Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This is quite unfortunate.


  • This topic is locked This topic is locked
74 replies to this topic

#1 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 12 July 2013 - 03:57 PM

Ok, I will save you time. Please see previous post. http://www.bleepingcomputer.com/forums/t/500799/this-sucks/
Tried system restore, semed fine, deleted system restore points, updated, set manual restore point, let window update some more. Now it's back. What should I do?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


BC AdBot (Login to Remove)

 


#2 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 12 July 2013 - 04:26 PM

Here is the DDS log, also in Comodo killswitch It gave me an alert that a driver "qygsri" had made a start entry, which was a boot time entry. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Ryan at 14:22:56 on 2013-07-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4077.2776 [GMT -7:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\helppane.exe
C:\Program Files\COMODO\COMODO Internet Security\CCE.exe
C:\Program Files\COMODO\COMODO Internet Security\KillSwitch.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - <orphaned>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Ryan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - <orphaned>
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2E20DDBA-9AEE-4C74-A29C-833E5845CDC6} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\376737 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\376737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\7457563747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\75962756C6563737 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\8686F6E6F62737 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\8686F6E6F62737 : DHCPNameServer = 64.65.208.6 64.65.196.6 4.2.2.1
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\C416155796E64716 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\C416155796E64716 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{DAD19773-B92A-45CE-96C8-BD1E085DB15B} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{DAD19773-B92A-45CE-96C8-BD1E085DB15B} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\System32\drivers\cmderd.sys [2013-4-15 23168]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-3-10 28176]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\System32\drivers\jmccgp.sys [2011-3-10 17904]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-6-7 406056]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdguard.sys [2013-4-15 708632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-20 2095752]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\windows\System32\drivers\stflt.sys [2010-7-7 50696]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-9-2 54824]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936]
S3 DRIVER_B;DRIVER_B;C:\windows\System32\drivers\DRIVER_BIN64 [2011-10-13 26424]
S3 IOMap;IOMap;C:\windows\System32\drivers\IOMap64.sys [2012-8-11 23680]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-9-2 160880]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\System32\drivers\jmcam.sys [2011-3-10 57072]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\System32\drivers\jmcam_lo.sys [2011-3-10 31344]
S3 ManyCam;ManyCam Virtual Webcam;C:\windows\System32\drivers\mcvidrv_x64.sys [2012-1-10 34304]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-9-12 25928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187B.sys [2009-6-10 416768]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 VBoxUSB;VirtualBox USB;C:\windows\System32\drivers\VBoxUSB.sys [2013-4-12 106256]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-3 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-12-19 240640]
S4 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-7-12 131912]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown meyssy;meyssy; [x]
SUnknown qygsri;qygsri; [x]
SUnknown vwkulc;vwkulc; [x]
.
=============== Created Last 30 ================
.
2013-07-12 21:03:57 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Comodo
2013-07-12 20:05:23 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-12 20:05:23 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 20:05:22 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 20:05:22 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-12 20:05:22 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-12 20:04:52 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-12 20:04:52 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-12 20:04:51 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-12 20:04:30 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 20:04:30 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-12 20:04:30 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-12 20:04:30 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-12 20:04:30 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-12 20:04:30 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-12 20:04:30 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-12 20:04:29 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-12 20:04:29 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-12 20:02:24 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-12 20:02:24 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-11 00:46:02 -------- d-----w- C:\Users\Ryan\AppData\Local\Apple
2013-07-11 00:12:54 5 ----a-w- C:\windows\System32\test.reg
2013-07-07 06:16:15 -------- d-----w- C:\Users\Ryan\AppData\Local\ATI
2013-07-07 06:13:12 -------- d-----w- C:\Program Files (x86)\Sapphire TRIXX
2013-07-06 03:42:21 -------- d-----w- C:\Users\Ryan\AppData\Local\VirtualStore
2013-07-06 01:20:41 -------- d-----w- C:\Program Files (x86)\ESET
2013-07-06 00:40:06 -------- d-----w- C:\Program Files (x86)\OBS_0_52_08_test
2013-07-06 00:35:17 -------- d-----w- C:\Users\Ryan\AppData\Local\Rockstar Games
2013-07-06 00:32:57 -------- d-----w- C:\Users\Ryan\AppData\Local\4A Games
2013-07-06 00:13:30 -------- d-----w- C:\Users\Ryan\AppData\Local\Comodo
2013-07-05 06:36:29 -------- d-----w- C:\windows\ERUNT
2013-07-04 05:52:09 -------- dc----w- C:\DOSBox
2013-06-29 04:27:45 401408 ----a-w- C:\windows\wget.exe
2013-06-28 02:13:43 -------- d-----w- C:\ProgramData\Lenovo
2013-06-28 02:13:41 59816 ----a-r- C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{47C4D20F-1A75-44F4-BF51-479C3119BEEF}\ARPPRODUCTICON.exe
2013-06-28 02:13:41 -------- d-----w- C:\Program Files\Common Files\Lenovo
2013-06-28 02:13:30 59816 ----a-r- C:\Users\Ryan\AppData\Roaming\Microsoft\Installer\{1D2FF661-4402-4D75-AA40-B23FCAF81D32}\ARPPRODUCTICON.exe
2013-06-28 02:13:30 -------- d-----w- C:\Program Files (x86)\Common Files\Lenovo
2013-06-28 02:11:13 -------- dc----w- C:\swtools
2013-06-27 21:36:26 238352 ----a-w- C:\windows\System32\drivers\VBoxDrv.sys
2013-06-27 21:36:24 120080 ----a-w- C:\windows\System32\drivers\VBoxUSBMon.sys
2013-06-26 02:50:00 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 03:26:54 -------- d-----w- C:\Program Files (x86)\Xcarab
2013-06-21 23:00:16 204048 ----a-w- C:\windows\System32\VBoxNetFltNobj.dll
2013-06-21 23:00:16 146704 ----a-w- C:\windows\System32\drivers\VBoxNetFlt.sys
2013-06-21 23:00:16 131856 ----a-w- C:\windows\System32\drivers\VBoxNetAdp.sys
2013-06-17 01:13:25 -------- d-----w- C:\ProgramData\IObit
2013-06-17 01:13:25 -------- d-----w- C:\Program Files (x86)\IObit
2013-06-13 20:18:16 -------- d-----w- C:\ProgramData\Hi-Rez Studios
.
==================== Find3M  ====================
.
2013-06-28 01:49:38 56072 ----a-w- C:\windows\System32\certsentry.dll
2013-06-28 01:49:38 47368 ----a-w- C:\windows\SysWow64\certsentry.dll
2013-06-26 02:49:40 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-06-26 02:49:40 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-18 15:16:09 48360 ----a-w- C:\windows\System32\drivers\cmdhlp.sys
2013-06-18 15:16:08 708632 ----a-w- C:\windows\System32\drivers\cmdguard.sys
2013-06-18 15:16:07 23168 ----a-w- C:\windows\System32\drivers\cmderd.sys
2013-06-18 15:15:49 43216 ----a-w- C:\windows\System32\cmdcsr.dll
2013-06-18 15:15:47 348584 ----a-w- C:\windows\SysWow64\guard32.dll
2013-06-18 15:15:46 437688 ----a-w- C:\windows\System32\guard64.dll
2013-06-18 15:15:38 45784 ----a-w- C:\windows\System32\cmdkbd64.dll
2013-06-18 15:15:38 344792 ----a-w- C:\windows\System32\cmdvrt64.dll
2013-06-18 15:15:35 278232 ----a-w- C:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15:34 40664 ----a-w- C:\windows\SysWow64\cmdkbd32.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:35:55 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:35:55 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-02 09:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
.
============= FINISH: 14:24:31.15 ===============

