Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Could be infected - Uncles family computer


  • Please log in to reply
45 replies to this topic

#1 Available

Available

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 10 September 2013 - 01:55 AM

Well, my uncle told me his computer was slow and his two sons told me that when they play YouTube videos sometimes they act 'funny' (not sure what they meant by that).
 
I went to take a look and while I was there an avast! window popped up saying rootkit detected (image below). --->
 
P.S. I deleted the rootkit shortly after taking that screenshot.
 
Posted Image
 
 
 
Here is the DDS.txt log and I've attached the attach.txt log.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Mamo Family at 18:17:43 on 2013-09-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.4060.1741 [GMT 12:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Users\Mamo Family\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = Preserve
uProxyOverride = <-loopback>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: af0.Adblock.BHO: {90EFF544-3981-4d46-85C9-C0361D0931D6} - 
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [AdobeBridge] <no file>
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
StartupFolder: C:\Users\MAMOFA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mamo Family\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{177A67E4-818A-46B5-9377-6C60DB02552E} : NameServer = 203.97.78.43,203.96.152.12
TCP: Interfaces\{664BFB79-539A-4B1D-B4B4-13F1D9BD1BA2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{664BFB79-539A-4B1D-B4B4-13F1D9BD1BA2}\E496E6F637 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: browser.startup.homepage - hxxp://msn.co.nz/?pc=UP21&ocid=UP21DHP&dt=050913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050913&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-1812ecf3bde24eeb\NPRobloxProxy.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mamo Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Mamo Family\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mamo Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{a060276a-53be-45ec-8ebe-b94b1e803179}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Mamo Family\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-03-23 12:53; m3ffxtbr@mywebsearch.com; C:\Program Files (x86)\MyWebSearch\bar\3.bin
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-8-15 22600]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 189936]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-7-6 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-7-6 378944]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 708632]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-7-6 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-7-6 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-13 46808]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-4-17 70344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-8-1 2095808]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-4-17 1851088]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-28 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [2010-12-28 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [2010-12-28 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-16 793048]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-5-25 29288]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-25 35104]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-8 31088]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-6-4 140128]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2013-5-11 222200]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-28 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-4 233472]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-6-4 658944]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-9-4 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-9-4 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-9-4 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-9-4 34304]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2011-9-4 31744]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-6-16 135584]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-6 235216]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-6-4 702976]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-5 42328]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 UsbGps;LGE Mobile USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2011-9-4 27136]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-10 05:42:12 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{395A7B29-2AD8-438E-9BFF-6236C1B24704}\mpengine.dll
2013-09-09 04:12:23 9515512 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 22:44:17 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{710F6C70-CCF9-434E-BC25-14657B858711}\gapaengine.dll
2013-09-03 05:09:15 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2013-09-02 09:51:17 0 ----a-w- C:\Windows\SysWow64\sho9E1F.tmp
2013-09-02 07:37:17 -------- d-----w- C:\Users\Mamo Family\AppData\Roaming\Proxifier
2013-09-02 07:36:38 56936 ----a-w- C:\Windows\System32\PrxerNsp.dll
2013-09-02 07:36:38 11264 ----a-w- C:\Windows\SysWow64\SPORDER.DLL
2013-09-02 07:36:37 76392 ----a-w- C:\Windows\System32\PrxerDrv.dll
2013-09-02 07:36:36 70248 ----a-w- C:\Windows\SysWow64\PrxerDrv.dll
2013-09-02 07:36:36 56424 ----a-w- C:\Windows\SysWow64\PrxerNsp.dll
2013-09-02 07:36:36 103016 ----a-w- C:\Windows\System32\ProxifierShellExt.dll
2013-09-02 07:36:35 91240 ----a-w- C:\Windows\SysWow64\ProxifierShellExt.dll
2013-09-02 07:36:30 -------- d-----w- C:\Program Files (x86)\Proxifier
2013-09-01 02:57:03 -------- d-----w- C:\Users\Mamo Family\AppData\Local\SlimWare Utilities Inc
2013-09-01 02:56:40 -------- d-----w- C:\Program Files (x86)\SlimDrivers
2013-08-30 07:26:49 -------- d-----w- C:\Program Files (x86)\Bandicam
2013-08-29 12:40:29 0 ----a-w- C:\Windows\SysWow64\sho4553.tmp
2013-08-27 07:55:21 -------- d-----w- C:\Users\Mamo Family\AppData\Roaming\Malicious Batch Analyzer (MBA)
2013-08-27 07:53:43 65 ----a-w- C:\Hi.bat
2013-08-26 10:18:40 0 ----a-w- C:\Windows\SysWow64\shoBA22.tmp
2013-08-25 11:20:54 0 ----a-w- C:\Windows\SysWow64\sho76B9.tmp
2013-08-19 06:00:01 -------- d-----w- C:\Users\Mamo Family\AppData\Roaming\SynthMaker
2013-08-19 05:59:46 -------- d-----w- C:\Users\Mamo Family\AppData\Roaming\Acoustica
2013-08-19 05:54:18 -------- d-----w- C:\Program Files (x86)\VST
2013-08-18 11:03:08 0 ----a-w- C:\Windows\SysWow64\sho1448.tmp
2013-08-17 08:30:33 0 ----a-w- C:\Windows\SysWow64\sho419B.tmp
2013-08-15 09:17:22 -------- d-----w- C:\ProgramData\Acoustica
2013-08-15 09:17:22 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6
2013-08-14 04:12:45 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 04:12:44 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 04:12:44 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 04:12:44 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 04:12:42 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 04:12:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 04:12:42 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 04:12:41 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 04:10:53 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-14 04:10:51 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-14 04:10:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-14 04:10:50 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-14 04:10:44 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-14 04:10:38 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-13 23:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-13 23:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M  ====================
.
2013-09-10 04:18:14 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-10 04:18:14 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-10 04:09:02 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-08-21 05:59:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 05:59:06 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-09 09:53:15 0 ----a-w- C:\Windows\SysWow64\sho18C.tmp
2013-08-08 10:48:45 0 ----a-w- C:\Windows\SysWow64\sho8CEB.tmp
2013-08-07 10:22:20 0 ----a-w- C:\Windows\SysWow64\sho1C36.tmp
2013-08-06 09:55:46 0 ----a-w- C:\Windows\SysWow64\sho5B56.tmp
2013-08-05 06:15:12 70712 ----a-w- C:\Windows\System32\bdmpega64.acm
2013-08-05 06:15:10 66104 ----a-w- C:\Windows\SysWow64\bdmpega.acm
2013-08-05 06:15:08 70200 ----a-w- C:\Windows\System32\bdmpegv64.dll
2013-08-05 06:15:08 66104 ----a-w- C:\Windows\SysWow64\bdmpegv.dll
2013-08-05 06:15:06 25640 ----a-w- C:\Windows\System32\bdmjpeg64.dll
2013-08-05 06:15:06 23080 ----a-w- C:\Windows\SysWow64\bdmjpeg.dll
2013-08-02 07:54:16 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-08-02 07:54:15 57096 ----a-w- C:\Windows\System32\certsentry.dll
2013-07-28 11:31:56 0 ----a-w- C:\Windows\SysWow64\shoE817.tmp
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-18 11:57:42 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-18 11:57:32 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-18 11:57:31 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 20:59:52 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-07-08 06:06:07 775168 ----a-w- C:\OSHFusion.dll
2013-07-05 02:08:02 58880 ----a-w- C:\OSHFusion.exe
2013-07-03 11:04:30 0 ----a-w- C:\Windows\SysWow64\shoA1A3.tmp
2013-06-29 12:49:56 0 ----a-w- C:\Windows\SysWow64\sho558F.tmp
2013-06-27 22:17:11 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 22:17:11 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-06-25 09:24:40 0 ----a-w- C:\Windows\SysWow64\sho4514.tmp
2013-06-23 07:13:36 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-06-21 01:38:28 40446 ----a-w- C:\Program Files (x86)\uninstall.exe
2013-06-18 15:16:09 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 15:16:07 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-06-18 15:15:49 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-06-18 15:15:47 348584 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-06-18 15:15:46 437688 ----a-w- C:\Windows\System32\guard64.dll
2013-06-18 15:15:38 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-06-18 15:15:38 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-06-18 15:15:35 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-06-18 09:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 09:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-02-26 06:34:10 68792 ----a-w- C:\Program Files (x86)\fraps64.dat
2013-02-26 06:34:10 2547384 ----a-w- C:\Program Files (x86)\fraps.exe
2013-02-26 06:34:10 234168 ----a-w- C:\Program Files (x86)\fraps32.dll
2013-02-26 06:34:10 186552 ----a-w- C:\Program Files (x86)\fraps64.dll
2013-02-26 06:30:46 140288 ----a-w- C:\Program Files (x86)\frapslcd.dll
.
============= FINISH: 18:22:30.75 ===============
 
