Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

infection somewhere but not sure where !

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

infection somewhere but not sure where !

Unread postby samsbase » September 8th, 2011, 5:04 am

So a few days ago i get 2 emails saying I have bought 11000 microsoft points on my windows live account. I hadn't (and its a very large amount of points) so i knew my pc had been compromised. After getting the account into the right channels at microsoft and passwords changed etc I ran a virus scan with my paid antivirus ESET smart security and nothing was found. Knowing that there must be something I went on this forum and read some posts and found one saying malwarebytes was a good thing to run too so I did and it found these two files :
c:\FPipe.exe (PUP.FPipe) -> Quarantined and deleted successfully.
c:\sl.exe (HackTool.Scanline) -> Quarantined and deleted successfully.

throughout this whole ordeal eset has regulaly been popping up firewall warnings that have said a remote computer is trying to access your computer and the advanced settings listed the file they were accessing as "system" here is a tiny part the log from ESET (tried to post the whole thing but your forum has a character limit on posts sorry):

25/06/2011 15:29:19 Detected covert channel exploit in ICMP packet 192.168.1.5 202.129.206.232 ICMP
25/06/2011 15:29:19 Detected covert channel exploit in ICMP packet 192.168.1.5 83.169.156.154 ICMP
25/06/2011 15:29:19 Detected covert channel exploit in ICMP packet 192.168.1.5 208.115.227.122 ICMP
25/06/2011 15:29:19 Detected covert channel exploit in ICMP packet 192.168.1.5 91.5.25.32 ICMP
25/06/2011 15:29:19 Detected covert channel exploit in ICMP packet 192.168.1.5 68.10.8.58 ICMP

so it started on the 25th of june it seems. After malwarebytes found the two files mentioned earlier I thought it would be ok, but since then i have had another 2 or 3 attempts to access my computer pop up on my firewall so I've come to you !