Edited by Zestypanda, 12 July 2013 - 04:27 PM.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#3 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 15 July 2013 - 06:12 PM

Hello, I still require assistance, I know there is a back log, I just wanna make sure no one forgot about me.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:40 PM

Posted 16 July 2013 - 04:42 PM

Please do the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT


Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit located in the mbar\plugins folder and reboot.
Verify that your system is now functioning normally.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 16 July 2013 - 09:41 PM

Ok, I shall follow these steps.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:40 PM

Posted 17 July 2013 - 08:00 AM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 17 July 2013 - 03:37 PM

rescue scan, even with my experience on this forum I still can't remember where the attach button is, so I'm going to post the attach log in the reply, I hope that's ok. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Ryan (administrator) on 17-07-2013 13:31:40
Running from C:\Users\Ryan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1497816 2013-06-18] (COMODO)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4400064 2009-12-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [CCE] - C:\Program Files\COMODO\COMODO Internet Security\CCE.exe [8326360 2013-06-18] (COMODO)
HKLM-x32\...\Runonce: [86D7766E-8CD8-4C1C-A4FD-C0C1591F7297] - cmd.exe /C start /D "C:\Users\Ryan\AppData\Local\Temp" /B 86D7766E-8CD8-4C1C-A4FD-C0C1591F7297.exe -activeimages -postboot [x]
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [LenovoWallpaper] - "C:\Program Files\desktop\ChangeDesktop.exe" "C:\Program Files\desktop\Desktop.jpg" [x]
HKU\Default User\...\RunOnce: [LenovoWallpaper] - "C:\Program Files\desktop\ChangeDesktop.exe" "C:\Program Files\desktop\Desktop.jpg" [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=panda2_0yach
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2E20DDBA-9AEE-4C74-A29C-833E5845CDC6}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{DAD19773-B92A-45CE-96C8-BD1E085DB15B}: [NameServer]156.154.70.22,156.154.71.22
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6181504 2013-06-18] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095752 2013-06-20] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-01-16] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-06-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO)
S3 DRIVER_B; \??\C:\windows\system32\Drivers\DRIVER_BIN64 [26424 2011-10-13] ()
S3 DRIVER_B; \??\C:\windows\system32\Drivers\DRIVER_BIN64 [26424 2011-10-13] ()
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32000 2013-07-14] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO)
S3 IOMap; C:\windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
S3 IOMap; C:\windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-05] (JMicron Technology Corp.)
S3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [57072 2010-04-23] (JMicron Technology Corp.)
S3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31344 2010-04-23] (JMicron Technology Corp.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-10] (ManyCam LLC)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1061888 2009-09-15] (Ralink Technology Corp.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [50696 2010-07-07] (Windows ® Win 7 DDK provider)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-04-12] (Oracle Corporation)
U3 BcmSqlStartupSvc; 
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\drivers\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
S1 EIO64; system32\DRIVERS\EIO64.sys [x]
U2 IAStorDataMgrSvc; 
U3 IGRS; 
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
U2 IviRegMgr; 
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotDev; system32\DRIVERS\motodrv.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 motport; system32\DRIVERS\motport.sys [x]
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-17 13:31 - 2013-07-17 13:31 - 00000000 ___DC C:\FRST
2013-07-17 13:23 - 2013-07-17 13:29 - 01778209 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2013-07-14 16:41 - 2013-07-14 16:41 - 00032000 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2013-07-14 16:32 - 2013-07-14 16:32 - 00008666 _____ C:\Users\Ryan\Downloads\hijackthis.log
2013-07-14 16:30 - 2013-07-14 16:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ryan\Downloads\HijackThis.exe
2013-07-12 19:57 - 2013-07-12 19:59 - 00001666 _____ C:\Users\Ryan\Desktop\Rkill.txt
2013-07-12 19:36 - 2013-07-12 19:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2013-07-12 19:35 - 2013-07-12 19:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-12 19:35 - 2013-07-12 19:35 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-12 19:35 - 2013-07-12 19:35 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-12 19:19 - 2013-07-12 19:35 - 26552176 _____ (SUPERAntiSpyware.com) C:\Users\Ryan\Downloads\SUPERAntiSpyware.exe
2013-07-12 18:56 - 2013-07-12 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 18:46 - 2013-07-12 18:46 - 00328050 _____ C:\Users\Ryan\Desktop\gmer.log
2013-07-12 18:07 - 2013-07-12 18:07 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-12 17:33 - 2013-07-14 16:53 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-12 15:31 - 2013-07-12 15:31 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2013-07-12 14:24 - 2013-07-12 14:24 - 00021495 _____ C:\Users\Ryan\Desktop\attach.txt
2013-07-12 14:24 - 2013-07-12 14:24 - 00018206 _____ C:\Users\Ryan\Desktop\dds.txt
2013-07-12 14:16 - 2013-07-12 14:17 - 00688992 ____R (Swearware) C:\Users\Ryan\Desktop\dds.com
2013-07-12 14:03 - 2013-07-12 14:04 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Comodo
2013-07-12 13:39 - 2013-07-12 13:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Macromedia
2013-07-12 13:39 - 2013-07-12 13:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Adobe
2013-07-12 13:36 - 2013-07-12 13:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2013-07-12 13:35 - 2013-07-15 01:06 - 00000448 _____ C:\windows\setupact.log
2013-07-12 13:35 - 2013-07-12 13:35 - 00000000 _____ C:\windows\setuperr.log
