Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus in windows/system32/services.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus in windows/system32/services.exe

Unread postby knowlze » September 8th, 2012, 9:16 pm

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_33
Run by Domsfriend at 13:09:32 on 2012-09-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.4094.1793 [GMT 12:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Folding@HomeCPU\1\Fah.exe
C:\Folding@HomeCPU\2\Fah.exe
C:\Folding@HomeCPU\3\Fah.exe
C:\Folding@HomeCPU\1\FahCore_a4.exe
C:\Folding@HomeCPU\4\Fah.exe
C:\Folding@HomeCPU\2\FahCore_a4.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Folding@HomeCPU\3\FahCore_a4.exe
C:\Folding@HomeCPU\4\FahCore_a4.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\tgbstarter.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Domsfriend\AppData\Local\Akamai\netsession_win.exe
C:\Users\Domsfriend\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Opera\opera.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112555 ... 7f74f75f77
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.2\iobitToolbarIE.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
mWinlogon: Userinit=userinit.exe
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.2\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:\Program Files (x86)\IObit Toolbar\IE\6.2\iobitToolbarIE.dll
EB: ShopperReports: {bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37\ShoppingReport.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Domsfriend\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Domsfriend\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
uRun: [Facebook Update] "C:\Users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [D3DOverrider] "C:\Users\Domsfriend\AppData\Local\Temp\Rar$EX99.632\D3DOverrider\D3DOverriderWrapper.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/stati ... 0.66.2.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87FE5EC8-E1BB-4BBE-AE1A-A6661AE14C0F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B49F06C4-4DA9-40B2-BD37-361797E674FF} : DhcpNameServer = 178.32.51.4 76.73.18.50
TCP: Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759} : NameServer = 208.67.222.222
TCP: Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}\2545141303235375D2839313336373 : NameServer = 208.67.222.222
TCP: Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}\2545141303235375D2839313336373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E9A12D39-CC55-4AE8-8E37-5D3E00A2D5F8} : DhcpNameServer = 178.32.51.4 76.73.18.50
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\SysWow64\DreamScene.dll
BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.2\iobitToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: SearchCore for Browsers: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\6.2\iobitToolbarIE.dll
EB-X64: {BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Default)]
mRun-x64: [D3DOverrider] "C:\Users\Domsfriend\AppData\Local\Temp\Rar$EX99.632\D3DOverrider\D3DOverriderWrapper.exe" /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
IE-X64: {A0EF4604-467A-424C-B942-E17D28BD78D9} - C:\Microgaming\Casino\YukonGold\casinogame.exe
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\SysWow64\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&app ... 06&sr=0&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Domsfriend\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 ndistgb;TheGreenBow NDIS filter driver;C:\Windows\system32\DRIVERS\ndistgb.sys --> C:\Windows\system32\DRIVERS\ndistgb.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 Folding@home-CPU-[1];Folding@home-CPU-[1];C:\Folding@HomeCPU\1\Fah.exe -svcstart -d "C:\Folding@HomeCPU\1" --> C:\Folding@HomeCPU\1\Fah.exe -svcstart -d C:\Folding@HomeCPU\1 [?]
R2 Folding@home-CPU-[2];Folding@home-CPU-[2];C:\Folding@HomeCPU\2\Fah.exe -svcstart -d "C:\Folding@HomeCPU\2" --> C:\Folding@HomeCPU\2\Fah.exe -svcstart -d C:\Folding@HomeCPU\2 [?]
R2 Folding@home-CPU-[3];Folding@home-CPU-[3];C:\Folding@HomeCPU\3\Fah.exe -svcstart -d "C:\Folding@HomeCPU\3" --> C:\Folding@HomeCPU\3\Fah.exe -svcstart -d C:\Folding@HomeCPU\3 [?]
R2 Folding@home-CPU-[4];Folding@home-CPU-[4];C:\Folding@HomeCPU\4\Fah.exe -svcstart -d "C:\Folding@HomeCPU\4" --> C:\Folding@HomeCPU\4\Fah.exe -svcstart -d C:\Folding@HomeCPU\4 [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-9-8 821592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-25 1262400]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-31 2358656]
R2 TgbIke Starter;TgbIke Starter;C:\Windows\System32\tgbstarter.exe --> C:\Windows\System32\tgbstarter.exe [?]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-10-5 745832]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-9-8 21384]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-9-8 33224]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 250056]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-9-8 21904]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-7-18 14544]
.
=============== Created Last 30 ================
.
2012-09-08 08:13:04 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-08 04:25:33 -------- d-----r- C:\Program Files (x86)\Skype
2012-09-08 03:22:11 -------- d-----w- C:\FRST
2012-09-07 10:23:16 -------- d-----w- C:\Users\Domsfriend\AppData\Local\Facebook
2012-09-01 06:34:44 2388992 ----a-w- C:\Windows\explorer_edit_w7sbc.exe
2012-09-01 06:34:44 2388992 ----a-w- C:\Windows\explorer_backup_w7sbc.exe
2012-09-01 06:34:44 -------- d-----w- C:\Windows\W7SBC
2012-09-01 06:28:27 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.backup
2012-09-01 06:28:26 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.backup
2012-09-01 06:28:26 1842688 ----a-w- C:\Windows\System32\ExplorerFrame_backup_wti.dll
2012-09-01 06:28:26 15181312 ----a-w- C:\Windows\System32\shell32_backup_wti.dll
2012-09-01 06:28:25 898560 ----a-w- C:\Windows\System32\OobeFldr_backup_wti.dll
2012-09-01 06:28:25 3208192 ----a-w- C:\Windows\explorer_backup_wti.exe
2012-09-01 06:28:23 151608 ----a-w- C:\Windows\UTP.exe
2012-09-01 06:16:53 -------- d-----w- C:\Program Files\Theme Resource Changer
2012-08-31 10:06:09 -------- d-----w- C:\Program Files (x86)\HUD RED
2012-08-31 09:47:53 -------- d-----w- C:\Users\Domsfriend\AppData\Local\Korbin_Bickel
2012-08-31 09:47:08 -------- d-----w- C:\Program Files (x86)\Theme Manager
2012-08-31 09:40:23 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2012-08-31 09:40:21 2851328 ----a-w- C:\Windows\System32\themeui.dll.backup
2012-08-31 09:40:18 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2012-08-31 00:32:21 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-08-27 06:55:20 -------- d-----w- C:\Users\Domsfriend\AppData\Local\NBGI
2012-08-25 22:56:53 -------- d-----w- C:\Program Files (x86)\PrivitizeVPN
2012-08-25 22:56:52 -------- d-----w- C:\Users\Domsfriend\AppData\Local\Babylon
2012-08-25 02:35:17 0 ----a-w- C:\STFBC96.tmp
2012-08-22 10:22:09 -------- d-----w- C:\Ubisoft
2012-08-22 10:20:10 -------- d-----w- C:\Users\Domsfriend\AppData\Local\Apps
2012-08-22 10:20:09 -------- d-----w- C:\Users\Domsfriend\AppData\Local\Deployment
2012-08-20 04:31:42 0 ----a-w- C:\STF6CF8.tmp
2012-08-20 04:24:41 0 ----a-w- C:\STF224.tmp
2012-08-14 23:08:08 -------- d-----w- C:\Users\Domsfriend\AppData\Local\Dxtory Software
2012-08-14 23:08:03 3673600 ----a-w- C:\Windows\System32\DxtoryCodec64.dll
2012-08-14 23:08:02 3166720 ----a-w- C:\Windows\SysWow64\DxtoryCodec.dll
2012-08-14 23:07:59 -------- d-----w- C:\Program Files (x86)\Dxtory Software
2012-08-13 04:55:32 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-13 01:35:32 5115584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-08-12 04:29:52 -------- d-----w- C:\Program Files\pb
2012-08-12 04:28:16 -------- d-----w- C:\Program Files\mods
2012-08-12 04:24:18 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-08-12 04:24:18 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-08-12 04:24:18 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-08-12 04:24:17 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-08-12 04:24:17 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-08-12 04:24:17 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-08-12 04:24:16 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-08-11 06:27:22 -------- d-----w- C:\Program Files\GameData
2012-08-11 05:39:22 -------- d-----w- C:\Program Files (x86)\The Creative Assembly
.
==================== Find3M ====================
.