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Sam Byard at 9:48:38 on 2011-09-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4030.1373 [GMT 1:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\STacSV64.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\calc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Program Files\Synergy\qsynergy.exe
C:\Program Files\Synergy\synergys.exe
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe
C:\Program Files (x86)\EVEMon\EVEMon.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\Asc.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\League of Legends\RADS\system\rads_user_kernel.exe
C:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.30\deploy\LoLLauncher.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
uRun: [Google Update] "C:\Users\Sam Byard\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Sam Byard\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\SAMBYA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - C:\Program Files (x86)\Bitcoin\bitcoin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{3A462397-8C90-45B9-A551-61DF25626E96} : DhcpNameServer = 10.203.129.68 10.203.129.68
TCP: Interfaces\{B78E9E1B-9758-4EE3-827C-947214C7C1BF} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sam Byard\AppData\Roaming\Mozilla\Firefox\Profiles\jr85emb2.Samsb\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Sam Byard\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Sam Byard\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]
R3 SaiK0CFA;SaiK0CFA;C:\Windows\system32\DRIVERS\SaiK0CFA.sys --> C:\Windows\system32\DRIVERS\SaiK0CFA.sys [?]
R3 SaiU0CFA;SaiU0CFA;C:\Windows\system32\DRIVERS\SaiU0CFA.sys --> C:\Windows\system32\DRIVERS\SaiU0CFA.sys [?]
S3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys --> C:\Windows\system32\drivers\CM10864.sys [?]
.
=============== Created Last 30 ================
.
2011-09-07 19:05:40 -------- d-----w- C:\Users\Sam Byard\AppData\Roaming\Malwarebytes
2011-09-07 19:04:43 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-07 19:04:42 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-07 19:04:39 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-07 19:04:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-07 03:04:21 -------- d-----w- C:\Users\Sam Byard\AppData\Local\Chromium
2011-09-07 03:00:19 -------- d-----w- C:\Program Files (x86)\Overwolf
2011-09-07 02:49:54 -------- d-----w- C:\Users\Sam Byard\AppData\Local\Overwolf
2011-09-06 14:30:22 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A8B09EA-00AF-43DC-A617-62B576926352}\mpengine.dll
2011-09-05 23:59:52 -------- d-----w- C:\Program Files (x86)\Three Rings Design
2011-08-29 01:55:02 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-08-25 23:25:47 -------- d-----w- C:\Users\Sam Byard\AppData\Local\dxhr
2011-08-25 23:24:33 -------- d-----w- C:\Users\Sam Byard\AppData\Local\28050
2011-08-25 22:05:40 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-08-24 01:42:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 01:42:33 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-19 13:31:18 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2011-08-19 13:31:18 -------- d-----w- C:\Program Files\Virtual Audio Cable
2011-08-19 13:06:29 -------- d-----w- C:\ProgramData\firebird
2011-08-19 13:06:26 -------- d-----w- C:\Users\Sam Byard\AppData\Local\SpacialAudio
2011-08-19 13:05:00 548864 ----a-w- C:\Windows\SysWow64\GDS32.DLL
2011-08-19 13:04:59 855552 ----a-w- C:\Windows\System32\GDS32.DLL
2011-08-19 13:04:00 -------- d-----w- C:\Program Files\Firebird
2011-08-19 13:03:35 -------- d-----w- C:\Program Files (x86)\SpacialAudio
2011-08-19 03:07:40 21073936 ----a-w- C:\vlc-1.1.11-win32.exe
2011-08-19 03:01:13 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-08-19 00:17:15 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-08-19 00:17:15 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-08-19 00:17:15 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2011-08-19 00:17:15 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-08-19 00:17:15 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-08-19 00:17:14 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2011-08-19 00:17:14 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-08-19 00:17:14 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-08-19 00:17:14 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-08-19 00:17:14 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-08-19 00:17:14 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-08-18 22:12:32 -------- d-----w- C:\Program Files (x86)\Heroes of Newerth
2011-08-18 16:18:25 51472 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\rmdll\Final\RandomMap.dll
2011-08-18 16:18:25 19216 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\rmdll\Final\CLRBinder.dll
2011-08-18 16:18:25 13584 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\rmdll\Final\RandomMapBinder.dll
2011-08-18 16:14:30 81998 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\RockallDLL.dll
2011-08-18 16:14:29 746496 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\granny2.dll
2011-08-18 16:14:27 139536 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\eulax.dll
2011-08-18 16:14:25 173408 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires Online\pw32b.dll
2011-08-18 16:11:54 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-08-18 16:10:23 -------- d-----w- C:\Windows\SysWow64\xlive
2011-08-18 16:10:16 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-08-18 00:03:19 -------- d-----w- C:\Users\Sam Byard\riotsGamesLogs
2011-08-17 17:23:31 -------- d-----w- C:\Users\Sam Byard\AppData\Local\Ubisoft Game Launcher
2011-08-16 00:17:16 -------- d-----w- C:\Users\Sam Byard\AppData\Roaming\mIRC
2011-08-16 00:17:16 -------- d-----w- C:\Program Files (x86)\mIRC
2011-08-14 18:35:00 -------- d-----w- C:\NVIDIA Corporation
2011-08-14 18:26:16 61544 ----a-w- C:\Windows\System32\nvshext.dll
2011-08-14 18:26:15 980072 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-08-14 18:26:15 3021416 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-08-14 18:26:14 836200 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-08-14 18:26:14 6136936 ----a-w- C:\Windows\System32\nvcpl.dll
2011-08-14 18:26:14 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-08-14 18:25:36 -------- d-----w- C:\ProgramData\NVIDIA Corporation
.
==================== Find3M ====================
.
2011-09-05 15:46:20 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-05 15:46:09 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-05 15:44:00 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-08-16 23:48:20 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-08-16 23:48:20 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-08-16 23:48:20 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-08-16 23:48:19 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-08-03 02:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-07-31 17:26:55 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-11 00:15:38 93008 ----a-w- C:\Windows\System32\mfcm100u.dll
.
============= FINISH: 9:50:46.47 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 28/11/2010 03:45:57
System Uptime: 20/08/2011 23:13:24 (442 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 0.904 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 3.394 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 120.295 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: XPS MiniView
Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Manufacturer: Microsoft Co
Name: XPS MiniView
PNP Device ID: USB\VID_BEEF&PID_0006\AAAAAAAAAAAAAAAAAAAA
Service: WUDFRd
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Intel(R) ICH9 Family USB Universal Host Controller - 2938
Device ID: PCI\VEN_8086&DEV_2938&SUBSYS_02151028&REV_02\3&172E68DD&0&D1
Manufacturer: Intel
Name: Intel(R) ICH9 Family USB Universal Host Controller - 2938
PNP Device ID: PCI\VEN_8086&DEV_2938&SUBSYS_02151028&REV_02\3&172E68DD&0&D1
Service: usbuhci
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3DMark 11
Adobe AIR
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.6
Advanced SystemCare 4
Age of Empires Online
AnalogX NetStat Live
APB Reloaded
Apollo 37zz
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: British Armed Forces
ARMA 2: British Armed Forces - Data cache removal
ARMA 2: Operation Arrowhead
ARMA 2: Private Military Company
ARMA 2: Private Military Company - Data cache removal
µTorrent
BattlEye for OA Uninstall
BattlEye Uninstall
Bejeweled 3
Bitcoin
BOSS
Braid
Brink
Bullet Candy
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Cheat Engine 6.0
Click to Call with Skype
Cogs
Commander Keen Complete Pack
Crayon Physics Deluxe
Crysis® 2
Curse Client
D3DX10
Defense Grid: The Awakening
Deus Ex: Human Revolution
DivX Web Player
Dual-Core Optimizer
Duke Nukem Forever
Dungeons of Dredmor
EVEMon
EverQuest
EVGA OC Scanner 1.7.0
EVGA Precision 2.0.2
Facebook Video Calling 1.0.0.8177
foobar2000 v1.1.5
Fraps (remove only)
From Dust
Frozen Synapse
Futuremark SystemInfo
Game Booster 3
GamersFirst LIVE!
GoldWave v5.58
Google Chrome
Hacker Evolution
Hacker Evolution - Untold
Hacker Evolution Duality
Hammerfight
Harvest Massive Encounter
Heroes of Newerth
Impulse
Inkscape 0.48.0
jahPlayer
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
League of Legends
League of Legends - ACE Client
Legend of Fae
Little SineGen 1.00
Live 8.2.2
Machinarium
Magicka
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
mIRC
MozBackup 1.4.10
Mozilla Firefox (3.6.12)
Mozilla Firefox 7.0 (x86 en-GB)
Mozilla Thunderbird (3.1.6)
MSI to redistribute MS VS2005 CRT libraries
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4
Mumble 1.2.3
Nmap 5.51
NVIDIA 3D Vision Controller Driver
NVIDIA Alien vs. Triangles demo
NVIDIA Endless City demo
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion mod manager 1.1.12
Octoshape add-in for Adobe Flash Player
OpenAL
OpenLibraries
OpenOffice.org 3.3
Origin
Osmos
Overwolf
Pando Media Booster
PCMark 7
Pinnacle VideoSpin
PlayerScore
Portal 2
Privoxy (remove only)
PunkBuster Services
Puzzle Pirates
QuickTime
RecursiveWorld
Red Orchestra 2: Heroes of Stalingrad Beta
Revenge of the Titans
SAM Broadcaster v4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
SigmaTel Audio
SimCity 4 Deluxe
Sins of a Solar Empire
Sins of a Solar Empire - Diplomacy
Sins of a Solar Empire - Entrenchment
Skype™ 5.5
Smart Defrag 2
Spiral Knights
Steel Storm: Burning Retribution
Super Meat Boy
swMSM
Synergy
System Requirements Lab CYRI
Team Fortress 2
Terraria
The Elder Scrolls IV: Oblivion
Trillian
Two Worlds II Castle Defense Lite
Ubisoft Game Launcher
Unlocker 1.9.0
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VC80CRTRedist - 8.0.50727.762
VirtualCloneDrive
VLC media player 1.1.11
VVVVVV
WebcamMax
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinSCP 4.3.2
World of Logs Client
XSplit
.
==== Event Viewer Messages From Past Week ========
.
08/09/2011 03:49:35, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
05/09/2011 07:47:48, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
01/09/2011 01:48:39, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/09/2011 01:48:39, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
01/09/2011 01:48:39, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/09/2011 01:48:39, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/09/2011 01:48:39, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/09/2011 01:48:39, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
01/09/2011 01:48:39, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
samsbase
Active Member
 