2013-07-12 13:25 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 13:25 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 13:25 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 13:25 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 13:25 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 13:25 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 13:25 - 2013-06-11 16:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 13:25 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 13:25 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 13:25 - 2013-06-11 16:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 13:25 - 2013-06-11 16:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 13:25 - 2013-06-11 16:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 13:25 - 2013-06-11 16:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 13:25 - 2013-06-11 16:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 13:25 - 2013-06-11 16:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 13:25 - 2013-06-11 16:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 13:25 - 2013-06-11 16:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 13:25 - 2013-06-11 16:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 13:25 - 2013-06-11 15:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 13:25 - 2013-06-11 15:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 13:25 - 2013-06-06 20:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 13:25 - 2013-06-06 19:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-12 13:04 - 2013-06-04 20:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-12 13:04 - 2013-06-03 23:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-12 13:04 - 2013-06-03 21:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-12 13:04 - 2013-05-05 23:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-12 13:04 - 2013-05-05 21:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-12 13:02 - 2013-04-09 16:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-12 13:02 - 2013-04-02 15:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-12 12:04 - 2013-07-12 12:21 - 00000000 ___DC C:\Qoobox
2013-07-10 17:46 - 2013-07-10 17:46 - 00000000 ____D C:\Users\Ryan\AppData\Local\Apple
2013-07-07 12:12 - 2013-07-07 12:12 - 00000000 ____D C:\Users\Ryan\Downloads\INVedit
2013-07-06 23:16 - 2013-07-06 23:16 - 00000000 ____D C:\Users\Ryan\AppData\Local\ATI
2013-07-06 23:13 - 2013-07-06 23:32 - 00000000 ____D C:\Program Files (x86)\Sapphire TRIXX
2013-07-06 20:44 - 2013-07-06 20:56 - 03627808 _____ C:\Users\Ryan\Downloads\TRIXX_installer_634959254654310003.exe
2013-07-06 15:25 - 2013-07-11 11:22 - 00044233 _____ C:\Users\Ryan\Desktop\Test.txt
2013-07-06 15:11 - 2013-07-06 15:11 - 00484992 _____ C:\Users\Ryan\Desktop\Minecraft.exe
2013-07-05 20:42 - 2013-07-05 20:42 - 00000000 ____D C:\Users\Ryan\AppData\Local\VirtualStore
2013-07-05 18:20 - 2013-07-05 18:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-05 17:40 - 2013-07-05 17:40 - 00000000 ____D C:\Program Files (x86)\OBS_0_52_08_test
2013-07-05 17:37 - 2013-07-05 17:37 - 00072832 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-05 17:35 - 2013-07-05 17:36 - 00000000 ____D C:\Users\Ryan\AppData\Local\Rockstar Games
2013-07-05 17:32 - 2013-07-05 17:32 - 00000000 ____D C:\Users\Ryan\AppData\Local\4A Games
2013-07-05 17:16 - 2013-07-05 17:22 - 11515564 _____ C:\Users\Ryan\Downloads\OBS_0_52_08_test.zip
2013-07-05 17:13 - 2013-07-05 17:13 - 00000000 ____D C:\Users\Ryan\AppData\Local\Comodo
2013-07-04 23:36 - 2013-07-04 23:36 - 00000000 ____D C:\windows\ERUNT
2013-07-04 23:29 - 2013-07-04 23:29 - 00003114 _____ C:\windows\System32\Tasks\{CE9E5384-7A28-4A7D-B9B1-5FAF55671A0C}
2013-07-03 22:52 - 2013-07-06 17:38 - 00000000 ___DC C:\DOSBox
2013-06-29 17:55 - 2013-06-29 17:55 - 00013661 _____ C:\windows\SysWOW64\index.html
2013-06-28 23:40 - 2013-06-28 23:55 - 00000278 _____ C:\Users\Ryan\Desktop\files.txt
2013-06-28 21:28 - 2013-04-04 01:08 - 00368554 _____ C:\windows\SysWOW64\gmer.zip
2013-06-28 21:27 - 2013-06-28 14:12 - 00401408 _____ C:\windows\wget.exe
2013-06-28 12:33 - 2013-06-28 12:35 - 01142835 _____ (pendrivelinux.com) C:\Users\Ryan\Downloads\Universal-USB-Installer-1.9.3.6.exe
2013-06-28 12:27 - 2013-06-28 14:13 - 327749632 _____ C:\Users\Ryan\Downloads\kav_rescue_10.iso
2013-06-27 19:42 - 2013-06-27 19:42 - 00003202 _____ C:\windows\System32\Tasks\{10980E0D-9C99-4435-B6F0-0FE8EDC79745}
2013-06-27 19:13 - 2013-06-27 19:13 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-27 19:13 - 2013-06-27 19:13 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-27 19:11 - 2013-06-27 19:11 - 00000000 ___DC C:\swtools
2013-06-27 14:36 - 2013-06-21 16:01 - 00238352 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2013-06-27 14:36 - 2013-06-21 16:00 - 00120080 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2013-06-27 13:48 - 2013-06-27 13:48 - 00003130 _____ C:\windows\System32\Tasks\{A0B1F7A8-84C6-43ED-8E01-19A1E41C4A81}
2013-06-25 19:50 - 2013-06-25 19:49 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-06-25 19:50 - 2013-06-25 19:49 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-06-25 19:50 - 2013-06-25 19:49 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-06-25 19:50 - 2013-06-25 19:49 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 20:26 - 2013-06-21 20:26 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vmToolkit
2013-06-21 20:26 - 2013-06-21 20:26 - 00000000 ____D C:\Program Files (x86)\Xcarab
2013-06-21 19:08 - 2013-06-21 19:08 - 00000000 ____D C:\Users\Ryan\Documents\My Virtual Machines
2013-06-21 16:00 - 2013-06-21 16:00 - 00204048 _____ (Oracle Corporation) C:\windows\system32\VBoxNetFltNobj.dll
2013-06-21 16:00 - 2013-06-21 16:00 - 00146704 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetFlt.sys
2013-06-21 16:00 - 2013-06-21 16:00 - 00131856 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetAdp.sys
2013-06-19 13:07 - 2013-06-19 13:49 - 30764186 _____ C:\Users\Ryan\Downloads\Koo Koo Kanga Roo - Midnight Slushie.zip
2013-06-19 13:07 - 2013-06-19 13:22 - 12499426 _____ C:\Users\Ryan\Downloads\Koo Koo Kanga Roo - Space Bots & Tater Tots.zip
2013-06-17 21:24 - 2013-06-17 21:24 - 00003212 _____ C:\windows\System32\Tasks\{79AF55C4-ABE6-4A28-9E8C-69C13742514D}
2013-06-17 21:17 - 2013-06-17 21:17 - 00003296 _____ C:\windows\System32\Tasks\{34163BB2-2476-4C2F-9CF5-30302B70C01D}
 