2012-09-07 23:55:37 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-09-07 23:55:37 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-09-01 06:28:27 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll
2012-09-01 06:28:26 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-08-31 09:40:23 44544 ----a-w- C:\Windows\System32\themeservice.dll
2012-08-31 09:40:21 2851328 ----a-w- C:\Windows\System32\themeui.dll
2012-08-31 09:40:19 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2012-08-28 09:37:11 281120 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-15 11:02:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 11:02:59 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 04:38:03 2048 ----a-w- C:\Windows\SysWow64\winver.exe
2012-07-18 04:38:02 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2012-07-18 04:37:59 410624 ----a-w- C:\Windows\SysWow64\systemcpl.dll
2012-07-18 04:37:56 1536 ----a-w- C:\Windows\SysWow64\sppcomapi.dll
2012-07-18 04:37:54 113543 ----a-w- C:\Windows\SysWow64\slmgr.vbs
2012-07-18 04:37:54 113543 ----a-w- C:\Windows\System32\slmgr.vbs
2012-06-28 08:23:50 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-28 08:23:46 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-29 08:31:50 3993600 ----a-w- C:\Program Files (x86)\GUT7D7E.tmp
2012-04-04 08:24:43 11986 ----a-w- C:\Program Files (x86)\layout.bin
2012-04-04 08:21:44 587200 ----a-w- C:\Program Files (x86)\ISSetup.dll
2012-04-03 05:58:08 3146312 ----a-w- C:\Program Files (x86)\pbsvc_blr.exe
2012-02-22 11:12:54 8525240 ----a-w- C:\Program Files (x86)\Blacklight Retribution.exe
2012-02-20 06:59:36 125892 ----a-w- C:\Program Files (x86)\config.bin
2011-09-21 03:42:24 4216840 ----a-w- C:\Program Files (x86)\vcredist_x86.exe
2011-09-21 03:30:36 34013024 ----a-w- C:\Program Files (x86)\PhysX_9.10.0513_SystemSoftware.exe
2011-08-24 06:00:40 100271992 ----a-w- C:\Program Files (x86)\directx_Jun2010_redist.exe
2011-03-29 23:40:34 517976 ----a-w- C:\Program Files (x86)\DXSETUP.exe
2011-03-29 23:40:32 95576 ----a-w- C:\Program Files (x86)\DSETUP.dll
2011-03-29 23:40:32 1566040 ----a-w- C:\Program Files (x86)\dsetup32.dll
.
============= FINISH: 13:11:30.36 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/02/2011 7:02:42 p.m.
System Uptime: 9/09/2012 11:29:43 a.m. (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78LT-M-LE
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 333.953 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 699 GiB total, 295.442 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_83FE1043&REV_C0\4&1441FE03&0&0030
Manufacturer: Atheros
Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_83FE1043&REV_C0\4&1441FE03&0&0030
Service: L1C
.
==== System Restore Points ===================
.
RP314: 5/09/2012 4:45:05 p.m. - Restore Operation
RP316: 5/09/2012 5:35:34 p.m. - Removed Assassin's Creed Brotherhood
RP317: 5/09/2012 5:39:14 p.m. - Removed Prototype(TM)
RP318: 5/09/2012 5:52:34 p.m. - Removed Far Cry 2
RP319: 6/09/2012 6:15:11 p.m. - Restore Operation
RP320: 7/09/2012 8:33:58 p.m. - Removed L.A. Noire
RP321: 7/09/2012 8:35:26 p.m. - Removed Grand Theft Auto IV
RP322: 7/09/2012 8:46:52 p.m. - Removed Fallout 3
RP323: 7/09/2012 9:00:33 p.m. - Removed Crysis® 2
RP324: 7/09/2012 9:14:40 p.m. - Removed Rome - Total War - Gold Edition
RP325: 8/09/2012 11:32:19 a.m. - IObit Uninstaller restore point
RP326: 8/09/2012 11:33:27 a.m. - Removed Star Wars Battlefront II
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
ɱ³öÖØΧ3ÈËÀà¸ïÃü
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Reader 9.5.2
Adobe Story
Adobe Widget Browser
Akamai NetSession Interface
Akamai NetSession Interface Service
Aliens vs. Predator
Amazon Kindle
Any to Icon
APB Reloaded
Apple Application Support
Apple Software Update
ArcaniA - Gothic 4 Patch
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
µTorrent
Audiosurf
avast! Free Antivirus
AVIConverter 2.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Babylon toolbar on IE
BabylonObjectInstaller
Battlefield 3™
Battlefield Play4Free
Battlelog Web Plugins
Blacklight Retribution
Chief Architect Premier X3
Combat Arms
DAEMON Tools Lite
DAEMON Tools Toolbar
Dark Souls
Dawn of War - Soulstorm
DeskScapes
Desktop Icon Position Saver (64-bit)
DivX Setup
DOOM II: Hell on Earth
Dxtory version 2.0.118
Endless Space
EPU-4 Engine
ESN Sonar
Facebook Video Calling 1.2.0.159
Fallout Mod Manager 0.13.21
FFOLKES 2142 Unlocks mod v1.01
FLV Downloader
Game Booster 3
Ghost Recon Future Soldier
Google Chrome
Heavy Weapon Deluxe
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
iLivid
IObit Malware Fighter
IObit Toolbar v6.2
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 33
JDownloader
Jewel Quest
LogMeIn Hamachi
Lost Planet 2
Magic ISO Maker v5.5 (build 0281)
Majesty 2: The Fantasy Kingdom Sim
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Minecraft Beta Cracked
MinecraftCrack
Mount&Blade
Mount&Blade Warband
Mozilla Firefox 7.0.1 (x86 en-US)
NBA 2K12
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
OpenAL
Opera 12.02
OPERATION7
Orcs Must Die
Orcs Must Die!
Origin
PassGen
Platform
PowerISO
PrivitizeVPN
PunkBuster Services
PxMergeModule
QuickTime
RAR Password Recovery v1.1 RC16 (remove only)
Rockstar Games Social Club
Savage 2 - A Tortured Soul
SearchCore for Browsers
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SHIFT 2 UNLEASHED™
ShopperReports
Skype Click to Call
Skype™ 5.10
Sleeping Dogs version 1.4
Smart Defrag 2
Star Wars: The Old Republic
Steam
Super Monday Night Combat
System Requirements Lab
TeamViewer 6
TES Construction Set
The Witcher 2
TheGreenBow IPSec VPN Client
Theme Manager
Torus
Tune Sweeper
Tunngle beta
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
VIA Platform Device Manager
ViewSonic Monitor Drivers
Vikingr 0.84
VLC media player 1.1.11
Windows iLivid Toolbar
WinRAR 4.00 (32-bit)
WolfTeam
WPF Toolkit February 2010 (Version 3.5.50211.1)
Xfire (remove only)
YourFileDownloader
YouTube Downloader 3.5
YTD Toolbar v6.2
Yukon Gold
.
==== Event Viewer Messages From Past Week ========
.
9/09/2012 12:36:43 p.m., Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {88F5E7B2-09B9-471E-895A-25247585905C} and APPID Unavailable to the user LINCOLN-PC\UpdatusUser SID (S-1-5-21-3630749389-2258371352-599158283-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/09/2012 11:50:17 a.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
9/09/2012 11:42:25 a.m., Error: Service Control Manager [7000] - The UrlFilter service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
9/09/2012 11:41:58 a.m., Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
9/09/2012 11:41:58 a.m., Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
9/09/2012 11:30:17 a.m., Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
9/09/2012 11:30:16 a.m., Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/09/2012 6:18:53 a.m., Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
8/09/2012 3:27:21 p.m., Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/09/2012 12:56:53 a.m., Error: Ntfs [137] - The default transaction resource manager on volume J: encountered a non-retryable error and could not start. The data contains the error code.
7/09/2012 4:14:33 p.m., Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: HyperTransport Watchdog Timeout Error Processor ID: 0 The details view of this entry contains further information.
7/09/2012 4:11:14 p.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/09/2012 4:11:13 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/09/2012 4:11:13 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/09/2012 4:11:12 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/09/2012 4:11:12 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/09/2012 4:11:11 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/09/2012 4:11:04 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO aswRdr aswSnx aswSP aswTdi CSC DfsC discache ndistgb NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The TunngleService service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/09/2012 4:10:49 p.m., Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/09/2012 4:10:49 p.m., Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa80053f64f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\090712-26130-01.dmp. Report Id: 090712-26130-01.
6/09/2012 6:04:11 p.m., Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service has not been started.
2/09/2012 8:56:17 p.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm
Advertisement
Register to Remove