 

Sorry for the inconvenience.
 
Mod Edit:  Merged topics - Hamluis.

Attached Files


Edited by hamluis, 10 September 2013 - 11:03 AM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:41 AM

Posted 10 September 2013 - 05:03 PM

Hi Available

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

That file is related to Slimware Utilities and as you have SlimDrivers installed it may well be a false positive.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove all but ONE of these:
Microsoft Security Essentials
avast! Free Antivirus
AVG 2012
COMODO Internet Security



Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
JRT.txt
and both reports from Otl.


Thanks.

BBPP6nz.png


#3 Available

Available
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 11 September 2013 - 02:48 AM

Hello! :D
 
Thank you for your help! 
 
Apologies for the delay but I have to move from house to house.
I have removed Microsoft Security Essentials, AVG was not on the list and COMODO Internet Security was not on the list (COMODO Firewall was, however).
 
I kept on getting an error ("No data received") when I tried posting on the forums so I uploaded the logs to Pastebin. ---->
 

http://pastebin.com/hHHKui2m

 



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:41 AM

Posted 11 September 2013 - 01:06 PM

Hi Available,
 

Apologies for the delay but I have to move from house to house.

That's not a problem.
I hope you don't have to travel too far.
 

I kept on getting an error ("No data received") when I tried posting on the forums so I uploaded the logs to Pastebin.

It could either be some code in the report that is causing this or it could be that the reports are just too long.
They are very long.

In future if this problem arises again.... just add the reports as attachments.
Click the More Reply Options button before posting your reply and you'll see the attachment section.
 

I have removed Microsoft Security Essentials, AVG was not on the list and COMODO Internet Security was not on the list (COMODO Firewall was, however).

AVG is still showing in the Add/Remove section of the Otl report.
Plus AVG entries in the main report:

PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

If you still can't find it, we can run the AVG removal tool..... that will do it for you.

To remove AVG go to:
AVG Removal Tool 64bit

download to your desktop.
then double click to start the uninstaller.

If i was you i'd remove Comodo Firewall and use the Windows firewall.
It's not worth all the extra drivers and services running on your system.
Comodo Firewall only gets an average rating Here

compare that to this:

5 Reasons Why the Windows Firewall is One of the Best Firewalls

Once you have removed any programs, please run another Otl scan and post the new scan report for me please.
I need to see the difference before writing the fix.

If you have any questions just ask.

Thanks.

BBPP6nz.png


#5 Available

Available
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 12 September 2013 - 08:27 PM

Oh, it's only about a ten-minute drive. I'll stay up here for a few days so I can reply faster.

 

Regarding the OTL scan - Should I leave the settings the same? And should I change the output from 'Minimal' back 'Standard'?


Edited by Available, 12 September 2013 - 08:28 PM.


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:41 AM

Posted 13 September 2013 - 12:59 AM

Regarding the OTL scan - Should I leave the settings the same? And should I change the output from 'Minimal' back 'Standard'?

Leave it on minimal.
Standard will produce an even longer report.
Everything else can be the same as before.