Posts: 4
Joined: September 8th, 2011, 4:52 am
Advertisement
Register to Remove

Re: infection somewhere but not sure where !

Unread postby MWR 3 day Mod » September 12th, 2011, 3:31 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: infection somewhere but not sure where !

Unread postby deltalima » September 14th, 2011, 2:21 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: infection somewhere but not sure where !

Unread postby deltalima » September 14th, 2011, 2:35 pm

Hi samsbase,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: infection somewhere but not sure where !

Unread postby samsbase » September 14th, 2011, 2:50 pm

the files in cygwin are pentesting tools not software cracks for clarification

CKScanner - Additional Security Risks - These are not necessarily bad
c:\cygwin\bin\fcrackzip.exe
c:\cygwin\bin\fcrackzipinfo.exe
c:\cygwin\bin\ssh-keygen.exe
c:\cygwin\etc\setup\fcrackzip.lst.gz
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\anubiskeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\blowfishkeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\cast5keygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\deskeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\khazadkeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\rijndaelkeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\secretkeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\serpentkeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\squarekeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\tripledeskeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\gnu\javax\crypto\jce\key\twofishkeygeneratorimpl.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\java\security\spec\rsakeygenparameterspec.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\javax\crypto\keygenerator.h
c:\cygwin\lib\gcc\i686-pc-cygwin\4.3.4\include\c++\javax\crypto\keygeneratorspi.h
c:\cygwin\lib\pl-5.6.36\lib\i686-cygwin\crypt.dll
c:\cygwin\lib\python2.6\lib-dynload\crypt.dll
c:\cygwin\lib\python2.6\site-packages\numpy\f2py\crackfortran.py
c:\cygwin\lib\python2.6\site-packages\numpy\f2py\crackfortran.pyc
c:\cygwin\lib\python2.6\site-packages\numpy\f2py\crackfortran.pyo
c:\cygwin\usr\include\java\security\spec\rsakeygenparameterspec.h
c:\cygwin\usr\sbin\dnssec-keygen.exe
c:\cygwin\usr\share\doc\cygwin\fcrackzip-0.3.readme
c:\cygwin\usr\share\doc\fcrackzip-0.3\authors
c:\cygwin\usr\share\doc\fcrackzip-0.3\copying
c:\cygwin\usr\share\doc\fcrackzip-0.3\fcrackzip.html
c:\cygwin\usr\share\doc\fcrackzip-0.3\fcrackzip.txt
c:\cygwin\usr\share\doc\fcrackzip-0.3\install
c:\cygwin\usr\share\doc\fcrackzip-0.3\news
c:\cygwin\usr\share\doc\fcrackzip-0.3\readme
c:\cygwin\usr\share\man\man1\fcrackzip.1.gz
c:\cygwin\usr\share\man\man1\fcrackzipinfo.1.gz
c:\cygwin\usr\share\man\man1\ssh-keygen.1.gz
c:\cygwin\usr\share\man\man8\dnssec-keygen.8.gz
c:\ftp%3a%2f%2fcygwin.mirrors.pair.com%2f\release\fcrackzip\fcrackzip-0.3-1.tar.bz2
c:\program files (x86)\gamersfirst\apb reloaded\apbgame\content\release\packages\symboleditor\primitives_splatscracks.upk
c:\program files (x86)\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked01_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\puzzle pirates\rsrc\bundles\tiles\outdoors\base\bundle\crackedmud.raw
c:\program files (x86)\steam\steamapps\common\puzzle pirates\rsrc\bundles\tiles\outdoors\structures\bundle\jettyedge_crack.raw
c:\program files (x86)\steam\steamapps\common\puzzle pirates\rsrc\bundles\tiles\treasures\misc\bundle\firecrackers.raw
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\decals\deco\plastercrack01_ivy.vmt
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\decals\deco\plastercrack01_ivy.vtf
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\decals\misc\sga_longcrack_decal_lg.vmt
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\decals\misc\sga_longcrack_decal_lg.vtf
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\glass\frosted_crack.vmt
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\glass\frosted_crack.vtf
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\wall\blueplastercrack_ivy.vmt
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\wall\blueplastercrack_ivy.vtf
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\wall\crackyplastertrim_ivy.vmt
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\wall\crackyplastertrim_ivy.vtf
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\wall\crackyplasterwall1_ivy.vmt
c:\program files (x86)\steam\steamapps\sourcemods\neotokyosource\materials\wall\crackyplasterwall1_ivy.vtf
c:\program files (x86)\three rings design\puzzle pirates\rsrc\bundles\tiles\outdoors\base\bundle\crackedmud.raw
c:\program files (x86)\three rings design\puzzle pirates\rsrc\bundles\tiles\outdoors\structures\bundle\jettyedge_crack.raw
c:\program files (x86)\three rings design\puzzle pirates\rsrc\bundles\tiles\treasures\misc\bundle\firecrackers.raw
scanner sequence 3.ZZ.11.AFAPQH
----- EOF -----
samsbase
Active Member
 