Re: Virus in windows/system32/services.exe

Unread postby Gary R » September 9th, 2012, 1:55 am

Your logs show signs of a Remote Access Infection on your computer.

LSP: mswsock.dll


These indicate you are infected with ....



There's a whole lot of other stuff as well, but this is the "big" one.

Please take time to carefully read THIS topic, then let me know how you want to proceed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 9th, 2012, 2:53 am

I'd like to try and remove it first. Without having to repave my computer.
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Virus in windows/system32/services.exe

Unread postby Gary R » September 9th, 2012, 10:40 am

OK, no problem, just so long as you understand that when we've finished cleaning your machine that we will very probably not have removed every change that has been made to your computer even if it seems that we have.

Now let's get started removing what we know is there.

This is going to take a number of stages since not only do you have a Zero Access (firefef) infection, but a "searchqu" infection as well.

  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Next
    • Type services.exe;explorer.exe into the Search: box in FRST
    • Click the Search Files button.
    • FRST will scan your machine once more, this time looking for files.
    • When finished scanning it will make a log Search.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log and the Search.txt log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 10th, 2012, 12:45 am

Farbar Recovery Scan Tool (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-10 16:32:06
Running from F:\

================== Search: "services.exe;explorer.exe" ===================

C:\Windows\explorer.exe
[2011-04-25 14:13] - [2009-12-30 21:18] - 3208192 ____A (Microsoft Corporation) FB1A146CAF496742EDB4BC14808440CF

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-07-07 21:16] - [2010-11-20 04:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011-04-25 14:13] - [2009-10-30 22:00] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011-04-25 14:14] - [2009-08-02 21:49] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-04-25 14:13] - [2009-10-30 21:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2011-04-25 14:14] - [2009-08-02 21:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009-07-13 15:41] - [2009-07-13 17:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011-07-07 21:16] - [2010-11-20 05:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011-04-25 14:13] - [2009-10-30 22:38] - 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-04-25 14:14] - [2009-08-02 22:19] - 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011-04-25 14:13] - [2009-10-30 22:34] - 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011-04-25 14:14] - [2009-08-02 22:17] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-07-13 15:56] - [2009-07-13 17:39] - 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64

C:\Windows\SysWOW64\explorer.exe
[2011-04-25 14:13] - [2009-10-30 21:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\Resources\Themes\Theme Manager\U-7imate (Recommended)\explorer.exe
[2012-08-31 22:31] - [2011-12-25 03:04] - 2388992 ____A (Microsoft Corporation) 0BB584975A87C0A475BF6F857C7C0D8B

C:\Windows\Resources\Themes\Theme Manager\Default\explorer.exe
[2011-02-26 16:49] - [2010-11-20 19:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\Resources\Themes\Theme Manager\Dark Agility\explorer.exe
[2012-08-31 01:49] - [2009-12-30 21:18] - 3208192 ____A (Microsoft Corporation) FB1A146CAF496742EDB4BC14808440CF

C:\Users\Domsfriend\Desktop\Stuff\Desk Top Themes\U-7imate RC2\DLLs\x86\explorer.exe
[2012-08-31 22:28] - [2011-12-25 21:17] - 2133504 ____A (Microsoft Corporation) 4DC3E7334F54D309A15856006A018FA4