==================== One Month Modified Files and Folders =======
 
2013-07-17 13:31 - 2013-07-17 13:31 - 00000000 ___DC C:\FRST
2013-07-17 13:29 - 2013-07-17 13:23 - 01778209 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2013-07-15 01:08 - 2011-12-04 23:05 - 01474832 _____ C:\windows\system32\Drivers\sfi.dat
2013-07-15 01:07 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-15 01:06 - 2013-07-12 13:35 - 00000448 _____ C:\windows\setupact.log
2013-07-15 01:03 - 2009-07-13 21:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 01:03 - 2009-07-13 21:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 01:01 - 2009-07-13 22:13 - 00887278 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-15 01:00 - 2011-03-10 02:09 - 01060393 _____ C:\windows\WindowsUpdate.log
2013-07-15 00:44 - 2011-04-02 23:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-14 16:53 - 2013-07-12 17:33 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-14 16:46 - 2011-11-19 01:44 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839007091-301062112-3871788137-1000UA.job
2013-07-14 16:41 - 2013-07-14 16:41 - 00032000 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2013-07-14 16:32 - 2013-07-14 16:32 - 00008666 _____ C:\Users\Ryan\Downloads\hijackthis.log
2013-07-14 16:31 - 2013-07-14 16:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ryan\Downloads\HijackThis.exe
2013-07-14 16:09 - 2009-07-13 22:08 - 00032564 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-07-12 19:59 - 2013-07-12 19:57 - 00001666 _____ C:\Users\Ryan\Desktop\Rkill.txt
2013-07-12 19:36 - 2013-07-12 19:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\SUPERAntiSpyware.com
2013-07-12 19:36 - 2013-07-12 19:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-07-12 19:35 - 2013-07-12 19:35 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-07-12 19:35 - 2013-07-12 19:35 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-07-12 19:35 - 2013-07-12 19:19 - 26552176 _____ (SUPERAntiSpyware.com) C:\Users\Ryan\Downloads\SUPERAntiSpyware.exe
2013-07-12 19:14 - 2013-07-12 18:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 18:46 - 2013-07-12 18:46 - 00328050 _____ C:\Users\Ryan\Desktop\gmer.log
2013-07-12 18:07 - 2013-07-12 18:07 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-12 16:33 - 2012-04-01 10:33 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 15:31 - 2013-07-12 15:31 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2013-07-12 14:24 - 2013-07-12 14:24 - 00021495 _____ C:\Users\Ryan\Desktop\attach.txt
2013-07-12 14:24 - 2013-07-12 14:24 - 00018206 _____ C:\Users\Ryan\Desktop\dds.txt
2013-07-12 14:17 - 2013-07-12 14:16 - 00688992 ____R (Swearware) C:\Users\Ryan\Desktop\dds.com
2013-07-12 14:04 - 2013-07-12 14:03 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Comodo
2013-07-12 13:46 - 2011-11-19 01:44 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839007091-301062112-3871788137-1000Core.job
2013-07-12 13:39 - 2013-07-12 13:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Macromedia
2013-07-12 13:39 - 2013-07-12 13:39 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Adobe
2013-07-12 13:36 - 2013-07-12 13:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2013-07-12 13:35 - 2013-07-12 13:35 - 00000000 _____ C:\windows\setuperr.log
2013-07-12 13:35 - 2009-07-29 00:00 - 00000000 ____D C:\windows\Panther
2013-07-12 13:35 - 2009-07-13 21:45 - 00324832 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 13:34 - 2009-07-29 00:23 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 13:34 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 13:34 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 13:33 - 2012-02-07 23:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 13:33 - 2012-02-07 23:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 13:28 - 2011-04-03 08:50 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-12 13:16 - 2011-04-30 20:29 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\.minecraft
2013-07-12 12:52 - 2011-04-02 19:33 - 00000000 ____D C:\Users\Ryan
2013-07-12 12:51 - 2012-09-19 14:57 - 00000000 ____D C:\Users\Administrator
2013-07-12 12:50 - 2013-06-03 17:43 - 00000000 ____D C:\windows\System32\Tasks\COMODO
2013-07-12 12:50 - 2011-09-07 14:54 - 00000000 ____D C:\windows\ERDNT
2013-07-12 12:50 - 2011-06-15 21:02 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2013-07-12 12:50 - 2011-04-02 19:34 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2013-07-12 12:50 - 2009-07-29 00:23 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-12 12:50 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-12 12:49 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2013-07-12 12:46 - 2011-04-02 19:34 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-12 12:21 - 2013-07-12 12:04 - 00000000 ___DC C:\Qoobox
2013-07-11 11:23 - 2011-08-09 14:07 - 00000000 ____D C:\Users\Ryan\.VirtualBox
2013-07-11 11:22 - 2013-07-06 15:25 - 00044233 _____ C:\Users\Ryan\Desktop\Test.txt
2013-07-10 17:46 - 2013-07-10 17:46 - 00000000 ____D C:\Users\Ryan\AppData\Local\Apple
2013-07-09 23:35 - 2011-04-02 23:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-07 12:12 - 2013-07-07 12:12 - 00000000 ____D C:\Users\Ryan\Downloads\INVedit
2013-07-06 23:32 - 2013-07-06 23:13 - 00000000 ____D C:\Program Files (x86)\Sapphire TRIXX
2013-07-06 23:16 - 2013-07-06 23:16 - 00000000 ____D C:\Users\Ryan\AppData\Local\ATI
2013-07-06 20:56 - 2013-07-06 20:44 - 03627808 _____ C:\Users\Ryan\Downloads\TRIXX_installer_634959254654310003.exe
2013-07-06 18:51 - 2012-05-05 15:38 - 00000000 ____D C:\Users\Ryan\Documents\Estories
2013-07-06 17:38 - 2013-07-03 22:52 - 00000000 ___DC C:\DOSBox
2013-07-06 15:11 - 2013-07-06 15:11 - 00484992 _____ C:\Users\Ryan\Desktop\Minecraft.exe
2013-07-06 11:56 - 2011-09-18 12:13 - 00000000 ____D C:\Users\Ryan\Documents\School 2011
2013-07-05 20:42 - 2013-07-05 20:42 - 00000000 ____D C:\Users\Ryan\AppData\Local\VirtualStore
2013-07-05 18:20 - 2013-07-05 18:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-05 17:47 - 2013-03-23 21:35 - 00000000 ____D C:\Users\Ryan\Desktop\Stuff