BBPP6nz.png


#7 Available

Available
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 13 September 2013 - 10:15 PM

I ran the AVG removal tool after the OTL scan -- If that's a problem I can re-scan with OTL.

 

By the way after 30 seconds the removal tool kept repeating itself.

 

Here's what I mean. ---> 

 

Spoiler

 

Anyway, here is the OTL scan.

 

OTL logfile created on: 9/14/2013 8:37:35 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mamo Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
 
3.96 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 41.40% Memory free
7.93 Gb Paging File | 5.20 Gb Available in Paging File | 65.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 131.85 Gb Free Space | 22.57% Space Free | Partition Type: NTFS
 
Computer Name: MAMOFAMILY-PC | User Name: Mamo Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mamo Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe (QFX Software Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe (Symantec Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
MOD - C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll ()
MOD - C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll ()
MOD - C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\SysWOW64\PrxerNsp.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV:64bit: - (cmdvirth) -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GeekBuddyRSP) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (UsbGps) -- C:\Windows\SysNative\drivers\lgx64gps.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 59652605
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {272328B5-C5E1-4CCD-91D5-CEAD3DDA2CD0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://msn.co.nz/?pc=UP21&ocid=UP21DHP&dt=050913"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.3.3.2
FF - prefs.js..browser.search.order.3: "Bing "
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-8049d9622c164956\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mamo Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mamo Family\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mamo Family\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mamo Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 14:32:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/16 12:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/13 20:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/07/06 16:02:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/08 21:05:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/18 12:50:18 | 000,000,000 | ---D | M]
 