C:\Users\Domsfriend\Desktop\Stuff\Desk Top Themes\U-7imate RC2\DLLs\x64\explorer.exe
[2012-08-31 22:28] - [2011-12-25 03:04] - 2388992 ____A (Microsoft Corporation) 0BB584975A87C0A475BF6F857C7C0D8B

C:\Users\Domsfriend\Desktop\Stuff\Desk Top Themes\System files\explorer.exe
[2012-08-31 21:59] - [2009-08-02 10:35] - 2130432 ____A (Microsoft Corporation) 9B7A2AA59650AC65275AC7C79CA11C04

C:\Users\Domsfriend\Desktop\Stuff\Desk Top Themes\Dark Agility\System Files\x86 (32-bit)\explorer.exe
[2012-08-31 01:47] - [2009-12-30 21:19] - 2953216 ____A (Microsoft Corporation) 1660D81B41720EBA00C20186ADDAA7F5

C:\Users\Domsfriend\Desktop\Stuff\Desk Top Themes\Dark Agility\System Files\x64 (64-bit)\explorer.exe
[2012-08-31 01:47] - [2009-12-30 21:18] - 3208192 ____A (Microsoft Corporation) FB1A146CAF496742EDB4BC14808440CF

C:\Users\Domsfriend\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011-05-22 17:13] - [2011-01-15 20:55] - 0255488 ____A () 3C33B26F2F7FA61D882515F2D6078691

C:\Users\Domsfriend\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2011-05-22 17:13] - [2005-08-15 06:54] - 0001536 ____A () ABC6379205DE2618851C4FCBF72112EB

====== End Of Search ======
Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012
Ran by SYSTEM at 10-09-2012 16:39:55
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [x]
HKLM\...\Run: [TgbVpn] "C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe" [1739320 2011-10-02] (TheGreenBow)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2770432 2010-02-09] (VIA)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1095560 2012-07-25] (Spigot, Inc.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE [1700752 2011-09-27] (Bandoo Media, inc)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [D3DOverrider] "C:\Users\Domsfriend\AppData\Local\Temp\Rar$EX99.632\D3DOverrider\D3DOverriderWrapper.exe" /s [x]
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun [196784 2012-08-24] (OOO Industry)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [4473728 2012-07-01] (IObit)
HKU\Domsfriend\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Domsfriend\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Domsfriend\...\Run: [Akamai NetSession Interface] "C:\Users\Domsfriend\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-09] (Akamai Technologies, Inc.)
HKU\Domsfriend\...\Run: [Google Update] "C:\Users\Domsfriend\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-29] (Google Inc.)
HKU\Domsfriend\...\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-16] (Dxtory Software)
HKU\Domsfriend\...\Run: [Facebook Update] "C:\Users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-07] (Facebook Inc.)
HKU\Domsfriend\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-12] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
Tcpip\..\Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}: [NameServer]208.67.222.222
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Services ====================

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2011-08-25] ()
2 Folding@home-CPU-[1]; C:\Folding@HomeCPU\1\Fah.exe -svcstart -d "C:\Folding@HomeCPU\1" [422400 2011-11-04] ()
2 Folding@home-CPU-[2]; C:\Folding@HomeCPU\2\Fah.exe -svcstart -d "C:\Folding@HomeCPU\2" [422400 2011-11-04] ()
2 Folding@home-CPU-[3]; C:\Folding@HomeCPU\3\Fah.exe -svcstart -d "C:\Folding@HomeCPU\3" [422400 2011-11-04] ()
2 Folding@home-CPU-[4]; C:\Folding@HomeCPU\4\Fah.exe -svcstart -d "C:\Folding@HomeCPU\4" [422400 2011-11-04] ()
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-28] (LogMeIn Inc.)
2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-05-15] ()
2 TgbIke Starter; C:\Windows\System32\tgbstarter.exe [162872 2009-11-20] (TheGreenBow)
2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745832 2011-10-13] (Tunngle.net GmbH)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2011-04-26] ()