Posts: 4
Joined: September 8th, 2011, 4:52 am

Re: infection somewhere but not sure where !

Unread postby deltalima » September 14th, 2011, 3:02 pm

Hi samsbase,

Your C: drive is dangerously low on disk space.

C: is FIXED (NTFS) - 283 GiB total, 0.904 GiB free.


Please free up some disk space before continuing. Ideally there should be at least 10% free.

Please uninstall Advanced SystemCare 4 as it may interfere with our scans and fixes.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

the files in cygwin are pentesting tools



Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: infection somewhere but not sure where !

Unread postby samsbase » September 14th, 2011, 3:43 pm

Just for home use, mainly gaming



OTL logfile created on: 14/09/2011 20:28:37 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Sam Byard\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 24.95% Memory free
11.75 Gb Paging File | 7.65 Gb Available in Paging File | 65.10% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.03 Gb Total Space | 28.70 Gb Free Space | 10.14% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 3.39 Gb Free Space | 22.62% Space Free | Partition Type: NTFS
Drive H: | 955.72 Mb Total Space | 625.03 Mb Free Space | 65.40% Space Free | Partition Type: FAT

Computer Name: SAMSBASE | User Name: Sam Byard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sam Byard\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Sam Byard\Downloads\CKScanner.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\IObit\Game Booster\gbtray.exe (IObit)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\foobar2000\foobar2000.exe ()
PRC - C:\Program Files\Synergy\qsynergy.exe ()
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\EFT2.13.1\EFT.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Sam Byard\Downloads\CKScanner.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Program Files (x86)\IObit\Game Booster\sqlite3.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\foobar2000\foobar2000.exe ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_cdda.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_converter.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_unpack.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_input_std.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll ()
MOD - C:\Program Files (x86)\foobar2000\components\foo_fileops.dll ()
MOD - C:\Program Files (x86)\foobar2000\shared.dll ()
MOD - C:\Program Files (x86)\IObit\Game Booster\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Game Booster\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Game Booster\maddisAsm_.bpl ()
MOD - C:\Program Files\Synergy\qsynergy.exe ()
MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()
MOD - C:\EFT2.13.1\EFT.exe ()
MOD - C:\Program Files\Synergy\QtCore4.dll ()
MOD - C:\Program Files (x86)\foobar2000\zlib1.dll ()
MOD - C:\Program Files\Synergy\QtGui4.dll ()
MOD - C:\Program Files\Synergy\QtNetwork4.dll ()
MOD - C:\Program Files\Synergy\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files\Synergy\mingwm10.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (nlsvc) -- C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV:64bit: - (Synergy Server) -- C:\Program Files\Synergy\synergys.exe ()
SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV:64bit: - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (WMSVC) -- C:\Windows\SysNative\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\stacsv64.exe (SigmaTel, Inc.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (frameworkPostgreSQL) -- C:\Program Files (x86)\Rapid7\framework\postgresql\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (nltdi) -- C:\Program Files\NetLimiter 3\nltdi.sys (Locktime Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (SaiK0CFA) -- C:\Windows\SysNative\drivers\SaiK0CFA.sys (Saitek)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (SaiU0CFA) -- C:\Windows\SysNative\drivers\SaiU0CFA.sys (Saitek)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (USBPNPA) -- C:\Windows\SysNative\drivers\CM10864.sys (C-Media Electronics Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SaiK0728) -- C:\Windows\SysNative\drivers\SaiK0728.sys (Saitek)
DRV:64bit: - (STHDA) SigmaTel High Definition Audio CODEC (for 64-bit Windows) -- C:\Windows\SysNative\drivers\stwrt64.sys (SigmaTel, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 03 A2 D9 77 FD CB 01 [binary data]
IE - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sam Byard\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam Byard\AppData\Local\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam Byard\AppData\Local\Google\Update\1.3.21.67\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/06/14 21:39:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/20 20:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/09 15:36:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011/09/11 14:26:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/17 13:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/06/14 21:39:56 | 000,000,000 | ---D | M]