[2010/11/24 16:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Extensions
[2013/05/28 19:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions
[2013/03/16 08:47:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/31 16:31:42 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2013/02/26 15:26:02 | 000,000,000 | ---D | M] ("Yandex Seach Selection") -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\c91e460e-bfbd-4087-b40b-9f4c283485f6@d9e80c80-dcb2-4a54-8b57-97b92a03b65f.com
[2013/01/10 17:07:07 | 000,052,197 | ---- | M] () (No name found) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\fireforce@scrt.ch.xpi
[2013/03/16 08:47:21 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/24 14:45:03 | 000,003,739 | ---- | M] () -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\searchplugins\avg-secure-search.xml
[2013/05/09 16:21:03 | 000,002,402 | ---- | M] () -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\searchplugins\bingp.xml
[2013/03/22 18:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/18 22:39:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/27 12:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/18 22:39:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\MAMO FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MM9BIR06.DEFAULT\EXTENSIONS\M3FFXTBR@MYWEBSEARCH.COM
[2012/10/08 21:05:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/08 21:05:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/08 21:05:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.nz/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\npBFHUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\npBP4FUpdater.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Mamo Family\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-8049d9622c164956\\NPRobloxProxy.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mamo Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mamo Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Battlefield Heroes = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: TrafficLight = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.14_0\
CHR - Extension: TrafficLight = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.14_0\~
CHR - Extension: Google Search = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adfly Skipper = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmlmpcpbjdllmdacjgdldbmhefmmkb\1.3.1_0\
CHR - Extension: Pastebin.com = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh\2.4_0\
CHR - Extension: AdBlock = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: Cut the Rope = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Hover Zoom = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Gmail = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Google Docs = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Battlefield Heroes = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: TrafficLight = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.14_0\
CHR - Extension: TrafficLight = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.14_0\~
CHR - Extension: Google Search = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adfly Skipper = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmlmpcpbjdllmdacjgdldbmhefmmkb\1.3.1_0\
CHR - Extension: Pastebin.com = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh\2.4_0\
CHR - Extension: AdBlock = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: Cut the Rope = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Hover Zoom = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Gmail = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/09/13 17:43:55 | 000,001,670 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 4 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - Startup: C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mamo Family\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000011 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: battlefieldheroes.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{177A67E4-818A-46B5-9377-6C60DB02552E}: NameServer = 203.97.78.43,203.96.152.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{664BFB79-539A-4B1D-B4B4-13F1D9BD1BA2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/11 22:50:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 22:50:09 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 22:50:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 22:50:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 22:50:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 22:50:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 22:50:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 22:50:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 22:50:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 22:50:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 22:50:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 22:49:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 22:49:59 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 22:49:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 22:49:57 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 22:49:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/11 19:00:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mamo Family\Desktop\OTL.exe
[2013/09/11 17:10:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/11 16:51:40 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 16:51:33 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 16:51:32 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 16:51:31 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 16:51:31 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 16:51:30 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 16:51:30 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 16:51:29 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 16:51:28 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 16:51:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 16:51:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 16:51:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 16:51:25 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 16:51:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 16:51:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 16:51:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 16:51:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 16:51:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 16:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 16:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 16:51:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 16:51:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 16:51:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 16:51:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 16:51:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 16:51:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 16:51:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 16:51:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 16:51:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 16:51:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 16:51:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 16:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 16:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 16:51:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 16:51:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 16:51:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 16:51:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 16:51:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 16:51:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 16:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 16:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 16:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 16:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 16:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 16:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 16:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 16:51:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 16:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 16:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 16:51:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 16:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 16:51:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 16:51:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 16:51:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 16:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 16:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 16:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 16:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 16:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 16:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 16:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 16:51:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 16:51:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 16:51:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 16:51:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 16:51:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 16:51:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 16:51:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 16:51:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 16:51:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 16:51:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 16:51:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 16:51:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 16:51:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 16:51:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 16:51:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 16:51:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 16:51:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 16:50:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/08 12:01:39 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\Desktop\screenshots
[2013/09/03 17:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013/09/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Roaming\Proxifier
[2013/09/02 19:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier
[2013/09/02 19:36:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SPORDER.DLL
[2013/09/02 19:36:37 | 000,076,392 | ---- | C] (Initex) -- C:\Windows\SysNative\PrxerDrv.dll
[2013/09/02 19:36:36 | 000,103,016 | ---- | C] (Initex) -- C:\Windows\SysNative\ProxifierShellExt.dll
[2013/09/02 19:36:36 | 000,070,248 | ---- | C] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll
[2013/09/02 19:36:35 | 000,091,240 | ---- | C] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll
[2013/09/02 19:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier
[2013/09/01 15:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/01 14:57:03 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Local\SlimWare Utilities Inc
[2013/09/01 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2013/09/01 14:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2013/09/01 14:56:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2013/08/30 19:27:53 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\Desktop\Saves
[2013/08/30 19:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam
[2013/08/27 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Roaming\Malicious Batch Analyzer (MBA)
[2013/08/26 17:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/08/19 18:00:01 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Roaming\SynthMaker
[2013/08/19 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Roaming\Acoustica
[2013/08/19 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 6
[2013/08/19 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VST
[2013/08/15 21:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica Mixcraft 6
[2013/08/15 21:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Acoustica
[2013/06/21 13:14:47 | 000,040,446 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files (x86)\uninstall.exe
[2013/02/26 18:34:10 | 002,547,384 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
[2013/02/26 18:34:10 | 000,234,168 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
[2013/02/26 18:34:10 | 000,186,552 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
[2013/02/26 18:34:10 | 000,068,792 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
[2013/02/26 18:30:46 | 000,140,288 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/14 08:50:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1001UA.job
[2013/09/14 08:43:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/14 08:35:45 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/09/14 08:35:35 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000UA.job
[2013/09/14 08:35:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/14 08:35:15 | 000,000,439 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/09/14 08:19:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000UA.job
[2013/09/14 08:13:12 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/14 08:13:12 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/14 08:02:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/14 08:00:56 | 3192,987,648 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/13 21:24:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/13 18:38:26 | 051,206,460 | ---- | M] () -- C:\Users\Mamo Family\Desktop\capture-1.camrec
[2013/09/13 18:36:57 | 000,011,776 | ---- | M] () -- C:\Users\Mamo Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/13 17:43:55 | 000,001,670 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/13 17:35:03 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000Core.job
[2013/09/13 15:00:35 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/09/13 15:00:35 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/09/13 14:50:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1001Core.job
[2013/09/13 13:51:58 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/09/13 11:58:56 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000Core.job
[2013/09/12 16:00:54 | 000,001,962 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/09/12 15:57:02 | 005,055,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 22:49:24 | 000,897,588 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/11 22:49:24 | 000,729,372 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/11 22:49:24 | 000,151,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/11 18:55:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mamo Family\Desktop\OTL.exe
[2013/09/11 18:52:04 | 000,000,109 | ---- | M] () -- C:\Windows\GMouse.ini
[2013/09/11 17:58:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/11 17:58:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 17:00:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/09 18:13:04 | 000,002,250 | ---- | M] () -- C:\Users\Mamo Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/09/08 11:24:30 | 000,889,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/07 13:47:39 | 001,347,929 | ---- | M] () -- C:\Users\Mamo Family\Desktop\minecraft_pig_wallpaper_by_lynchmob10_09-d2zhn70.psd
[2013/09/07 13:27:20 | 000,000,132 | ---- | M] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/09/05 21:28:40 | 000,002,411 | ---- | M] () -- C:\Users\Mamo Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/02 21:22:06 | 000,000,132 | ---- | M] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/08/30 19:27:15 | 000,000,979 | ---- | M] () -- C:\Users\Mamo Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2013/08/27 19:53:43 | 000,000,065 | ---- | M] () -- C:\Hi.bat
[2013/08/25 18:50:30 | 000,058,155 | ---- | M] () -- C:\Users\Mamo Family\Desktop\Untitled.camproj
[2013/08/25 18:14:27 | 000,708,134 | ---- | M] () -- C:\Users\Mamo Family\Desktop\Template by Ozone.rar
[2013/08/17 18:31:02 | 000,000,024 | ---- | M] () -- C:\Users\Mamo Family\random.dat
[2013/08/17 18:30:56 | 000,000,040 | ---- | M] () -- C:\Users\Mamo Family\jagex_cl_runescape_LIVE.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/13 18:37:18 | 051,206,460 | ---- | C] () -- C:\Users\Mamo Family\Desktop\capture-1.camrec
[2013/09/07 13:47:38 | 001,347,929 | ---- | C] () -- C:\Users\Mamo Family\Desktop\minecraft_pig_wallpaper_by_lynchmob10_09-d2zhn70.psd
[2013/09/02 19:36:38 | 000,056,936 | ---- | C] () -- C:\Windows\SysNative\PrxerNsp.dll
[2013/09/02 19:36:36 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2013/09/01 14:57:19 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/08/27 19:53:43 | 000,000,065 | ---- | C] () -- C:\Hi.bat
[2013/08/25 18:14:48 | 000,708,134 | ---- | C] () -- C:\Users\Mamo Family\Desktop\Template by Ozone.rar
[2013/08/24 12:27:09 | 000,058,155 | ---- | C] () -- C:\Users\Mamo Family\Desktop\Untitled.camproj
[2013/08/05 18:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2013/08/05 18:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2013/07/24 01:10:58 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/07/10 21:07:21 | 000,007,605 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\Resmon.ResmonCfg
[2013/05/27 21:31:43 | 000,001,962 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/05/18 15:27:19 | 000,000,050 | ---- | C] () -- C:\Users\Mamo Family\jagex_cl_oldschool_LIVE.dat
[2013/05/18 15:27:19 | 000,000,024 | ---- | C] () -- C:\Users\Mamo Family\random.dat
[2013/05/11 18:29:23 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/05/11 18:29:23 | 000,000,058 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/05/09 20:46:40 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/04/24 12:46:43 | 000,000,132 | ---- | C] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/03/10 15:20:35 | 000,007,885 | ---- | C] () -- C:\Users\Mamo Family\.recently-used.xbel
[2013/03/04 15:11:48 | 000,001,456 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/03/03 20:40:07 | 000,000,132 | ---- | C] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/02/26 18:27:46 | 000,001,894 | ---- | C] () -- C:\Program Files (x86)\README.HTM
[2012/09/29 12:16:21 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/06 15:50:58 | 000,105,153 | ---- | C] () -- C:\ProgramData\1341546376.bdinstall.bin
[2012/06/02 16:47:49 | 000,232,213 | ---- | C] () -- C:\ProgramData\1338611091.bdinstall.bin
[2012/05/25 17:38:42 | 000,000,236 | ---- | C] () -- C:\Users\Mamo Family\.swfinfo
[2012/05/20 14:08:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/03/14 21:10:45 | 000,254,518 | ---- | C] () -- C:\ProgramData\1331715351.bdinstall.bin
[2012/02/26 18:15:07 | 000,201,870 | ---- | C] () -- C:\ProgramData\1330236415.bdinstall.bin
[2012/02/26 18:01:41 | 000,021,594 | ---- | C] () -- C:\ProgramData\1330236089.bdinstall.bin
[2012/02/26 16:35:14 | 000,222,004 | ---- | C] () -- C:\ProgramData\1330230648.bdinstall.bin
[2012/01/29 15:07:35 | 000,000,051 | ---- | C] () -- C:\Users\Mamo Family\jagex_cl_runescape_LIVE1.dat
[2011/11/27 07:28:46 | 000,000,040 | ---- | C] () -- C:\Users\Mamo Family\jagex_cl_runescape_LIVE.dat
[2011/07/28 21:31:28 | 000,000,000 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\{03811D0A-64F1-4952-B52F-6E9C4E6557D4}
[2011/07/19 20:12:34 | 000,000,000 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\{3253C16D-80F2-4E6E-9374-E492B1504575}
[2011/07/09 19:11:38 | 000,000,132 | ---- | C] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/19 10:27:27 | 000,001,940 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/03 23:52:58 | 000,000,099 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\fusioncache.dat
[2010/12/17 12:47:59 | 000,011,776 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/29 18:35:28 | 000,000,102 | ---- | C] () -- C:\Users\Mamo Family\.jupload.properties
[2010/11/15 21:38:14 | 000,000,129 | ---- | C] () -- C:\Users\Mamo Family\jagex_runescape_preferences2.dat
[2010/11/15 21:35:28 | 000,000,046 | ---- | C] () -- C:\Users\Mamo Family\jagex_runescape_preferences.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 16:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 14:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 13:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 13:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 13:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
 