==================== Drivers =================================

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-04-09] (DT Soft Ltd)
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-04] (IObit)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-17] (LogMeIn, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
1 ndistgb; C:\Windows\System32\Drivers\ndistgb.sys [28728 2011-07-22] (TheGreenBow)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33224 2012-07-04] (IObit.com)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-25] ()
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
1 TgbIpSec; C:\Windows\System32\Drivers\dfiltervpn.sys [132664 2009-11-20] (TheGreenBow)
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21904 2012-07-04] (IObit.com)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-08 17:11 - 2012-09-08 17:11 - 00030586 ____A C:\Users\Domsfriend\Desktop\DDS.txt
2012-09-08 17:11 - 2012-09-08 17:11 - 00016487 ____A C:\Users\Domsfriend\Desktop\Attach.txt
2012-09-08 00:13 - 2012-09-08 00:13 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-07 20:25 - 2012-09-09 20:22 - 00000000 ____D C:\Users\Domsfriend\AppData\Roaming\Skype
2012-09-07 20:25 - 2012-09-07 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-09-07 20:25 - 2012-09-07 20:29 - 00000000 ____D C:\Users\All Users\Skype
2012-09-07 19:22 - 2012-09-07 19:23 - 00000000 ____D C:\FRST
2012-09-07 02:23 - 2012-09-09 02:36 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-07 02:23 - 2012-09-09 02:36 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-07 02:23 - 2012-09-07 02:27 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Facebook
2012-09-07 00:50 - 2012-09-07 00:52 - 00009719 ____A C:\Users\Domsfriend\Documents\Uninstall Dragon Age 2.log
2012-09-06 20:10 - 2012-09-06 20:10 - 00262144 ____N C:\Windows\Minidump\090712-26130-01.dmp
2012-08-31 22:34 - 2012-09-06 19:37 - 00000000 ____D C:\Windows\W7SBC
2012-08-31 22:34 - 2011-12-25 03:04 - 02388992 ____A (Microsoft Corporation) C:\Windows\explorer_edit_w7sbc.exe
2012-08-31 22:34 - 2011-12-25 03:04 - 02388992 ____A (Microsoft Corporation) C:\Windows\explorer_backup_w7sbc.exe
2012-08-31 22:28 - 2012-09-04 20:18 - 00151608 ____A C:\Windows\UTP.exe
2012-08-31 22:28 - 2010-11-20 19:24 - 00898560 ____A (Microsoft Corporation) C:\Windows\System32\OobeFldr_backup_wti.dll
2012-08-31 22:28 - 2009-12-30 21:22 - 01842688 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame_backup_wti.dll
2012-08-31 22:28 - 2009-12-30 21:18 - 03208192 ____A (Microsoft Corporation) C:\Windows\explorer_backup_wti.exe
2012-08-31 22:28 - 2009-12-30 20:39 - 15181312 ____A (Microsoft Corporation) C:\Windows\System32\shell32_backup_wti.dll
2012-08-31 22:28 - 2009-07-13 17:16 - 02755072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll.backup
2012-08-31 22:28 - 2009-07-13 17:11 - 00245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll.backup
2012-08-31 22:16 - 2012-09-07 19:26 - 00000000 ____D C:\Program Files\Theme Resource Changer
2012-08-31 02:15 - 2011-10-10 23:10 - 00009106 ____A C:\Program Files (x86)\HUD RED Topshell.theme
2012-08-31 02:15 - 2011-10-10 23:10 - 00009088 ____A C:\Program Files (x86)\HUD RED.theme
2012-08-31 02:15 - 2011-10-10 23:09 - 00009112 ____A C:\Program Files (x86)\HUD RED Topshell Basic.theme
2012-08-31 02:15 - 2011-10-10 23:08 - 00009094 ____A C:\Program Files (x86)\HUD RED Basic.theme
2012-08-31 02:06 - 2012-09-04 21:17 - 00000000 ____D C:\Program Files (x86)\HUD RED
2012-08-31 01:47 - 2012-09-06 19:37 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Korbin_Bickel
2012-08-31 01:47 - 2012-09-04 21:17 - 00000000 ____D C:\Program Files (x86)\Theme Manager
2012-08-31 01:40 - 2009-07-13 17:41 - 02851328 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll.backup
2012-08-31 01:40 - 2009-07-13 17:41 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll.backup
2012-08-31 01:40 - 2009-07-13 17:41 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll.backup
2012-08-30 16:32 - 2012-08-30 16:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-08-26 22:55 - 2012-08-26 22:55 - 00000000 ____D C:\Users\Domsfriend\Documents\NBGI
2012-08-26 22:55 - 2012-08-26 22:55 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\NBGI
2012-08-25 14:56 - 2012-09-04 21:17 - 00000000 ____D C:\Program Files (x86)\PrivitizeVPN
2012-08-25 14:56 - 2012-08-25 14:56 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Babylon
2012-08-24 18:35 - 2012-08-24 18:35 - 00000000 ____A C:\STFBC96.tmp
2012-08-22 02:22 - 2012-08-22 02:22 - 00000000 ____D C:\Ubisoft
2012-08-22 02:20 - 2012-09-02 00:37 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Deployment
2012-08-22 02:20 - 2012-08-22 02:20 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Apps\2.0
2012-08-19 20:31 - 2012-08-19 20:31 - 00000000 ____A C:\STF6CF8.tmp
2012-08-19 20:24 - 2012-08-19 20:24 - 00000000 ____A C:\STF224.tmp
2012-08-16 22:37 - 2012-08-16 22:38 - 00014013 ____A C:\Users\Domsfriend\Documents\Install STAR WARS The Old Republic.log
2012-08-16 22:37 - 2012-08-16 22:37 - 00000000 ____D C:\users\hedev
2012-08-14 15:08 - 2012-08-14 15:08 - 00000000 ____D C:\Users\Domsfriend\AppData\Local\Dxtory Software
2012-08-14 15:08 - 2011-05-23 03:29 - 03673600 ____A (Dxtory Software) C:\Windows\System32\DxtoryCodec64.dll
2012-08-14 15:08 - 2011-05-23 03:23 - 03166720 ____A (Dxtory Software) C:\Windows\SysWOW64\DxtoryCodec.dll
2012-08-14 15:07 - 2012-08-14 15:07 - 00000000 ____D C:\Program Files (x86)\Dxtory Software
2012-08-14 12:57 - 2012-08-14 12:57 - 00000000 ____D C:\Users\Domsfriend\Documents\Activision
2012-08-12 20:55 - 2012-08-21 01:13 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-11 20:29 - 2012-09-07 15:45 - 00000000 ____D C:\Program Files\pb
2012-08-11 20:28 - 2012-08-12 01:13 - 00000000 ____D C:\Program Files\mods