[2010/11/28 04:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam Byard\AppData\Roaming\Mozilla\Extensions
[2010/11/28 04:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam Byard\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/06 05:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam Byard\AppData\Roaming\Mozilla\Firefox\Profiles\jozd5h79.default\extensions
[2011/01/22 23:46:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sam Byard\AppData\Roaming\Mozilla\Firefox\Profiles\jozd5h79.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/06 05:08:55 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Sam Byard\AppData\Roaming\Mozilla\Firefox\Profiles\jozd5h79.default\extensions\cacaoweb@cacaoweb.org
[2011/01/27 01:44:09 | 000,000,000 | ---D | M] (Feedback) -- C:\Users\Sam Byard\AppData\Roaming\Mozilla\Firefox\Profiles\jozd5h79.default\extensions\testpilot@labs.mozilla.com
[2011/09/09 01:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam Byard\AppData\Roaming\Mozilla\Firefox\Profiles\jr85emb2.Samsb\extensions
[2011/09/09 01:04:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sam Byard\AppData\Roaming\Mozilla\Firefox\Profiles\jr85emb2.Samsb\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/23 17:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/09 21:18:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/09 21:17:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/27 06:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 06:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 06:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 06:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3712959989-1330060028-480819939-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3712959989-1330060028-480819939-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-EU06I.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3712959989-1330060028-480819939-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sam Byard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk = C:\Program Files (x86)\Bitcoin\bitcoin.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3712959989-1330060028-480819939-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A462397-8C90-45B9-A551-61DF25626E96}: DhcpNameServer = 10.203.129.68 10.203.129.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78E9E1B-9758-4EE3-827C-947214C7C1BF}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/24 01:07:01 | 000,000,261 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2008/08/24 01:07:01 | 000,000,261 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16db9f6e-95e5-11e0-9fe9-001d092885b8}\Shell - "" = AutoRun
O33 - MountPoints2\{16db9f6e-95e5-11e0-9fe9-001d092885b8}\Shell\AutoRun\command - "" = G:\RAY2.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/14 18:30:29 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/09/14 18:30:29 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/09/14 18:30:29 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/09/14 18:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/14 18:24:02 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/09/14 06:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2011/09/10 02:07:32 | 000,000,000 | ---D | C] -- C:\EVEMon_3002_2011-09-07
[2011/09/09 03:05:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/09 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\Documents\DeadIsland
[2011/09/08 16:26:06 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Local\PMB Files
[2011/09/08 16:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/09/08 16:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/09/08 11:21:35 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Roaming\WinPatrol
[2011/09/08 11:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2011/09/07 20:05:40 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Roaming\Malwarebytes
[2011/09/07 20:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/07 20:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/07 20:04:39 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/07 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/07 04:04:21 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Local\Chromium
[2011/09/07 04:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/09/07 04:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Overwolf
[2011/09/07 03:49:54 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Local\Overwolf
[2011/09/06 17:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2011/09/06 00:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Three Rings Design
[2011/09/01 16:39:11 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft
[2011/08/29 02:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/08/26 00:25:47 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Local\dxhr
[2011/08/26 00:24:33 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Local\28050
[2011/08/25 23:05:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/08/19 14:31:18 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
[2011/08/19 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
[2011/08/19 14:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2011/08/19 14:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2011/08/19 14:06:26 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Local\SpacialAudio
[2011/08/19 14:05:00 | 000,548,864 | ---- | C] (Firebird Project) -- C:\Windows\SysWow64\GDS32.DLL
[2011/08/19 14:04:59 | 000,855,552 | ---- | C] (Firebird Project) -- C:\Windows\SysNative\GDS32.DLL
[2011/08/19 14:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (x64)
[2011/08/19 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Firebird
[2011/08/19 14:03:54 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
[2011/08/19 14:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpacialAudio
[2011/08/19 04:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/08/19 04:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/19 03:01:21 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/19 03:01:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/19 03:01:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/19 03:01:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/19 03:01:18 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/19 03:01:18 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/19 03:01:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/19 03:01:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/19 03:01:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/19 01:17:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/19 01:17:15 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/19 01:17:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/19 01:17:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/19 01:17:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/19 01:17:14 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/19 01:17:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/19 01:17:14 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/19 01:17:14 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/19 01:17:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/19 01:16:56 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/08/19 01:16:55 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/08/19 01:16:55 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/08/19 01:16:54 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/08/19 01:16:54 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/08/19 01:16:53 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/08/19 01:16:53 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/08/19 01:16:53 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/08/19 01:16:53 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/08/19 01:16:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/08/19 01:16:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/08/19 01:16:52 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/08/19 01:16:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/08/19 01:16:33 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/19 01:16:33 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/19 01:16:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/19 01:16:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/19 01:16:33 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/19 01:16:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/19 01:16:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/19 01:16:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/19 01:16:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/19 01:16:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/19 01:16:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/19 01:16:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/19 01:16:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/19 01:16:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/19 01:16:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/19 01:16:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/19 01:16:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/19 01:16:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/19 01:16:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/19 01:16:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/19 01:16:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/19 01:16:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/19 01:16:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/19 01:16:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/19 01:16:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/08/19 01:16:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/08/19 01:16:19 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/19 01:16:18 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/19 01:16:17 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/18 23:15:10 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2011/08/18 23:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2011/08/18 23:15:07 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\Documents\Heroes of Newerth
[2011/08/18 23:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
[2011/08/18 17:38:09 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\Documents\Games for Windows - LIVE Demos
[2011/08/18 17:34:59 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\Documents\Spartan
[2011/08/18 17:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/08/18 17:10:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/08/18 17:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/08/18 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/08/18 01:03:19 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\riotsGamesLogs
[2011/08/17 18:28:52 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\Documents\Dust
[2011/08/17 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Local\Ubisoft Game Launcher
[2011/08/17 18:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/08/17 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\Documents\Osmos
[2011/08/16 01:17:16 | 000,000,000 | ---D | C] -- C:\Users\Sam Byard\AppData\Roaming\mIRC
[2011/08/16 01:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011/08/16 01:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC

========== Files - Modified Within 30 Days ==========

[2011/09/14 20:07:09 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3712959989-1330060028-480819939-1000UA.job
[2011/09/14 20:06:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3712959989-1330060028-480819939-1000Core.job
[2011/09/14 18:56:04 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3712959989-1330060028-480819939-1000UA.job
[2011/09/14 18:33:24 | 000,089,406 | ---- | M] () -- C:\minecraft.jar
[2011/09/14 18:30:17 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/09/14 18:30:17 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/09/14 18:30:17 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/09/14 18:30:17 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/09/14 10:58:00 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/09/14 06:46:09 | 000,282,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/09/14 06:46:09 | 000,282,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/14 06:27:58 | 000,290,496 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/09/14 06:19:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/14 05:05:02 | 000,709,968 | ---- | M] () -- C:\Windows\is-EU06I.exe
[2011/09/14 05:05:02 | 000,010,498 | ---- | M] () -- C:\Windows\is-EU06I.msg
[2011/09/14 05:05:02 | 000,000,393 | ---- | M] () -- C:\Windows\is-EU06I.lst
[2011/09/14 03:56:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3712959989-1330060028-480819939-1000Core.job
[2011/09/13 18:25:28 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 18:25:28 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/13 18:15:53 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2011/09/13 18:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/13 18:15:19 | 3169,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/13 03:06:18 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2011/09/12 21:21:13 | 000,726,986 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/12 21:21:13 | 000,146,590 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/12 21:21:12 | 000,865,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/12 00:54:58 | 000,020,572 | ---- | M] () -- C:\Users\Sam Byard\Documents\EVEMon_Settings_3002.xml.bak
[2011/09/11 14:26:55 | 000,002,162 | ---- | M] () -- C:\Users\Sam Byard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk
[2011/09/11 14:26:55 | 000,002,162 | ---- | M] () -- C:\Users\Sam Byard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 10.lnk
[2011/09/08 21:16:56 | 000,000,432 | ---- | M] () -- C:\Users\Sam Byard\Desktop\Resume Download of League of Legends.url
[2011/09/08 14:21:56 | 000,002,116 | ---- | M] () -- C:\Users\Sam Byard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/09/07 20:04:43 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/07 04:00:36 | 000,001,708 | ---- | M] () -- C:\Users\Public\Desktop\Overwolf.lnk
[2011/09/06 17:40:59 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/09/06 17:40:59 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011/09/03 21:26:21 | 000,002,381 | ---- | M] () -- C:\Users\Sam Byard\Desktop\Google Chrome.lnk
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/24 23:37:17 | 000,129,712 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/19 14:31:18 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
[2011/08/19 14:03:55 | 000,002,054 | ---- | M] () -- C:\Users\Sam Byard\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2011/08/19 14:03:55 | 000,002,030 | ---- | M] () -- C:\Users\Sam Byard\Desktop\SAM Broadcaster.lnk
[2011/08/19 13:45:14 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011/08/19 08:20:42 | 000,306,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/19 04:08:34 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/19 04:07:50 | 021,073,936 | ---- | M] () -- C:\vlc-1.1.11-win32.exe
[2011/08/19 03:57:32 | 000,850,888 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/18 23:15:14 | 000,001,951 | ---- | M] () -- C:\Users\Sam Byard\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2011/08/18 23:15:13 | 000,001,927 | ---- | M] () -- C:\Users\Sam Byard\Desktop\Heroes of Newerth.lnk
[2011/08/18 22:58:38 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/18 17:02:02 | 000,001,245 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/08/17 00:48:20 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/08/17 00:48:20 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/08/17 00:48:20 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/08/17 00:48:19 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/08/16 01:17:16 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk

========== Files Created - No Company Name ==========

[2011/09/14 18:33:22 | 000,089,406 | ---- | C] () -- C:\minecraft.jar
[2011/09/14 05:05:02 | 000,709,968 | ---- | C] () -- C:\Windows\is-EU06I.exe
[2011/09/14 05:05:02 | 000,010,498 | ---- | C] () -- C:\Windows\is-EU06I.msg
[2011/09/14 05:05:02 | 000,000,393 | ---- | C] () -- C:\Windows\is-EU06I.lst
[2011/09/10 02:07:51 | 000,020,572 | ---- | C] () -- C:\Users\Sam Byard\Documents\EVEMon_Settings_3002.xml.bak
[2011/09/08 21:16:56 | 000,000,432 | ---- | C] () -- C:\Users\Sam Byard\Desktop\Resume Download of League of Legends.url
[2011/09/07 20:04:43 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/07 04:00:36 | 000,001,708 | ---- | C] () -- C:\Users\Public\Desktop\Overwolf.lnk
[2011/09/06 17:40:59 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/09/06 17:40:59 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2011/08/19 14:03:55 | 000,002,054 | ---- | C] () -- C:\Users\Sam Byard\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2011/08/19 14:03:55 | 000,002,030 | ---- | C] () -- C:\Users\Sam Byard\Desktop\SAM Broadcaster.lnk
[2011/08/19 04:08:34 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/08/19 04:07:40 | 021,073,936 | ---- | C] () -- C:\vlc-1.1.11-win32.exe
[2011/08/18 23:15:14 | 000,001,951 | ---- | C] () -- C:\Users\Sam Byard\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
[2011/08/18 23:15:13 | 000,001,927 | ---- | C] () -- C:\Users\Sam Byard\Desktop\Heroes of Newerth.lnk
[2011/08/18 22:58:38 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/16 01:17:16 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2011/08/05 13:51:40 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/09 15:14:38 | 000,282,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/09 15:14:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/19 20:13:48 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/18 04:41:19 | 000,000,600 | ---- | C] () -- C:\Users\Sam Byard\AppData\Roaming\winscp.rnd
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/27 17:18:18 | 000,129,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/02/26 16:38:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/18 05:04:47 | 000,850,888 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/28 12:42:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/09 20:52:30 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2011/01/09 20:52:30 | 000,000,259 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011/01/09 20:52:23 | 000,008,288 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011/01/09 20:52:23 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2011/01/09 20:52:23 | 000,001,320 | ---- | C] () -- C:\Windows\cm108.ini
[2010/06/25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll

< End of report >

OTL Extras logfile created on: 14/09/2011 20:28:37 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Sam Byard\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 24.95% Memory free
11.75 Gb Paging File | 7.65 Gb Available in Paging File | 65.10% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.03 Gb Total Space | 28.70 Gb Free Space | 10.14% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 3.39 Gb Free Space | 22.62% Space Free | Partition Type: NTFS
Drive H: | 955.72 Mb Total Space | 625.03 Mb Free Space | 65.40% Space Free | Partition Type: FAT

Computer Name: SAMSBASE | User Name: Sam Byard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3712959989-1330060028-480819939-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}" = Smart Technology Programming Software 7.0.2.7
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C0D93E4E-0866-43C8-A104-BF41A803EA84}" = ESET Smart Security
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"C-Media CM108 Like Sound Driver" = SteelSeries USB Soundcard v1.20
"FBDBServer_2_5_x64_is1" = Firebird 2.5.0.26074 (x64)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{27107EAA-34E0-43BF-B537-7F8EF6880F5A}" = Facebook Video Calling 1.0.0.8177
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}" = PCMark 7
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1" = EVGA OC Scanner 1.7.0
"{CDACF7D5-F9FE-4315-BA3E-E1DA75CA4C7A}" = XSplit
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1A16A14-DB9D-4597-95D7-9898670046E7}" = Overwolf
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFC96E5-4409-426E-88B7-650ADB342E78}" = MSI to redistribute MS VS2005 CRT libraries
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A2BAF Data cache removal" = ARMA 2: British Armed Forces - Data cache removal
"A2PMC Data cache removal" = ARMA 2: Private Military Company - Data cache removal
"ACE LoL Client" = League of Legends - ACE Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alien vs. Triangles" = NVIDIA Alien vs. Triangles demo
"AnalogX NetStat Live" = AnalogX NetStat Live
"APB Reloaded" = APB Reloaded
"Apollo_is1" = Apollo 37zz
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Bejeweled 31.0" = Bejeweled 3
"BOSS" = BOSS
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Endless City" = NVIDIA Endless City demo
"EVEMon" = EVEMon
"foobar2000" = foobar2000 v1.1.5
"Fraps" = Fraps (remove only)
"Frozen Synapse_is1" = Frozen Synapse
"Game Booster_is1" = Game Booster 3
"GamersFirst LIVE!" = GamersFirst LIVE!
"GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}" = Age of Empires Online
"GoldWave v5.58" = GoldWave v5.58
"Harvest Massive Encounter_is1" = Harvest Massive Encounter
"hon" = Heroes of Newerth
"Impulse" = Impulse
"Inkscape" = Inkscape 0.48.0
"jahPlayer" = jahPlayer
"League of Legends_is1" = League of Legends
"Little SineGen" = Little SineGen 1.00
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"mIRC" = mIRC
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Firefox 7.0 (x86 en-GB)" = Mozilla Firefox 7.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Nmap" = Nmap 5.51
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"OpenLibraries" = OpenLibraries
"Origin" = Origin
"PlayerScore" = PlayerScore
"Precision" = EVGA Precision 2.0.2
"Privoxy" = Privoxy (remove only)
"PunkBusterSvc" = PunkBuster Services
"SAM3" = SAM Broadcaster v4
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
"Steam App 105600" = Terraria
"Steam App 109200" = Legend of Fae
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 22350" = Brink
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 26500" = Cogs
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 29180" = Osmos
"Steam App 33460" = From Dust
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 40700" = Machinarium
"Steam App 40800" = Super Meat Boy
"Steam App 41100" = Hammerfight
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"Steam App 65700" = ARMA 2: British Armed Forces
"Steam App 65720" = ARMA 2: Private Military Company
"Steam App 6600" = Bullet Candy
"Steam App 70100" = Hacker Evolution
"Steam App 70110" = Hacker Evolution - Untold
"Steam App 70120" = Hacker Evolution Duality
"Steam App 70300" = VVVVVV
"Steam App 91310" = Dead Island
"Steam App 9180" = Commander Keen Complete Pack
"Steam App 93200" = Revenge of the Titans
"Steam App 96200" = Steel Storm: Burning Retribution
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99900" = Spiral Knights
"Steam App 99910" = Puzzle Pirates
"Synergy" = Synergy
"Trillian" = Trillian
"Two Worlds II Castle Defense Lite" = Two Worlds II Castle Defense Lite
"Unlocker" = Unlocker 1.9.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"WebcamMax" = WebcamMax
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3712959989-1330060028-480819939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"7fe6cd463fd935ad" = RecursiveWorld
"Bitcoin" = Bitcoin
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Puzzle Pirates" = Puzzle Pirates
"SOE-EverQuest" = EverQuest
"World of Logs Client" = World of Logs Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/09/2011 02:36:49 | Computer Name = Samsbase | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 10/09/2011 05:10:28 | Computer Name = Samsbase | Source = PostgreSQL | ID = 0
Description =