< End of report >
 

 



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:41 AM

Posted 14 September 2013 - 04:28 AM

Hi Available

I can see a few leftovers for AVG in the report, we'll take care of those in the fix.

Step 1
If the Otl fix seems to freeze, you will have to uninstall MBAM.... run the Otl fix again and then reinstall MBAM.
This is a known issue on some systems.
It may or may not effect you

Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 14:32:19 | 000,000,000 | ---D | M]
[2011/11/24 14:45:03 | 000,003,739 | ---- | M] () -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\searchplugins\avg-secure-search.xml
File not found (No name found) -- C:\USERS\MAMO FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MM9BIR06.DEFAULT\EXTENSIONS\M3FFXTBR@MYWEBSEARCH.COM
O2:64bit: - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge]  File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: battlefieldheroes.com ([www] https in Trusted sites)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 2
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 3
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    In your next reply, please submit:
    Otl fix report
    AdwCleaner report
    Combofix.txt

    Note:
    I'll be out for the rest of the day visiting the Grandkids.
    I'll be back online around Sunday evening.



    Thanks.

BBPP6nz.png


#9 Available

Available
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 17 September 2013 - 02:25 AM

Hello!

Sorry for the delay but I have a question.

 

1) Does ComboFix pose any risk?

This is the families only computer and I've heard the ComboFix can render your PC unbootable, etc. I was wondering if this is true -- I'm being hesitant because this is their (as in my uncles family) only computer and I don't really want to mess it up, you know?

 

2) I ran the AVG removal tool after OTL. Would this make a difference?

 

 

As for the other logs, I'll run the application and post them right after. :D


Edited by Available, 17 September 2013 - 02:28 AM.


#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:41 AM

Posted 17 September 2013 - 10:37 AM

Hi Available
 

This is the families only computer and I've heard the ComboFix can render your PC unbootable, etc. I was wondering if this is true

I understand your concerns and will be honest with my reply.
IF Combofix is run correctly, there's is very little chance of problems. ( no more chance than running your normal AV)
That is the reason for the very specific instructions in the post.
Most of the reported problems with Combofix is because people have ran the program without supervision.
All members of the Malware Response Team are trained in the correct use so there is very little chance of a problem.
Why i say very little chance is because removing malware can sometimes throw up unexpected problems. (things we could never have foreseen)But these types of problem are very few and far between.
I personally have never had or seen a system that was unbootable just from running Combofix.
If it ever did happen, we would know how to correct this anyway.
 

I ran the AVG removal tool after OTL. Would this make a difference?

It doesn't matter.
If the files have already been removed, the fix will just skip that part.
 

As for the other logs, I'll run the application and post them right after.

Ok, just make sure that Combofix is run after the Otl fix and AdwCleaner.... or the combofix report may well show entries that have since been removed.

Edited by Starbuck, 17 September 2013 - 10:39 AM.

BBPP6nz.png


#11 Available

Available
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 20 September 2013 - 05:42 PM

Here are the requested logs:

 

 

 

OTL

 

 

All processes killed
========== OTL ==========
No active process named Program Files was found!
Error: No service named AVGIDSAgent was found to stop!
Service\Driver key AVGIDSAgent not found.
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe moved successfully.
Error: No service named avgwd was found to stop!
Service\Driver key avgwd not found.
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
C:\Program Files (x86)\AVG\AVG2012\Firefox4\Components folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\Firefox4\Chrome folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\Firefox4 folder moved successfully.
File C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\searchplugins\avg-secure-search.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\battlefieldheroes.com\www\ deleted successfully.
C:\Program Files (x86)\AVG\AVG2012\avgpp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
File C:\Program Files (x86)\AVG\AVG2012\avgpp.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mamo Family\Desktop\cmd.bat deleted successfully.
C:\Users\Mamo Family\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mamo Family
->Temp folder emptied: 810107466 bytes
->Temporary Internet Files folder emptied: 543055496 bytes
->Java cache emptied: 162666312 bytes
->FireFox cache emptied: 91900157 bytes
->Google Chrome cache emptied: 372236670 bytes
->Opera cache emptied: 19069885 bytes
->Flash cache emptied: 134666 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 500812909 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42362414 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 736 bytes
RecycleBin emptied: 3660551560 bytes
 
Total Files Cleaned = 5,916.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09182013_163103
 
Files\Folders moved on Reboot...
C:\Users\Mamo Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mamo Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

 

 

Adwcleaner

 

I have lost the Adwcleaner log. Well, not really lost but there's a bunch of Adwcleaner logs located at the C:\ drive and I'm not sure which one is the correct one. Would you like me to re-run Adwcleaner?

 

 

 

 

ComboFix

 

 

ComboFix 13-09-19.01 - Mamo Family 21/09/2013   9:37.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.4060.2351 [GMT 12:00]
Running from: c:\users\Mamo Family\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\fraps.exe
c:\program files (x86)\fraps32.dll
c:\program files (x86)\fraps64.dat
c:\program files (x86)\fraps64.dll
c:\program files (x86)\frapslcd.dll
c:\program files (x86)\Program Files
c:\program files (x86)\Program Files\Setup\unins000.dat
c:\program files (x86)\Program Files\Setup\unins000.exe
c:\programdata\1330230648.bdinstall.bin
c:\programdata\1330236089.bdinstall.bin
c:\programdata\1330236415.bdinstall.bin
c:\programdata\1331715351.bdinstall.bin
c:\programdata\1338611091.bdinstall.bin
c:\programdata\1341546376.bdinstall.bin
C:\readme.txt
c:\users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Mamo Family\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Mamo Family\AppData\Roaming\Microsoft\~DFK7f5f51.tmp
c:\users\Mamo Family\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Mamo Family\AppData\Roaming\Microsoft\bass.dll
c:\users\Mamo Family\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Mamo Family\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Mamo Family\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\MAMOFA~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\X86
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-20 to 2013-09-20  )))))))))))))))))))))))))))))))
.
.
2013-09-19 10:51 . 2013-09-19 10:51 0 ----a-w- c:\windows\SysWow64\sho2497.tmp
2013-09-19 09:42 . 2013-09-19 09:42 -------- d-----w- c:\users\Mamo Family\VirtualBox VMs
2013-09-19 09:41 . 2013-09-19 09:47 -------- d-----w- c:\users\Mamo Family\.VirtualBox
2013-09-19 09:39 . 2013-07-04 03:58 238352 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-09-19 09:39 . 2013-07-04 03:57 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-09-19 09:38 . 2013-09-19 09:38 -------- d-----w- c:\program files\Oracle
2013-09-18 06:32 . 2013-09-18 07:44 -------- d-----w- c:\users\Mamo Family\AppData\Roaming\Notesave
2013-09-18 04:31 . 2013-09-18 04:31 -------- d-----w- C:\_OTL
2013-09-17 07:30 . 2013-09-17 08:16 -------- d-----w- C:\AdwCleaner
2013-09-16 08:44 . 2011-12-15 08:29 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2013-09-16 08:44 . 2013-09-16 08:47 -------- d-----w- c:\program files\CyberGhost VPN
2013-09-15 07:26 . 2013-09-15 07:26 -------- d-----w- c:\users\Mamo Family\AppData\Roaming\puush
2013-09-15 07:26 . 2013-09-15 07:27 -------- d-----w- c:\program files (x86)\puush
2013-09-15 07:23 . 2013-09-15 07:23 -------- d-----w- c:\users\Mamo Family\AppData\Roaming\Gyazo
2013-09-15 07:22 . 2013-09-15 07:22 -------- d-----w- c:\program files (x86)\Gyazo
2013-09-14 03:00 . 2013-09-14 03:00 -------- d-----w- c:\users\Mamo Family\AppData\Local\Avg2014
2013-09-11 10:49 . 2013-08-10 05:21 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-11 05:10 . 2013-09-11 05:10 -------- d-----w- c:\windows\ERUNT
2013-09-11 04:50 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-11 04:50 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-03 05:09 . 2013-09-03 05:09 -------- d-----w- c:\programdata\SystemRequirementsLab
2013-09-02 07:37 . 2013-09-02 07:37 -------- d-----w- c:\users\Mamo Family\AppData\Roaming\Proxifier
2013-09-02 07:36 . 2012-04-02 07:24 56936 ----a-w- c:\windows\system32\PrxerNsp.dll
2013-09-02 07:36 . 1997-06-06 03:52 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL
2013-09-02 07:36 . 2012-04-02 07:24 76392 ----a-w- c:\windows\system32\PrxerDrv.dll
2013-09-02 07:36 . 2012-04-02 07:24 70248 ----a-w- c:\windows\SysWow64\PrxerDrv.dll
2013-09-02 07:36 . 2012-04-02 07:24 56424 ----a-w- c:\windows\SysWow64\PrxerNsp.dll
2013-09-02 07:36 . 2012-04-02 07:24 103016 ----a-w- c:\windows\system32\ProxifierShellExt.dll
2013-09-02 07:36 . 2012-04-02 07:24 91240 ----a-w- c:\windows\SysWow64\ProxifierShellExt.dll
2013-09-02 07:36 . 2013-09-02 07:36 -------- d-----w- c:\program files (x86)\Proxifier
2013-09-01 02:57 . 2013-09-20 22:05 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-09-01 02:57 . 2013-09-01 02:57 -------- d-----w- c:\users\Mamo Family\AppData\Local\SlimWare Utilities Inc
2013-09-01 02:56 . 2013-09-01 02:56 -------- d-----w- c:\program files (x86)\SlimDrivers
2013-08-30 07:26 . 2013-08-30 07:27 -------- d-----w- c:\program files (x86)\Bandicam
2013-08-27 07:55 . 2013-08-29 09:24 -------- d-----w- c:\users\Mamo Family\AppData\Roaming\Malicious Batch Analyzer (MBA)
2013-08-27 07:53 . 2013-08-27 07:53 65 ----a-w- C:\Hi.bat
2013-08-26 05:37 . 2013-08-26 05:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 08:52 . 2012-09-29 00:16 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-20 08:52 . 2010-11-24 05:33 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-20 08:39 . 2012-09-29 00:16 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-20 06:58 . 2012-04-21 00:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 06:58 . 2011-05-20 11:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 10:42 . 2010-11-30 02:47 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 05:32 . 2013-09-18 03:57 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F52F55FF-59D0-4988-8C73-A7A1CCC662EA}\mpengine.dll
2013-08-06 16:22 . 2011-03-07 05:30 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-05 06:15 . 2013-08-05 06:15 70712 ----a-w- c:\windows\system32\bdmpega64.acm
2013-08-05 06:15 . 2013-08-05 06:15 66104 ----a-w- c:\windows\SysWow64\bdmpega.acm
2013-08-05 06:15 . 2013-08-05 06:15 70200 ----a-w- c:\windows\system32\bdmpegv64.dll
2013-08-05 06:15 . 2013-08-05 06:15 66104 ----a-w- c:\windows\SysWow64\bdmpegv.dll
2013-08-05 06:15 . 2013-08-05 06:15 25640 ----a-w- c:\windows\system32\bdmjpeg64.dll
2013-08-05 06:15 . 2013-08-05 06:15 23080 ----a-w- c:\windows\SysWow64\bdmjpeg.dll
2013-08-02 07:54 . 2013-08-02 07:54 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-08-02 07:54 . 2013-08-02 07:54 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-08-02 01:48 . 2013-09-11 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 04:11 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 04:11 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 04:11 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 04:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-18 11:57 . 2013-07-18 11:57 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-18 11:57 . 2012-07-21 02:57 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-18 11:57 . 2010-11-15 09:35 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-09 05:52 . 2013-08-14 04:12 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 04:11 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 04:12 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 04:12 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 04:12 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 04:11 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 04:12 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 04:12 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 04:12 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 04:12 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-08 20:59 . 2013-04-15 06:38 708632 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-07-08 06:06 . 2013-07-07 00:28 775168 ----a-w- C:\OSHFusion.dll
2013-07-06 06:03 . 2013-08-14 04:10 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-05 02:08 . 2013-07-07 00:28 58880 ----a-w- C:\OSHFusion.exe
2013-07-04 03:57 . 2013-07-04 03:57 146704 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-07-04 03:57 . 2013-07-04 03:57 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-07-04 03:56 . 2013-07-04 03:56 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-07-03 10:59 . 2013-07-03 10:59 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-07-03 10:59 . 2013-07-03 10:59 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-07-03 10:59 . 2013-07-03 10:59 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-03 10:59 . 2013-07-03 10:59 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-07-03 10:59 . 2013-07-03 10:59 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-03 10:59 . 2013-07-03 10:59 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-03 10:59 . 2013-07-03 10:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-03 10:59 . 2013-07-03 10:59 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-03 10:59 . 2013-07-03 10:59 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-03 10:59 . 2013-07-03 10:59 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-03 10:59 . 2013-07-03 10:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-03 10:59 . 2013-07-03 10:59 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-03 10:59 . 2013-07-03 10:59 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-07-03 10:59 . 2013-07-03 10:59 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-03 10:59 . 2013-07-03 10:59 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-03 10:59 . 2013-07-03 10:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-03 10:59 . 2013-07-03 10:59 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-03 10:59 . 2013-07-03 10:59 216064 ----a-w- c:\windows\system32\msls31.dll
2013-07-03 10:59 . 2013-07-03 10:59 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-03 10:59 . 2013-07-03 10:59 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-03 10:59 . 2013-07-03 10:59 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-03 10:59 . 2013-07-03 10:59 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-03 10:59 . 2013-07-03 10:59 81408 ----a-w- c:\windows\system32\icardie.dll
2013-07-03 10:59 . 2013-07-03 10:59 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-03 10:59 . 2013-07-03 10:59 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-07-03 10:59 . 2013-07-03 10:59 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-03 10:59 . 2013-07-03 10:59 441856 ----a-w- c:\windows\system32\html.iec
2013-07-03 10:59 . 2013-07-03 10:59 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-03 10:59 . 2013-07-03 10:59 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-03 10:59 . 2013-07-03 10:59 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-03 10:59 . 2013-07-03 10:59 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-07-03 10:59 . 2013-07-03 10:59 235008 ----a-w- c:\windows\system32\url.dll
2013-07-03 10:59 . 2013-07-03 10:59 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-07-03 10:59 . 2013-07-03 10:59 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-03 10:59 . 2013-07-03 10:59 144896 ----a-w- c:\windows\system32\wextract.exe
2013-07-03 10:59 . 2013-07-03 10:59 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-03 10:59 . 2013-07-03 10:59 102912 ----a-w- c:\windows\system32\inseng.dll
2013-07-03 10:59 . 2013-07-03 10:59 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-03 10:59 . 2013-07-03 10:59 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-03 10:59 . 2013-07-03 10:59 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-07-03 10:59 . 2013-07-03 10:59 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-03 10:59 . 2013-07-03 10:59 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-03 10:59 . 2013-07-03 10:59 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-07-03 10:59 . 2013-07-03 10:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-03 10:59 . 2013-07-03 10:59 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-03 10:59 . 2013-07-03 10:59 13824 ----a-w- c:\windows\system32\mshta.exe
2013-07-03 10:59 . 2013-07-03 10:59 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-07-03 10:59 . 2013-07-03 10:59 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-03 10:59 . 2013-07-03 10:59 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-27 22:17 . 2013-03-01 06:57 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 22:17 . 2012-07-06 04:01 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 22:17 . 2012-07-06 04:00 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-26 07:21 . 2013-06-26 07:21 23208 ----a-w- c:\windows\system32\drivers\Sftvollh.sys
2013-06-26 07:21 . 2013-06-26 07:21 28840 ----a-w- c:\windows\system32\drivers\Sftredirlh.sys
2013-06-26 07:21 . 2013-06-26 07:21 273576 ----a-w- c:\windows\system32\drivers\Sftplaylh.sys
2013-06-26 07:21 . 2013-06-26 07:21 1777320 ----a-w- c:\windows\system32\sftldr.dll
2013-06-26 07:21 . 2013-06-26 07:21 1130664 ----a-w- c:\windows\SysWow64\sftldr_wow64.dll
2013-06-26 07:21 . 2013-06-26 07:21 767144 ----a-w- c:\windows\system32\drivers\Sftfslh.sys
2013-06-23 07:13 . 2010-11-24 04:55 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 759384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-20 19875432]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-03 39408]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-08-21 2989160]
"puush"="c:\program files (x86)\puush\puush.exe" [2013-09-15 567880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-07-14 508048]
.
c:\users\Mamo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-8-3 28057256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys;c:\windows\SYSNATIVE\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va006;X6va006;c:\users\MAMOFA~1\AppData\Local\Temp\006697C.tmp;c:\users\MAMOFA~1\AppData\Local\Temp\006697C.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 FlyCryptor;FlyCryptor;SysWOW64\drivers\FlyCryptor64.sys;SysWOW64\drivers\FlyCryptor64.sys [x]
S1 VBoxDRV;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 06:58]
.
2013-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000Core.job
- c:\users\Mamo Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-25 04:30]
.
2013-09-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000UA.job
- c:\users\Mamo Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-25 04:30]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 10:44]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 10:44]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000Core.job
- c:\users\Mamo Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 09:10]
.
2013-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000UA.job
- c:\users\Mamo Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 09:10]
.
2013-09-20 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-07-09 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-20 472992]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{177A67E4-818A-46B5-9377-6C60DB02552E}: NameServer = 203.97.78.43,203.96.152.12
FF - ProfilePath - c:\users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: browser.startup.homepage - hxxp://msn.co.nz/?pc=UP21&ocid=UP21DHP&dt=050913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050913&q=
FF - ExtSQL: !HIDDEN! 2011-03-23 12:53; m3ffxtbr@mywebsearch.com; c:\program files (x86)\MyWebSearch\bar\3.bin
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-Installer Setup_is1 - c:\program files (x86)\Program Files\Setup\unins000.exe
AddRemove-{6B794BA0-DAF8-4527-8E15-165BA3EBC423} - c:\program files (x86)\Folder Crypto Password\Uninstall.exe
AddRemove-Torch - c:\users\Mamo Family\AppData\Local\Torch\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\MAMOFA~1\AppData\Local\Temp\006697C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-718463087-3605604113-3917260930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-718463087-3605604113-3917260930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*p*n*g*. \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-718463087-3605604113-3917260930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-718463087-3605604113-3917260930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* * . / * . / r*a*r*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2013-09-21  10:19:29 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-20 22:19
.
Pre-Run: 146,596,556,800 bytes free
Post-Run: 145,824,952,320 bytes free
.
- - End Of File - - 518392E58D1310C5F90CE313185D5F21
A36C5E4F47E84449FF07ED3517B43A31
 

 

 



#12 Available

Available
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 21 September 2013 - 02:41 AM

Oh and I wanted to ask: Do you see anything harmful in the logs?

Hope you don't mind answering.  :guitar:



#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:41 AM

Posted 21 September 2013 - 08:13 AM

Hi Available
 

not really lost but there's a bunch of Adwcleaner logs located at the C:\ drive and I'm not sure which one is the correct one. Would you like me to re-run Adwcleaner?

No don't run it again..... it wouldn't show what was deleted before.

Have a look on the C Drive..... you are looking for a file like this:
AdwCleaner[SX].txt (the S denotes it's a cleaning report... and x is the number of times the clean procedure has been run, so we want the highest number)
 

Total Files Cleaned = 5,916.00 mb

That's quite a sizable chunck of rubbish removed, the system must run better for that.
 

Do you see anything harmful in the logs?
Hope you don't mind answering

Of course i don't mind.
Combofix was worth running as you can see it remove some objects.
There are still a few things in the report to remove and a lot of registry settings that are locked.
We'll sort all that out with a script.
On the whole, the reports are beginning to look a lot better now.
It's basically tidying up now and then check for any leftovers that may have been missed.

Step 1
I see that Windows Defender is still running.
Normally this would have been disabled by Avast ( and many other AV's) because it can cause conflicts with the realtime scanner.
It should really be disabled:
  • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings >> Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.
  • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
Step 2
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

Driver::
X6va006

File::
c:\users\MAMOFA~1\AppData\Local\Temp\006697C.tmp

Folder::
c:\users\Mamo Family\AppData\Local\Avg2014
c:\program files (x86)\MyWebSearch

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.
cf.gif

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash


In your next reply, please submit:
New Combofix.txt that comes up after the fix.
Also let me know how the system is running now and whether the original problems have been cured.

Thanks.

BBPP6nz.png


#14 Available

Available
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 24 September 2013 - 03:04 AM

Hey!

 

Is it okay if I deliver the logs in the weekend? (In three days).

 

Oh and I don't think the Adwcleaner log was saved correctly as it only contains bit of text --->

 

 

 

# AdwCleaner v2.301 - Logfile created 06/08/2013 at 22:02:51
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mamo Family - MAMOFAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Mamo Family\Desktop\Folder\Desktop\Folders\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 

 



#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:09:41 AM

Posted 24 September 2013 - 11:22 AM

Hi Available

Is it okay if I deliver the logs in the weekend?

Yes that's fine.
Thanks for letting me know.

I don't think the Adwcleaner log was saved correctly as it only contains bit of text

In that case run it again using the previous instructions, let's make sure that it removed anything that it found.

Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users