2013-07-05 17:41 - 2013-04-29 13:12 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2013-07-05 17:40 - 2013-07-05 17:40 - 00000000 ____D C:\Program Files (x86)\OBS_0_52_08_test
2013-07-05 17:37 - 2013-07-05 17:37 - 00072832 _____ C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-05 17:36 - 2013-07-05 17:35 - 00000000 ____D C:\Users\Ryan\AppData\Local\Rockstar Games
2013-07-05 17:32 - 2013-07-05 17:32 - 00000000 ____D C:\Users\Ryan\AppData\Local\4A Games
2013-07-05 17:22 - 2013-07-05 17:16 - 11515564 _____ C:\Users\Ryan\Downloads\OBS_0_52_08_test.zip
2013-07-05 17:13 - 2013-07-05 17:13 - 00000000 ____D C:\Users\Ryan\AppData\Local\Comodo
2013-07-05 16:57 - 2011-08-09 14:05 - 00000000 ____D C:\Program Files\Oracle
2013-07-05 14:18 - 2013-05-11 13:54 - 00000000 ____D C:\Users\Ryan\.dvdcss
2013-07-04 23:36 - 2013-07-04 23:36 - 00000000 ____D C:\windows\ERUNT
2013-07-04 23:29 - 2013-07-04 23:29 - 00003114 _____ C:\windows\System32\Tasks\{CE9E5384-7A28-4A7D-B9B1-5FAF55671A0C}
2013-07-03 17:49 - 2013-06-02 13:50 - 00000000 ____D C:\Users\Ryan\Desktop\Toolbox
2013-07-03 16:07 - 2013-05-19 19:32 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-03 14:52 - 2013-06-10 21:55 - 00000000 ___DC C:\tmp
2013-07-01 21:24 - 2012-02-05 16:46 - 00000000 ____D C:\Users\Ryan\Documents\Camtasia Studio
2013-06-29 17:55 - 2013-06-29 17:55 - 00013661 _____ C:\windows\SysWOW64\index.html
2013-06-28 23:55 - 2013-06-28 23:40 - 00000278 _____ C:\Users\Ryan\Desktop\files.txt
2013-06-28 14:13 - 2013-06-28 12:27 - 327749632 _____ C:\Users\Ryan\Downloads\kav_rescue_10.iso
2013-06-28 14:12 - 2013-06-28 21:27 - 00401408 _____ C:\windows\wget.exe
2013-06-28 12:59 - 2011-04-18 17:03 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-28 12:35 - 2013-06-28 12:33 - 01142835 _____ (pendrivelinux.com) C:\Users\Ryan\Downloads\Universal-USB-Installer-1.9.3.6.exe
2013-06-27 21:46 - 2013-04-02 18:13 - 00000000 ____D C:\Users\Ryan\Documents\My Machines
2013-06-27 19:42 - 2013-06-27 19:42 - 00003202 _____ C:\windows\System32\Tasks\{10980E0D-9C99-4435-B6F0-0FE8EDC79745}
2013-06-27 19:41 - 2011-03-10 02:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-27 19:35 - 2011-03-10 02:23 - 00000000 ____D C:\Program Files (x86)\Lenovo
2013-06-27 19:15 - 2009-07-13 20:20 - 00000000 __RSD C:\windows\Media
2013-06-27 19:13 - 2013-06-27 19:13 - 00000000 ____D C:\ProgramData\Lenovo
2013-06-27 19:13 - 2013-06-27 19:13 - 00000000 ____D C:\Program Files\Common Files\Lenovo
2013-06-27 19:11 - 2013-06-27 19:11 - 00000000 ___DC C:\swtools
2013-06-27 18:49 - 2013-03-29 10:56 - 00047368 _____ (COMODO CA Limited) C:\windows\SysWOW64\certsentry.dll
2013-06-27 18:49 - 2013-01-15 16:42 - 00056072 _____ (COMODO CA Limited) C:\windows\system32\certsentry.dll
2013-06-27 18:49 - 2012-08-21 16:50 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-06-27 13:48 - 2013-06-27 13:48 - 00003130 _____ C:\windows\System32\Tasks\{A0B1F7A8-84C6-43ED-8E01-19A1E41C4A81}
2013-06-27 11:33 - 2011-11-11 00:29 - 00883990 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-06-25 19:49 - 2013-06-25 19:50 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-06-25 19:49 - 2013-06-25 19:50 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-06-25 19:49 - 2013-06-25 19:50 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-06-25 19:49 - 2013-06-25 19:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 19:49 - 2012-05-13 11:35 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-06-25 19:49 - 2011-04-18 17:07 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-06-21 20:26 - 2013-06-21 20:26 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vmToolkit
2013-06-21 20:26 - 2013-06-21 20:26 - 00000000 ____D C:\Program Files (x86)\Xcarab
2013-06-21 19:08 - 2013-06-21 19:08 - 00000000 ____D C:\Users\Ryan\Documents\My Virtual Machines
2013-06-21 16:01 - 2013-06-27 14:36 - 00238352 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2013-06-21 16:00 - 2013-06-27 14:36 - 00120080 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2013-06-21 16:00 - 2013-06-21 16:00 - 00204048 _____ (Oracle Corporation) C:\windows\system32\VBoxNetFltNobj.dll
2013-06-21 16:00 - 2013-06-21 16:00 - 00146704 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetFlt.sys
2013-06-21 16:00 - 2013-06-21 16:00 - 00131856 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxNetAdp.sys
2013-06-19 17:38 - 2013-06-04 23:38 - 00043812 _____ C:\windows\system32\Drivers\fvstore.dat
2013-06-19 13:49 - 2013-06-19 13:07 - 30764186 _____ C:\Users\Ryan\Downloads\Koo Koo Kanga Roo - Midnight Slushie.zip
2013-06-19 13:22 - 2013-06-19 13:07 - 12499426 _____ C:\Users\Ryan\Downloads\Koo Koo Kanga Roo - Space Bots & Tater Tots.zip
2013-06-18 08:16 - 2013-04-25 11:05 - 00096800 _____ (COMODO) C:\windows\system32\Drivers\inspect.sys
2013-06-18 08:16 - 2013-04-15 18:38 - 00708632 _____ (COMODO) C:\windows\system32\Drivers\cmdguard.sys
2013-06-18 08:16 - 2013-04-15 18:38 - 00048360 _____ (COMODO) C:\windows\system32\Drivers\cmdhlp.sys
2013-06-18 08:16 - 2013-04-15 18:38 - 00023168 _____ (COMODO) C:\windows\system32\Drivers\cmderd.sys
2013-06-18 08:15 - 2013-04-23 15:04 - 00437688 _____ (COMODO) C:\windows\system32\guard64.dll
2013-06-18 08:15 - 2013-04-23 15:04 - 00348584 _____ (COMODO) C:\windows\SysWOW64\guard32.dll
2013-06-18 08:15 - 2013-04-15 18:38 - 00344792 _____ (COMODO) C:\windows\system32\cmdvrt64.dll
2013-06-18 08:15 - 2013-04-15 18:38 - 00278232 _____ (COMODO) C:\windows\SysWOW64\cmdvrt32.dll
2013-06-18 08:15 - 2013-04-15 18:38 - 00045784 _____ (COMODO) C:\windows\system32\cmdkbd64.dll
2013-06-18 08:15 - 2013-04-15 18:38 - 00043216 _____ (COMODO) C:\windows\system32\cmdcsr.dll
2013-06-18 08:15 - 2013-04-15 18:38 - 00040664 _____ (COMODO) C:\windows\SysWOW64\cmdkbd32.dll
2013-06-17 21:26 - 2011-06-15 21:00 - 00000000 ____D C:\ProgramData\Skype
2013-06-17 21:24 - 2013-06-17 21:24 - 00003212 _____ C:\windows\System32\Tasks\{79AF55C4-ABE6-4A28-9E8C-69C13742514D}
2013-06-17 21:17 - 2013-06-17 21:17 - 00003296 _____ C:\windows\System32\Tasks\{34163BB2-2476-4C2F-9CF5-30302B70C01D}
2013-06-17 20:48 - 2012-12-24 21:53 - 00000000 ___RD C:\Program Files (x86)\Skype
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-03 21:17
 
==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Ryan at 2013-07-17 13:32:39
Running from C:\Users\Ryan\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Installed Programs =======================
 
   
 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.3.0.3650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Alan Wake (x32)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Amnesia: The Dark Descent (x32)
Apple Application Support (x32 Version: 2.3)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (x32 Version: 2.1.3.127)
Application Profiles (x32 Version: 2.0.4331.36041)
Atheros Client Installation Program (x32 Version: 7.0)
Audacity 2.0.3 (x32 Version: 2.0.3)
Auslogics Disk Defrag (x32 Version: 3.5)
Black and White (x32)
Blender (Version: 2.67)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 14.2.4.2)
Bulk Rename Utility 2.7.1.2
Camtasia Studio 7 (x32 Version: 7.1.1)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 4.02)
Comodo Dragon (x32 Version: 27.2.0.0)
COMODO Internet Security Premium (Version: 6.1.14723.2813)
D3DX10 (x32 Version: 15.4.2368.0902)
DOOM 3 (x32)
DOOM 3: Resurrection of Evil (x32)
dows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (Version: 10/19/2009 5.4.0.1)
E.Y.E: Divine Cybermancy (x32)
Eets (x32)
Energy Management (x32 Version: 5.4.0.9)
ESET Online Scanner v3 (x32)
Fallout: New Vegas (x32)
FlatOut 2 (x32)
GIMP 2.8.2 (Version: 2.8.2)
Google Talk Plugin (x32 Version: 3.5.1.8982)
Grand Theft Auto IV (x32)
Grand Theft Auto: Episodes from Liberty City (x32)
Gregion 3.1 (x32 Version: 3.1)
Gregion 3.1 (x32)
HandBrake 0.9.8 (x32 Version: 0.9.8)
Harry Potter II (x32)
I Am Alive (x32)
ImgBurn (x32 Version: 2.5.7.0)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)
iTunes (Version: 10.6.3.25)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.0 (x32 Version: 2.1.0)
JDownloader 0.9 (x32 Version: 0.9)
JMicron Flash Media Controller Driver (x32 Version: 1.0.41.2)
K-Lite Codec Pack 9.4.0 (Full) (x32 Version: 9.4.0)
Left 4 Dead 2 (x32)
Left 4 Dead 2 Add-on Support (x32)
Legend of Grimrock (x32)
Lenovo DirectShare (x32 Version: )
Lenovo EasyCamera (x32 Version: 1.0.9.4)
Lenovo OneKey Recovery (Version: 7.0.1230)
Lenovo OneKey Recovery (x32 Version: 7.0.1230)
Lenovo Patch Utility (x32 Version: 1.3.2.4)
Lenovo Patch Utility 64 bit (Version: 1.3.2.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
ManyCam 3.0.80 (remove only) (x32 Version: 3.0.80)
Matrox VFW Software Codecs, build 1.0.0.33 
Mesh Runtime (x32 Version: 15.4.5722.2)
Metro 2033 (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Virtual PC 2007 (Version: 6.0.156.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Works 6-9 Converter (x32 Version: 14.0.6120.5002)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
MotoHelper MergeModules (x32 Version: 1.2.0)
Mp3tag v2.54 (x32 Version: v2.54)
MS Access 97 SP2 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Manager (HKCU)
Network Play System (Patching) (x32)
nLite 1.4.9.1 (x32 Version: 1.4.9.1)
NVIDIA PhysX (x32 Version: 9.10.0513)
Open Broadcaster Software (x32)
OpenAL (x32)
Oracle VM VirtualBox 4.2.14 (Version: 4.2.14)
Origin (x32 Version: 8.4.1.210)
Painkiller: Black Edition (x32)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.73.80.64)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6358)
Resource Hacker Version 3.6.0 (x32)
ROBLOX Player for Ryan (HKCU)
Rockstar Games Social Club (x32 Version: 1.0.6.1)
RT 7 Lite (64-Bit) (HKCU Version: 2.6.0)
RT 7 Lite x64 (Version: 2.6.0)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Source SDK (x32)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
Steam (x32 Version: 1.0.0.0)
Steam Trading Card Beta Access (x32)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.20.53)
The Partners (x32)
The Sims™ 3 (x32 Version: 1.19.44)
The Sims™ 3 Ambitions (x32 Version: 4.0.87)
The Sims™ 3 Fast Lane Stuff (x32 Version: 5.0.44)
The Sims™ 3 High-End Loft Stuff (x32 Version: 3.0.38)
The Sims™ 3 Late Night (x32 Version: 6.0.81)
The Sims™ 3 Outdoor Living Stuff (x32 Version: 7.0.55)
The Sims™ 3 World Adventures (x32 Version: 2.0.86)
Tom Clancy's Splinter Cell (x32)
Trivial Pursuit Millennium Edition (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Utility (x32 Version: 1.00.0002)
Vhd Resizer (x32 Version: 1.0.42)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
VLC media player 2.0.6 (x32 Version: 2.0.6)
vLite (x32 Version: 1.2)
Windows Automated Installation Kit (Version: 2.0.0.0)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
XviD MPEG-4 Video Codec (x32)
Zip Motion Block Video codec (Remove Only)
 
==================== Restore Points  =========================
 
12-07-2013 20:41:36 7/12/2013 System Critical Update
12-07-2013 20:47:05 Windows Update
12-07-2013 23:24:46 Windows Update
14-07-2013 23:11:25 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2012-05-13 11:59 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {101009C9-21D7-4726-B98C-65AA768E97B4} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-06-18] (COMODO)
Task: {34865ACD-6CC9-4BCD-BA90-4F3EF2CC7D95} - System32\Tasks\{8E161AD7-2781-4438-8421-BA0F1908456A} => C:\Users\Ryan\Desktop\MuscleCarSetup.exe No File
Task: {4A32AB94-7ECD-476B-A3C3-8C106526D99B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {532E1BD3-3001-409C-857F-515BD62F7224} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-06-18] (COMODO)
Task: {55975807-BDE0-402F-8D7F-1778C9E8FC2C} - System32\Tasks\{0035CB6B-07F5-47D7-8F56-C2B0DE50EBE0} => C:\Program Files\Waterfox\firefox.exe No File
Task: {58149861-4F4B-46E2-A741-89677D7A5772} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1839007091-301062112-3871788137-1000Core => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {58422353-46B6-46C7-9CDA-4120954C9341} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-06-18] (COMODO)
Task: {5954644A-402E-418E-9DEF-2E6E78FAA4F0} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\FREEzeFlip\bin\1.0.4.0\FREEzeFlipSA.exe No File
Task: {825F5C6E-04DA-43DB-B17E-7B751B62B0EE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {844093DE-358C-4CE5-98D8-1099997D9063} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {998F16DF-818A-438D-AD62-87FE182794EE} - System32\Tasks\{04CD4E2A-9B60-4356-A3C3-97A467FC5459} => C:\Program Files (x86)\xp-Iso-Builder\xp-Iso-Builder.exe No File
Task: {9C209E75-F6DD-4E4D-9C3B-668C467E6EBC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1839007091-301062112-3871788137-1000UA => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {9D0EDAA8-325D-426B-9A17-5774890BC800} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-06-18] (COMODO)
Task: {9F1F3D59-C225-490C-A5D2-3317D2EB3BB3} - System32\Tasks\{7F555CCB-A573-44B6-B6A6-7C486E612F87} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {B3881C6D-5CCC-42E6-AFA1-F914FF4A0559} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {B3D12EC4-2B6B-428F-9A79-824D468A9661} - System32\Tasks\{66BC29D4-62A4-47EA-AF45-8DF4759F46DF} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {B7BE06BD-56CB-4781-B0E7-8743335ABE1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {CA6BBE84-0DA6-42A4-B8B2-453DDF643537} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D2B05C73-307B-4D21-8850-5CBCAB266FDB} - System32\Tasks\SymInstallStub => C:\windows\SysWOW64\Adobe\Shockwave 11\SymInstallStub.exe No File
Task: {D772A420-CF0B-4C78-95FF-A9E68A72AB78} - System32\Tasks\{8030D1E1-40A6-4BBC-9D49-7854A3BD2C92} => C:\Program Files (x86)\oZone3D\Benchmarks\FurMark_v1.6.5\etqw.exe No File
Task: {D8A51AA6-8825-44CB-BC5D-D166225211FB} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-06-18] (COMODO)
Task: {DA7851D2-D748-4D27-927C-2988B429C9BC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839007091-301062112-3871788137-1000Core.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839007091-301062112-3871788137-1000UA.job => C:\Users\Ryan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SymInstallStub.job => C:\windows\SysWOW64\Adobe\Shockwave 11\SymInstallStub.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Apple Mobile Device Ethernet
Description: Apple Mobile Device Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Apple
Service: Netaapl
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2013 00:57:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: atiacm64.dll, version: 6.14.10.2001, time stamp: 0x50d22025
Exception code: 0xc0000417
Fault offset: 0x00000000000357cd
Faulting process id: 0x620
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (07/14/2013 04:21:30 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2840628' could not be installed. Error code 1603. Additional information is available in the log file C:\windows\TEMP\KB2840628_20130714_161930044-Microsoft .NET Framework 4 Client Profile-MSP0.txt.
 
Error: (07/14/2013 04:21:01 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.
 
Error: (07/14/2013 04:19:22 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2737019' could not be installed. Error code 1603. Additional information is available in the log file C:\windows\TEMP\KB2737019_20130714_161723894-Microsoft .NET Framework 4 Client Profile-MSP0.txt.
 
Error: (07/14/2013 04:18:54 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.
 
Error: (07/14/2013 04:17:18 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2604121' could not be installed. Error code 1603. Additional information is available in the log file C:\windows\TEMP\KB2604121_20130714_161227527-Microsoft .NET Framework 4 Client Profile-MSP0.txt.
 
Error: (07/14/2013 04:16:51 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.
 
Error: (07/14/2013 04:15:19 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2835393' could not be installed. Error code 1603. Additional information is available in the log file C:\windows\TEMP\KB2835393_20130714_161153378-Microsoft .NET Framework 4 Client Profile-MSP0.txt.
 
Error: (07/14/2013 04:14:52 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.
 
Error: (07/14/2013 04:08:47 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c54
 
Start Time: 01ce80e6e0dd1f5a
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
Report Id: 4305096e-ecda-11e2-9ec7-60eb69da7a18
 
 
System errors:
=============
Error: (07/17/2013 01:31:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:31:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:31:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:31:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:31:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:31:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:29:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:29:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:29:02 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/17/2013 01:28:58 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-12 12:16:35.712
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-12 12:16:35.634
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-12 12:16:35.541
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-12 12:16:35.463
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-24 23:30:03.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-24 23:30:03.563
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-13 11:58:19.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-13 11:58:19.345
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-13 11:58:19.328
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-05-13 11:58:19.310
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 4076.58 MB
Available physical RAM: 2994.65 MB
Total Pagefile: 8170.76 MB
Available Pagefile: 7054.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.81 GB) (Free:141.61 GB) NTFS (Disk=0 Partition=2)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AF4BC00A)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#8 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 17 July 2013 - 03:40 PM

Also, I ran mbar and it found nothing, do you still want me to post the log? 


Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:40 PM

Posted 17 July 2013 - 04:35 PM

That's ok,

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 17 July 2013 - 04:39 PM

Ok, I will do so.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#11 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 17 July 2013 - 08:33 PM

Ok, I ran combo in safe mode because that's the only mode that allows me to run anything, and it said that my Comodo antivirus was active, but when I try to start up Comodo in safe mode to turn it off it says it cannot be started. Should I uninstall it?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:40 PM

Posted 17 July 2013 - 08:39 PM

hello, if you are in safe mode, you should be ok to ok the warnings and continue on, but uninstall it if it is not too much trouble

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 17 July 2013 - 10:05 PM

Ok, I already threw caution to the wind, crossed my fingers and clicked OK, it ran and I will post my log later, been working on my Linux PC to blow off steam, and I'm in the middle of watching breaking bad, so ill post the combo fix log after. Sound good?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:40 PM

Posted 17 July 2013 - 10:08 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:02:40 PM

Posted 18 July 2013 - 12:51 AM

Here is the combo log, it's late so see ya tomorrow.  :grinner:

 

ComboFix 13-07-16.01 - Ryan 07/17/2013  18:37:39.3.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4077.3270 [GMT -7:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Outdated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\index.html
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-18 to 2013-07-18  )))))))))))))))))))))))))))))))
.
.
2013-07-18 01:48 . 2013-07-18 01:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-18 01:48 . 2013-07-18 01:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-18 01:48 . 2013-07-18 01:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-17 20:31 . 2013-07-17 20:31 -------- dc----w- C:\FRST
2013-07-14 23:41 . 2013-07-14 23:41 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-07-13 01:56 . 2013-07-13 02:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-13 01:07 . 2013-07-13 01:07 -------- d-----w- c:\program files\HitmanPro
2013-07-13 00:33 . 2013-07-14 23:53 -------- d-----w- c:\programdata\HitmanPro
2013-07-12 22:31 . 2013-07-12 22:31 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2013-07-12 21:03 . 2013-07-12 21:04 -------- d-----w- c:\users\Ryan\AppData\Roaming\Comodo
2013-07-12 20:36 . 2013-07-12 20:36 -------- d-----w- c:\users\Ryan\AppData\Roaming\Apple Computer
2013-07-12 20:05 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 20:05 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 20:05 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-12 20:05 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 20:05 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 20:04 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-12 20:04 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-12 20:04 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-12 20:04 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-12 20:04 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-12 20:04 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-12 20:04 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-12 20:04 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-12 20:04 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-12 20:04 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 20:04 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-12 20:04 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-12 20:02 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-12 20:02 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 00:46 . 2013-07-11 00:46 -------- d-----w- c:\users\Ryan\AppData\Local\Apple
2013-07-07 06:16 . 2013-07-07 06:16 -------- d-----w- c:\users\Ryan\AppData\Local\ATI
2013-07-07 06:13 . 2013-07-07 06:32 -------- d-----w- c:\program files (x86)\Sapphire TRIXX
2013-07-06 03:42 . 2013-07-06 03:42 -------- d-----w- c:\users\Ryan\AppData\Local\VirtualStore
2013-07-06 01:20 . 2013-07-06 01:20 -------- d-----w- c:\program files (x86)\ESET
2013-07-06 00:40 . 2013-07-06 00:40 -------- d-----w- c:\program files (x86)\OBS_0_52_08_test
2013-07-06 00:35 . 2013-07-06 00:36 -------- d-----w- c:\users\Ryan\AppData\Local\Rockstar Games
2013-07-06 00:32 . 2013-07-06 00:32 -------- d-----w- c:\users\Ryan\AppData\Local\4A Games
2013-07-06 00:13 . 2013-07-06 00:13 -------- d-----w- c:\users\Ryan\AppData\Local\Comodo
2013-07-05 06:36 . 2013-07-05 06:36 -------- d-----w- c:\windows\ERUNT
2013-07-04 05:52 . 2013-07-07 00:38 -------- dc----w- C:\DOSBox
2013-06-29 04:27 . 2013-06-28 21:12 401408 ----a-w- c:\windows\wget.exe
2013-06-28 02:13 . 2013-06-28 02:13 -------- d-----w- c:\programdata\Lenovo
2013-06-28 02:13 . 2013-06-28 02:13 59816 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{47C4D20F-1A75-44F4-BF51-479C3119BEEF}\ARPPRODUCTICON.exe
2013-06-28 02:13 . 2013-06-28 02:13 -------- d-----w- c:\program files\Common Files\Lenovo
2013-06-28 02:13 . 2013-06-28 02:13 59816 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{1D2FF661-4402-4D75-AA40-B23FCAF81D32}\ARPPRODUCTICON.exe
2013-06-28 02:13 . 2013-06-28 02:13 -------- d-----w- c:\program files (x86)\Common Files\Lenovo
2013-06-28 02:11 . 2013-06-28 02:11 -------- dc----w- C:\swtools
2013-06-27 21:36 . 2013-06-21 23:01 238352 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-06-27 21:36 . 2013-06-21 23:00 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-06-26 02:50 . 2013-06-26 02:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 03:26 . 2013-06-22 03:26 -------- d-----w- c:\program files (x86)\Xcarab
2013-06-21 23:00 . 2013-06-21 23:00 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-06-21 23:00 . 2013-06-21 23:00 146704 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-06-21 23:00 . 2013-06-21 23:00 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-06-18 03:48 . 2013-06-18 03:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 20:28 . 2011-04-03 15:50 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-28 01:49 . 2013-03-29 17:56 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-06-28 01:49 . 2013-01-15 23:42 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-06-26 02:49 . 2012-05-13 18:35 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 02:49 . 2011-04-19 00:07 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-22 02:08 . 2011-05-27 23:43 165232 ---ha-w- c:\users\Ryan\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-06-18 15:16 . 2013-04-25 18:05 96800 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 15:16 . 2013-04-16 01:38 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:16 . 2013-04-16 01:38 708632 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-06-18 15:16 . 2013-04-16 01:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-04-16 01:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-04-23 22:04 348584 ----a-w- c:\windows\SysWow64\guard32.dll
2013-06-18 15:15 . 2013-04-23 22:04 437688 ----a-w- c:\windows\system32\guard64.dll
2013-06-18 15:15 . 2013-04-16 01:38 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-06-18 15:15 . 2013-04-16 01:38 344792 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-06-18 15:15 . 2013-04-16 01:38 278232 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15 . 2013-04-16 01:38 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-06-11 23:35 . 2012-04-01 17:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:35 . 2012-02-17 01:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 05:25 . 2010-06-24 11:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-11 23:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 23:47 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 23:47 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 23:47 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 23:47 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 23:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-11 23:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-11 23:47 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:47 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:47 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-11 23:47 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-11 23:47 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-11 23:52 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 09:06 . 2011-04-03 06:09 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-11 23:48 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-11 23:47 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-11 23:47 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"86D7766E-8CD8-4C1C-A4FD-C0C1591F7297"="start" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64;c:\windows\SYSNATIVE\Drivers\DRIVER_BIN64 [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys;c:\windows\SYSNATIVE\Drivers\jmcam.sys [x]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys;c:\windows\SYSNATIVE\Drivers\jmcam_lo.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys;c:\windows\SYSNATIVE\DRIVERS\motport.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys;c:\windows\SYSNATIVE\DRIVERS\jmccgp.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 23:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-06-18 1497816]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-26 4400064]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-26 6988736]
"CCE"="c:\program files\COMODO\COMODO Internet Security\CCE.exe" [2013-06-18 8326360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Ryan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2E20DDBA-9AEE-4C74-A29C-833E5845CDC6}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\376737: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\8686F6E6F62737: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A820C16A-2FA8-4680-986F-472EE0D01B13}\C416155796E64716: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{DAD19773-B92A-45CE-96C8-BD1E085DB15B}: NameServer = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - (no file)
Toolbar-Locked - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe
SafeBoot-33904640.sys
AddRemove-Gregion 3.1 - c:\programdata\{0DE50C9D-4543-4E98-AD03-1BFD049ABE78}\gregion_03_10.exe
AddRemove-HandBrake - c:\program files\Handbrake\uninst.exe
AddRemove-Microsoft Visual Studio 2010 Service Pack 1 - c:\programdata\VS\vs10sp1\SetupCache\Setup.exe
AddRemove-Network Play System (Patching) - c:\program files (x86)\Electronic Arts\Network Play System\NPSPatch.isu
AddRemove-Open Broadcaster Software - c:\program files (x86)\OBS\uninstall.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\STEAM\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe
AddRemove-{D241D9B3-1A51-4E53-85CC-9AC754819015} - c:\programdata\{0DE50C9D-4543-4E98-AD03-1BFD049ABE78}\gregion_03_10.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1839007091-301062112-3871788137-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3C93FA0-94CA-F319-49A3-F9AA6E31305E}*]
"iaiblbekkhecjkckkc"=hex:69,61,6b,63,68,66,70,6a,62,69,63,6d,6e,65,6f,62,64,67,
   00,00
"hacefgagedhfiejc"=hex:69,61,6b,63,68,66,70,6a,62,69,63,6d,6e,65,6f,62,64,67,
   00,00
.
[HKEY_USERS\S-1-5-21-1839007091-301062112-3871788137-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:7f,c7,91,28,c8,83,0b,86,e1,36,76,ab,3e,93,9f,17,07,94,d9,c1,3c,
   54,b1,f2,5d,49,1e,3f,ea,00,6a,76,bc,ce,56,7f,3a,3b,77,9f,1e,f2,53,c0,30,10,\
"rkeysecu"=hex:b3,e6,25,d0,c7,6b,96,c1,6b,58,84,19,38,b5,66,c8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-17  18:52:05
ComboFix-quarantined-files.txt  2013-07-18 01:52
.
Pre-Run: 152,101,408,768 bytes free
Post-Run: 152,478,158,848 bytes free
.
- - End Of File - - 25D7FF0F53A22FF672B2A805EEC5BA9E
D41D8CD98F00B204E9800998ECF8427E

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users