Error - 10/09/2011 23:08:07 | Computer Name = Samsbase | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 11/09/2011 13:29:21 | Computer Name = Samsbase | Source = Application Error | ID = 1000
Description = Faulting application name: CivilizationV_DX11.exe, version: 1.0.1.383,
time stamp: 0x4e41c172 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e211319 Exception code: 0x0000087a Fault offset: 0x0000b9bc Faulting
process id: 0xbb0 Faulting application start time: 0x01cc708e3049fb1d Faulting application
path: c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\CivilizationV_DX11.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 95500eec-dc9b-11e0-92db-001d092885b8

Error - 11/09/2011 22:35:14 | Computer Name = Samsbase | Source = PostgreSQL | ID = 0
Description =

Error - 12/09/2011 01:05:49 | Computer Name = Samsbase | Source = PostgreSQL | ID = 0
Description =

Error - 12/09/2011 20:59:33 | Computer Name = Samsbase | Source = Application Error | ID = 1000
Description = Faulting application name: Oblivion.exe, version: 1.2.0.416, time
stamp: 0x462392c7 Faulting module name: Oblivion.exe, version: 1.2.0.416, time stamp:
0x462392c7 Exception code: 0xc0000005 Fault offset: 0x000c9f97 Faulting process id:
0xc6c Faulting application start time: 0x01cc71a2cc884c40 Faulting application path:
c:\program files (x86)\steam\steamapps\common\oblivion\Oblivion.exe Faulting module
path: c:\program files (x86)\steam\steamapps\common\oblivion\Oblivion.exe Report
Id: a3d43c25-dda3-11e0-ae43-001d092885b8

Error - 12/09/2011 21:18:04 | Computer Name = Samsbase | Source = Application Error | ID = 1000
Description = Faulting application name: Oblivion.exe, version: 1.2.0.416, time
stamp: 0x462392c7 Faulting module name: Oblivion.exe, version: 1.2.0.416, time stamp:
0x462392c7 Exception code: 0xc0000005 Fault offset: 0x000c1ed7 Faulting process id:
0xff0 Faulting application start time: 0x01cc71b0c94d2df1 Faulting application path:
c:\program files (x86)\steam\steamapps\common\oblivion\Oblivion.exe Faulting module
path: c:\program files (x86)\steam\steamapps\common\oblivion\Oblivion.exe Report
Id: 3aa78e05-dda6-11e0-ae43-001d092885b8

Error - 13/09/2011 13:15:32 | Computer Name = Samsbase | Source = PostgreSQL | ID = 0
Description =

Error - 13/09/2011 14:32:59 | Computer Name = Samsbase | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

[ NetLimiter 3 Events ]
Error - 09/09/2011 20:15:34 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 09/09/2011 20:56:48 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 10/09/2011 05:10:29 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 10/09/2011 18:43:27 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 11/09/2011 22:35:38 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 11/09/2011 23:37:32 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 11/09/2011 23:42:30 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 12/09/2011 00:42:38 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 12/09/2011 01:05:52 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 13/09/2011 13:15:33 | Computer Name = Samsbase | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

[ System Events ]
Error - 12/09/2011 01:05:32 | Computer Name = Samsbase | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/09/2011 01:05:41 | Computer Name = Samsbase | Source = EventLog | ID = 6008
Description = The previous system shutdown at 06:03:29 on ?12/?09/?2011 was unexpected.

Error - 12/09/2011 01:05:37 | Computer Name = Samsbase | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/09/2011 01:05:55 | Computer Name = Samsbase | Source = Service Control Manager | ID = 7024
Description = The Synergy Server service terminated with service-specific error
%%4.

Error - 12/09/2011 01:07:10 | Computer Name = Samsbase | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%1058

Error - 13/09/2011 13:15:16 | Computer Name = Samsbase | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 13/09/2011 13:15:21 | Computer Name = Samsbase | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 13/09/2011 13:15:36 | Computer Name = Samsbase | Source = Service Control Manager | ID = 7024
Description = The Synergy Server service terminated with service-specific error
%%4.

Error - 13/09/2011 13:16:38 | Computer Name = Samsbase | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%1058

Error - 13/09/2011 20:31:28 | Computer Name = Samsbase | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
samsbase
Active Member
 
Posts: 4
Joined: September 8th, 2011, 4:52 am

Re: infection somewhere but not sure where !

Unread postby deltalima » September 14th, 2011, 3:54 pm

Hi samsbase,

Download and Run ComboFix

Download Combofix by sUBs from one of these links and save it to your Desktop.
Link 1 | Link 2

**Ensure you have disabled ALL anti-virus, anti-malware and firewall programs so they do not interfere with ComboFix.**
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.

  • Double-click ComboFix.exe to start Combofix (If you get a User Account Control warning, click Allow)
  • If you get a message from ComboFix that a rootkit is detected and it needs to reboot the computer, allow it to do so.
  • Wait for scan to complete. It can take tens of minutes.
  • Do not run any programs or do anything to interfere with ConboFix as it is running.
  • Once finished, a log should open. If not, the log can be located at C:\ComboFix.txt

Please include the ComboFix log (C:\ComboFix.txt) in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: infection somewhere but not sure where !

Unread postby deltalima » September 17th, 2011, 3:53 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware