432}
[2012/07/18 17:09:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{AB9B230B-E09B-4B8C-AA67-26FF37FED1F1}
[2012/07/18 17:09:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{EA8DFC6F-8A1F-4F85-A13A-DACC2C3BAB47}
[2012/07/17 21:01:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{9B0944A7-5069-4A1E-B511-0892EBADE479}
[2012/07/17 21:00:53 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{BA72955A-E7CA-4803-8D72-7BE36FE70966}
[2012/07/16 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{5D36F93E-0365-4DDE-A6AD-3598CCD1DCC7}
[2012/07/16 18:50:30 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{FA77AD5B-3FCE-4B25-809F-F3C053C6B52A}
[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 12:51:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 12:51:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 12:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 12:44:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 12:44:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 12:43:59 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 12:39:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 12:38:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000UA.job
[2012/08/15 01:20:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012/08/14 23:50:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 23:16:08 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 23:16:08 | 000,631,002 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 23:16:08 | 000,112,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 22:54:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000UA.job
[2012/08/14 22:54:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000Core.job
[2012/08/14 22:13:58 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1781893649-2917393759-2575885653-1000Core.job
[2012/08/14 22:08:52 | 000,002,459 | ---- | M] () -- C:\Users\Martin\Desktop\Google Chrome.lnk
[2012/08/14 13:50:26 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMartin.job
[2012/08/07 18:27:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/05 22:40:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMARTIN-PC$.job
[2012/08/02 22:50:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/02 22:50:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 23:50:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 20:28:31 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMartin.job
[2012/08/07 18:27:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/13 02:05:13 | 000,000,000 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\wklnhst.dat
[2012/02/22 04:15:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/07/23 14:56:37 | 000,523,136 | ---- | C] () -- C:\Users\Martin\AppData\Local\tmp2.JPG
[2011/07/23 14:56:36 | 001,861,650 | ---- | C] () -- C:\Users\Martin\AppData\Local\tmp2.0
[2011/02/19 18:55:12 | 000,001,854 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\GhostObjGAFix.xml
[2011/01/26 16:16:36 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/28 12:42:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/26 14:36:05 | 000,071,259 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/08/26 14:36:02 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys

< End of report >

----

Thank you

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:26 PM

Posted 15 August 2012 - 09:57 AM

Well done. That looks better as there is no active infection any more.

We are going to cover the vulnerabilities and check the whole system for any leftover. If the ESET scan found malware files in Quarantine folder of FRST don't be alarmed. We remove the folder at the end anyway. But the scan might take several hours.

  • Older Java versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please update your Java to the latest version: http://www.java.com/en/download/help/java_update.xml

    Then go to start => Control Panel => open "Programs and Features" and uninstall any old Java.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista and Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on: Posted Image

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on: Posted Image
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats and the option Scan archives are checked.
    • Now click on Advanced Settings and select the following:
    • Enable Anti-Stealth Technology
    • Now click on: Posted Image
    • The virus signature database... will begin to download. Be patient this may take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on: Posted Image
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


#11 Paradoxymoron

Paradoxymoron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 17 August 2012 - 04:46 AM

Hiya,

I've done everything mentioned above, but the ESET Online Scanner hasn't opened a Log File. Does it open after closing, or before? I haven't yet closed it for fear of losing the Log (Especially given how long the scan took!)

For now I can tell you that the scan did find and clean 14 files:

- Win32/PSW.Papras.CE trojan
- a variant of Win32/Kryptik.AKFY trojan
- a variant of Win32/Injector.UXR trojan
- Win64/Sirefef.AL trojan
- Win64/Sirefef.AH trojan
- Win32/InstallCore.H application
- HTML-Iframe.B.Gen virus
- a variant of Win32/Kryptik.AKFY trojan
- a variant of Win32/Kryptik.AKFY trojan
- a variant of Win32/Medfos.CO trojan
- HTML/Iframe.B.Gen virus
- HTML/Iframe.B.Gen virus
- a variant of Win32/Medfos.CO trojan
- a variant of Win32/Kryptik.AKFY trojan

I will leave the scanner open for now until told otherwise. I have turned Microsoft Security Essentials back on - and have updated Java.

Thank you

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:26 PM

Posted 17 August 2012 - 09:00 AM

Hi,

The log should be here: C:\Program Files\ESET\EsetOnlineScanner\log.txt
If you couldn't find it there take a look here: C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt

#13 Paradoxymoron

Paradoxymoron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 17 August 2012 - 10:07 AM

Hiya,

I found the log in the latter location, though it doesn't appear to say much significant (I could, of course, be mistaken). The log is:

--

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

---

What should I do now?

Thank you

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:26 PM

Posted 17 August 2012 - 10:31 AM

Hi,

That is not the log we expected but ESET has done what we wanted. I believe we have taken care of everything. But I would like to see a clean log of TDSSKiller too.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Edited by Farbar, 17 August 2012 - 10:31 AM.


#15 Paradoxymoron

Paradoxymoron
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 17 August 2012 - 03:00 PM

Heya

Ran the TDSS scan. It didn't detect anything, and also didn't need to reboot.

The log is as follows:

--

20:57:57.0961 6624 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
20:57:57.0988 6624 Wlansvc - ok
20:57:58.0107 6624 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:57:58.0168 6624 wlidsvc - ok
20:57:58.0209 6624 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:57:58.0211 6624 WmiAcpi - ok
20:57:58.0243 6624 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:57:58.0249 6624 wmiApSrv - ok
20:57:58.0268 6624 WMPNetworkSvc - ok
20:57:58.0282 6624 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:57:58.0287 6624 WPCSvc - ok
20:57:58.0324 6624 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:57:58.0330 6624 WPDBusEnum - ok
20:57:58.0362 6624 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:57:58.0365 6624 ws2ifsl - ok
20:57:58.0384 6624 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
20:57:58.0389 6624 wscsvc - ok
20:57:58.0397 6624 WSearch - ok
20:57:58.0490 6624 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:57:58.0568 6624 wuauserv - ok
20:57:58.0595 6624 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:57:58.0600 6624 WudfPf - ok
20:57:58.0649 6624 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:58.0656 6624 WUDFRd - ok
20:57:58.0701 6624 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:57:58.0707 6624 wudfsvc - ok
20:57:58.0728 6624 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
20:57:58.0745 6624 WwanSvc - ok
20:57:58.0791 6624 [ b3eeacf62445e24fbb2cd4b0fb4db026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:57:58.0809 6624 yukonw7 - ok
20:57:58.0857 6624 ================ Scan global ===============================
20:57:58.0888 6624 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
20:57:58.0923 6624 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
20:57:58.0949 6624 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
20:57:58.0981 6624 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
20:57:59.0012 6624 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
20:57:59.0021 6624 [Global] - ok
20:57:59.0022 6624 ================ Scan MBR ==================================
20:57:59.0035 6624 MBR (0x1B8) (0949af2f22b2a363f36519ac93b3d020) \Device\Harddisk0\DR0
20:57:59.0312 6624 \Device\Harddisk0\DR0 - ok
20:57:59.0313 6624 ================ Scan VBR ==================================
20:57:59.0320 6624 Boot (0x1200) (5df877031da06ff7a515c9dd2604b5f0) \Device\Harddisk0\DR0\Partition1
20:57:59.0323 6624 \Device\Harddisk0\DR0\Partition1 - ok
20:57:59.0334 6624 Boot (0x1200) (c94bd965b462283b3394dee2b59b8e3f) \Device\Harddisk0\DR0\Partition2
20:57:59.0338 6624 \Device\Harddisk0\DR0\Partition2 - ok
20:57:59.0367 6624 Boot (0x1200) (8643087783a760b75ff9fa60e0debaed) \Device\Harddisk0\DR0\Partition3
20:57:59.0370 6624 \Device\Harddisk0\DR0\Partition3 - ok
20:57:59.0389 6624 Boot (0x1200) (e8db1b352a1030d31c3d5085f60a3dde) \Device\Harddisk0\DR0\Partition4
20:57:59.0391 6624 \Device\Harddisk0\DR0\Partition4 - ok
20:57:59.0392 6624 ============================================================
20:57:59.0392 6624 Scan finished
20:57:59.0392 6624 ============================================================
20:57:59.0508 7256 Detected object count: 0
20:57:59.0508 7256 Actual detected object count: 0

---

Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users