==================== 3 Months Modified Files ================================

2012-09-09 20:21 - 2009-07-13 20:51 - 00866100 ____A C:\Windows\setupact.log
2012-09-09 20:20 - 2011-02-11 23:03 - 00588378 ____A C:\Windows\PFRO.log
2012-09-09 20:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-09 20:11 - 2011-10-06 01:27 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-09-09 20:01 - 2012-04-07 13:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-09 02:45 - 2012-05-29 00:32 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-09 02:36 - 2012-09-07 02:23 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
2012-09-09 02:36 - 2012-09-07 02:23 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-09 00:45 - 2012-05-29 00:32 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
2012-09-08 17:35 - 2011-02-11 22:02 - 02010060 ____A C:\Windows\WindowsUpdate.log
2012-09-08 17:11 - 2012-09-08 17:11 - 00030586 ____A C:\Users\Domsfriend\Desktop\DDS.txt
2012-09-08 17:11 - 2012-09-08 17:11 - 00016487 ____A C:\Users\Domsfriend\Desktop\Attach.txt
2012-09-07 15:55 - 2011-04-22 00:49 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-09-07 15:55 - 2011-02-28 19:36 - 00282696 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-09-07 10:40 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-07 10:40 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-07 00:52 - 2012-09-07 00:50 - 00009719 ____A C:\Users\Domsfriend\Documents\Uninstall Dragon Age 2.log
2012-09-07 00:23 - 2011-02-14 16:30 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-06 20:10 - 2012-09-06 20:10 - 00262144 ____N C:\Windows\Minidump\090712-26130-01.dmp
2012-09-05 11:20 - 2011-10-30 22:17 - 00000254 ____A C:\Users\Domsfriend\Downloads\RemoveWAT21.rar
2012-09-04 20:18 - 2012-08-31 22:28 - 00151608 ____A C:\Windows\UTP.exe
2012-08-31 23:12 - 2011-04-27 18:20 - 00140192 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-08-31 22:37 - 2009-07-13 20:45 - 05062304 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-31 22:34 - 2011-04-26 02:50 - 00140192 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-08-31 22:28 - 2009-07-13 15:39 - 02755072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2012-08-31 22:28 - 2009-07-13 15:39 - 00245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2012-08-31 01:40 - 2009-07-13 15:55 - 00332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-08-31 01:40 - 2009-07-13 15:54 - 02851328 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-08-31 01:40 - 2009-07-13 15:54 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-08-28 20:53 - 2011-03-10 21:51 - 00188416 __ASH C:\Users\Domsfriend\Desktop\Thumbs.db
2012-08-28 01:37 - 2011-02-28 19:36 - 00281120 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-08-24 18:35 - 2012-08-24 18:35 - 00000000 ____A C:\STFBC96.tmp
2012-08-21 01:13 - 2012-08-12 20:55 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:13 - 2011-05-25 19:55 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2011-02-14 16:30 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2011-02-14 16:30 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 01:12 - 2011-02-14 16:29 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2011-02-14 16:29 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-19 20:31 - 2012-08-19 20:31 - 00000000 ____A C:\STF6CF8.tmp
2012-08-19 20:24 - 2012-08-19 20:24 - 00000000 ____A C:\STF224.tmp
2012-08-16 22:38 - 2012-08-16 22:37 - 00014013 ____A C:\Users\Domsfriend\Documents\Install STAR WARS The Old Republic.log
2012-08-15 03:02 - 2012-04-07 13:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 03:02 - 2011-06-23 19:49 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-12 21:59 - 2011-02-28 01:29 - 01510905 ___AH C:\Windows\DirectX.log
2012-08-11 20:37 - 2011-05-30 03:39 - 00002443 ____A C:\Windows\DXError.log
2012-08-10 22:27 - 2012-08-10 22:27 - 00001335 ____A C:\Users\UpdatusUser\Desktop\Play Star Wars Battlefront II.lnk
2012-07-29 20:55 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-17 20:50 - 2012-07-17 20:48 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b05.log
2012-07-17 20:38 - 2012-07-17 20:37 - 00833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2012-07-17 20:38 - 2012-07-17 20:37 - 00002048 ____A C:\Windows\SysWOW64\winver.exe
2012-07-17 20:37 - 2012-07-17 20:37 - 00410624 ____A C:\Windows\SysWOW64\systemcpl.dll
2012-07-17 20:37 - 2012-07-17 20:37 - 00113543 ____A C:\Windows\SysWOW64\slmgr.vbs
2012-07-17 20:37 - 2012-07-17 20:37 - 00113543 ____A C:\Windows\System32\slmgr.vbs
2012-07-17 20:37 - 2012-07-17 20:37 - 00001536 ____A C:\Windows\SysWOW64\sppcomapi.dll
2012-07-15 22:07 - 2012-07-15 22:07 - 00000012 ____A C:\Windows\srun.log
2012-06-28 00:23 - 2012-06-01 15:47 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-28 00:23 - 2011-04-11 23:09 - 00472880 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-28 00:20 - 2012-07-17 20:50 - 00157488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-28 00:20 - 2012-07-17 20:50 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-28 00:20 - 2012-07-17 20:50 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-22 20:55 - 2012-06-22 20:55 - 00001791 ____A C:\lanoire23-06-2012 4-55-57 p.m..log


ZeroAccess:
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\@
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\L
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\L\00000004.@
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\L\201d3dde
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\00000004.@
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\00000008.@
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\000000cb.@
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\80000000.@
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\80000032.@
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U\80000064.@

ZeroAccess:
C:\Users\Domsfriend\AppData\Local\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}
C:\Users\Domsfriend\AppData\Local\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\@
C:\Users\Domsfriend\AppData\Local\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\L
C:\Users\Domsfriend\AppData\Local\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-04-25 14:13] - [2009-12-30 21:18] - 3208192 ____A (Microsoft Corporation) FB1A146CAF496742EDB4BC14808440CF

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2011-10-21 20:41] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2012-07-17 20:37] - [2012-07-17 20:38] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-04 21:54:00
Restore point made on: 2012-09-05 22:16:23
Restore point made on: 2012-09-07 00:34:44
Restore point made on: 2012-09-07 00:36:14
Restore point made on: 2012-09-07 00:47:42
Restore point made on: 2012-09-07 01:01:25
Restore point made on: 2012-09-07 01:15:26
Restore point made on: 2012-09-07 15:32:46
Restore point made on: 2012-09-07 15:34:24
Restore point made on: 2012-09-08 23:00:28

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 4094.18 MB
Available physical RAM: 3285.99 MB
Total Pagefile: 4092.32 MB
Available Pagefile: 3400.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:334.41 GB) NTFS
2 Drive e: (Fired Up) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
3 Drive f: (LINCOLN 2) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7629 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7629 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F LINCOLN 2 FAT32 Removable 7629 MB Healthy

==================================================================================

Last Boot: 2012-09-07 06:34

==================== End Of Log =============================
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Virus in windows/system32/services.exe

Unread postby Gary R » September 10th, 2012, 4:41 am

Round 1 of the removal process ....

First

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
2012-08-24 18:35 - 2012-08-24 18:35 - 00000000 ____A C:\STFBC96.tmp
2012-08-19 20:31 - 2012-08-19 20:31 - 00000000 ____A C:\STF6CF8.tmp
2012-08-19 20:24 - 2012-08-19 20:24 - 00000000 ____A C:\STF224.tmp
2012-08-19 20:31 - 2012-08-19 20:31 - 00000000 ____A C:\STF6CF8.tmp
2012-08-19 20:24 - 2012-08-19 20:24 - 00000000 ____A C:\STF224.tmp
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}
C:\Users\Domsfriend\AppData\Local\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32

    • Save it to your USB flashdrive as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Boot into Recovery Environment

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your USB flashdrive.
  • Exit out of Recovery Environment and post me the log please.

Next

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • Combofix.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

There is still quite a lot to do to rid your computer of infection.




.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 10th, 2012, 4:53 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-10 20:49:44 Run:1
Running from F:\

==============================================

C:\STFBC96.tmp moved successfully.
C:\STF6CF8.tmp moved successfully.
C:\STF224.tmp moved successfully.
C:\STF6CF8.tmp not found.
C:\STF224.tmp not found.
C:\Windows\Installer\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2} moved successfully.
C:\Users\Domsfriend\AppData\Local\{f3e79ee4-756d-1c95-335a-b43c0af7a8d2} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32 should not be moved.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32

==== End of Fixlog ====
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 10th, 2012, 5:43 am

ComboFix 12-09-09.02 - Domsfriend 10/09/2012 20:59:02.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.4094.2308 [GMT 12:00]
Running from: c:\users\Domsfriend\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\directx_Jun2010_redist.exe
c:\program files (x86)\PhysX_9.10.0513_SystemSoftware.exe
c:\program files (x86)\ShopperReports3
c:\program files (x86)\ShopperReports3\bin\3.1.71.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul
c:\program files (x86)\ShopperReports3\bin\3.1.71.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt
c:\program files (x86)\ShopperReports3\bin\3.1.71.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files (x86)\ShoppingReport2
c:\programdata\1234458066d11813e2ec5b59077446b7_c
c:\users\Domsfriend\AppData\Local\setup.exe
c:\users\Domsfriend\AppData\Roaming\ShopperReports3
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-08 08:13 . 2012-09-08 08:13 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-08 04:25 . 2012-09-10 09:17 -------- d-----w- c:\users\Domsfriend\AppData\Roaming\Skype
2012-09-08 04:25 . 2012-09-08 04:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-08 04:25 . 2012-09-08 04:29 -------- d-----r- c:\program files (x86)\Skype
2012-09-08 04:25 . 2012-09-08 04:29 -------- d-----w- c:\programdata\Skype
2012-09-08 03:22 . 2012-09-08 03:23 -------- d-----w- C:\FRST
2012-09-07 10:23 . 2012-09-07 10:27 -------- d-----w- c:\users\Domsfriend\AppData\Local\Facebook
2012-09-01 06:34 . 2012-09-07 03:37 -------- d-----w- c:\windows\W7SBC
2012-09-01 06:34 . 2011-12-25 11:04 2388992 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2012-09-01 06:34 . 2011-12-25 11:04 2388992 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2012-09-01 06:28 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2012-09-01 06:28 . 2009-12-31 05:22 1842688 ----a-w- c:\windows\system32\ExplorerFrame_backup_wti.dll
2012-09-01 06:28 . 2009-12-31 04:39 15181312 ----a-w- c:\windows\system32\shell32_backup_wti.dll
2012-09-01 06:28 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2012-09-01 06:28 . 2010-11-21 03:24 898560 ----a-w- c:\windows\system32\OobeFldr_backup_wti.dll
2012-09-01 06:28 . 2009-12-31 05:18 3208192 ----a-w- c:\windows\explorer_backup_wti.exe
2012-09-01 06:28 . 2012-09-05 04:18 151608 ----a-w- c:\windows\UTP.exe
2012-09-01 06:16 . 2012-09-08 03:26 -------- d-----w- c:\program files\Theme Resource Changer
2012-08-31 10:06 . 2012-09-05 05:17 -------- d-----w- c:\program files (x86)\HUD RED
2012-08-31 09:47 . 2012-09-07 03:37 -------- d-----w- c:\users\Domsfriend\AppData\Local\Korbin_Bickel
2012-08-31 09:47 . 2012-09-05 05:17 -------- d-----w- c:\program files (x86)\Theme Manager
2012-08-31 09:40 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2012-08-31 09:40 . 2009-07-14 01:41 2851328 ----a-w- c:\windows\system32\themeui.dll.backup
2012-08-31 09:40 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2012-08-31 00:32 . 2012-08-31 00:32 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-27 06:55 . 2012-08-27 06:55 -------- d-----w- c:\users\Domsfriend\AppData\Local\NBGI
2012-08-25 22:56 . 2012-09-05 05:17 -------- d-----w- c:\program files (x86)\PrivitizeVPN
2012-08-25 22:56 . 2012-08-25 22:56 -------- d-----w- c:\users\Domsfriend\AppData\Local\Babylon
2012-08-22 10:22 . 2012-08-22 10:22 -------- d-----w- C:\Ubisoft
2012-08-22 10:20 . 2012-08-22 10:20 -------- d-----w- c:\users\Domsfriend\AppData\Local\Apps
2012-08-22 10:20 . 2012-09-02 08:37 -------- d-----w- c:\users\Domsfriend\AppData\Local\Deployment
2012-08-17 06:37 . 2012-08-17 06:37 -------- d-----w- c:\users\hedev
2012-08-14 23:08 . 2012-08-14 23:08 -------- d-----w- c:\users\Domsfriend\AppData\Local\Dxtory Software
2012-08-14 23:08 . 2011-05-23 11:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-08-14 23:08 . 2011-05-23 11:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-08-14 23:07 . 2012-08-14 23:07 -------- d-----w- c:\program files (x86)\Dxtory Software
2012-08-13 04:55 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-13 01:35 . 2012-08-13 01:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-08-12 04:29 . 2012-09-07 23:45 -------- d-----w- c:\program files\pb
2012-08-12 04:28 . 2012-08-12 09:13 -------- d-----w- c:\program files\mods
2012-08-12 04:24 . 2004-10-21 14:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-08-12 04:24 . 2004-10-21 14:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-08-12 04:24 . 2004-10-21 14:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-08-12 04:24 . 2012-08-12 04:24 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-08-12 04:24 . 2004-10-21 14:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-08-12 04:24 . 2004-10-21 14:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-08-12 04:24 . 2012-08-12 04:24 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 23:55 . 2011-04-22 08:49 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-07 23:55 . 2011-03-01 03:36 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-01 06:28 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2012-09-01 06:28 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2012-08-31 09:40 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-08-31 09:40 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2012-08-31 09:40 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-08-28 09:37 . 2011-03-01 03:36 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-21 09:13 . 2011-05-26 03:55 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-02-15 00:30 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-02-15 00:30 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-02-15 00:30 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-02-15 00:30 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-02-15 00:29 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-02-15 00:29 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2011-02-15 00:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-15 11:02 . 2012-04-07 21:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 11:02 . 2011-06-24 03:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 04:38 . 2012-07-18 04:37 2048 ----a-w- c:\windows\SysWow64\winver.exe
2012-07-18 04:38 . 2012-07-18 04:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-07-18 04:37 . 2012-07-18 04:37 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2012-07-18 04:37 . 2012-07-18 04:37 1536 ----a-w- c:\windows\SysWow64\sppcomapi.dll
2012-07-18 04:37 . 2012-07-18 04:37 113543 ----a-w- c:\windows\SysWow64\slmgr.vbs
2012-07-18 04:37 . 2012-07-18 04:37 113543 ----a-w- c:\windows\system32\slmgr.vbs
2012-06-28 08:23 . 2012-06-01 23:47 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-28 08:23 . 2011-04-12 07:09 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-24 00:51 . 2011-04-12 18:39 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-29 08:31 . 2012-05-29 08:30 3993600 ----a-w- c:\program files (x86)\GUT7D7E.tmp
2012-04-04 08:24 . 2012-05-15 19:12 11986 ----a-w- c:\program files (x86)\layout.bin
2012-04-04 08:21 . 2012-05-15 19:12 587200 ----a-w- c:\program files (x86)\ISSetup.dll
2012-04-03 05:58 . 2012-05-15 19:12 3146312 ----a-w- c:\program files (x86)\pbsvc_blr.exe
2012-02-22 11:12 . 2012-05-15 19:12 8525240 ----a-w- c:\program files (x86)\Blacklight Retribution.exe
2012-02-20 06:59 . 2012-05-15 19:12 125892 ----a-w- c:\program files (x86)\config.bin
2011-09-21 03:42 . 2012-05-15 19:12 4216840 ----a-w- c:\program files (x86)\vcredist_x86.exe
2011-03-29 23:40 . 2012-05-15 19:12 517976 ----a-w- c:\program files (x86)\DXSETUP.exe
2011-03-29 23:40 . 2012-05-15 19:12 95576 ----a-w- c:\program files (x86)\DSETUP.dll
2011-03-29 23:40 . 2012-05-15 19:12 1566040 ----a-w- c:\program files (x86)\dsetup32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-10-22 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-07-18 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[-] 2011-12-25 . 0BB584975A87C0A475BF6F857C7C0D8B . 2388992 . . [6.1.7600.16385] .. c:\windows\Resources\Themes\Theme Manager\U-7imate (Recommended)\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\Resources\Themes\Theme Manager\Default\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[-] 2009-12-31 . FB1A146CAF496742EDB4BC14808440CF . 3208192 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2009-12-31 . FB1A146CAF496742EDB4BC14808440CF . 3208192 . . [6.1.7600.16385] .. c:\windows\Resources\Themes\Theme Manager\Dark Agility\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"Akamai NetSession Interface"="c:\users\Domsfriend\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"Facebook Update"="c:\users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-07 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-07-26 1095560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2012-08-24 196784]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-4 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-29 31800]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-26 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-10-31 14544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-10 254528]
S1 ndistgb;TheGreenBow NDIS filter driver;c:\windows\system32\DRIVERS\ndistgb.sys [2011-07-22 28728]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TgbIke Starter;TgbIke Starter;c:\windows\System32\tgbstarter.exe [2009-11-20 162872]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-10-14 745832]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-15 31232]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1290752]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TgbIpSec
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:03]
.
2012-09-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
- c:\users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 10:30]
.
2012-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
- c:\users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-07 10:30]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
- c:\users\Domsfriend\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 08:32]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
- c:\users\Domsfriend\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 08:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TgbVpn"="c:\program files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe" [2011-10-02 1739320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112555 ... 7f74f75f77
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}: NameServer = 208.67.222.222
TCP: Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}\2545141303235375D2839313336373: NameServer = 208.67.222.222
FF - ProfilePath - c:\users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&app ... 06&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
URLSearchHooks-{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
Toolbar-10 - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-XboxStat - c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe
SharedTaskScheduler-{F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-dips64 - c:\program files\DIPS64\uninstall.exe
AddRemove-FFOLKES 2142 Unlocks mod v1.01 - c:\program files\Uninstall_Unlocks_v1.01_mod.exe
AddRemove-Minecraft Beta Cracked - c:\users\Domsfriend\AppData\Roaming\.minecraft\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1}_is1 - c:\program files (x86)\JoWooD Entertainment AG\ArcaniA - Gothic 4\unins000.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5b,fc,5f,4d,39,8f,68,a1,10,ec,50,37,81,c9,c0,ff,37,2b,cc,b4,39,25,63,
88,9a,b2,17,87,f0,2e,9c,b6,88,43,90,25,97,c4,e6,40,35,f4,ae,65,e3,bd,ee,40,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SecuROM\License information*]
"datasecu"=hex:06,8a,17,cd,f3,04,b0,68,36,2f,0e,f4,22,ac,50,d7,39,23,c4,f4,cf,
af,17,53,10,47,4c,13,71,2e,f8,78,b3,83,5b,0b,01,b5,e7,bf,6a,f2,c9,52,ae,be,\
"rkeysecu"=hex:73,31,53,0f,e6,ec,2d,a4,01,52,14,dc,c8,e9,ca,87
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
c:\program files (x86)\TheGreenBow\TheGreenBow VPN\tgbike.exe
.
**************************************************************************
.
Completion time: 2012-09-10 21:41:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-10 09:41
.
Pre-Run: 358,115,151,872 bytes free
Post-Run: 363,123,556,352 bytes free
.
- - End Of File - - DA149E11DA01E23642094DCD23C55B40
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Virus in windows/system32/services.exe

Unread postby Gary R » September 10th, 2012, 7:51 am

Right, now we get to Round 2 of cleaning your computer ....

First

Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
Vista or Win 7, 64 bit: SQW7-Vista_x64.TXT

---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.

---------------------------------------------
Perform a Custom Fix with OTL
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.

Next

Please download SystemLook from one of the links below and save it to your Desktop.
For 64 bit Systems:
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Please run a scan for me with OTL ...

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • OTL fix log
  • SystemLook.txt
  • OTL scan logs (OTL.txt and Extras.txt)


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 10th, 2012, 11:49 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Domsfriend\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Domsfriend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Domsfriend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Domsfriend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Domsfriend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Domsfriend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Domsfriend\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\DOMSFR~1\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\DOMSFR~1\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\DOMSFR~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\DOMSFR~1\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\DOMSFR~1\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\DOMSFR~1\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\DOMSFR~1\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\DOMSFR~1\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Domsfriend\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\Domsfriend\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\Domsfriend\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Domsfriend\Downloads\iLividSetupV1.exe not found.
File/Folder C:\Users\Domsfriend\AppData\LocalLow\DataMngr not found.
File/Folder C:\Users\Domsfriend\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Domsfriend\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Domsfriend\Desktop\cmd.bat deleted successfully.
C:\Users\Domsfriend\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Domsfriend
->Temp folder emptied: 753 bytes
->Temporary Internet Files folder emptied: 198809 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 95264194 bytes
->Flash cache emptied: 167478 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 7953 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524400 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119119 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 93.00 mb


OTL by OldTimer - Version 3.2.61.3 log created on 09112012_154205

Files\Folders moved on Reboot...
C:\Users\Domsfriend\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP000000030793A82090D6CB2B not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 10th, 2012, 11:59 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 15:50 on 11/09/2012 by Domsfriend
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [09:14 19/09/2011] [09:14 19/09/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [09:14 19/09/2011] [09:14 19/09/2011] 6D8F2385F542F47082148F0C6235633C
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [09:14 19/09/2011] [09:14 19/09/2011] D98167EFDC45E8EC6F4769791A15CE36
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js --a---- 27324 bytes [09:14 19/09/2011] [09:14 19/09/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js --a---- 33963 bytes [09:14 19/09/2011] [09:14 19/09/2011] 6D8F2385F542F47082148F0C6235633C
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css --a---- 8308 bytes [09:14 19/09/2011] [09:14 19/09/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [09:14 19/09/2011] [09:14 19/09/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [09:14 19/09/2011] [09:14 19/09/2011] AD14E447F7CED4CA987B91B379EAF952
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.searchquotes.com%2Ffavicon.png --a---- 589 bytes [13:55 18/08/2012] [13:55 18/08/2012] 5F32D061C08C568AB6EBDFD4414AF7CB
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\www.searchquotes.com.idx --a---- 94 bytes [13:55 18/08/2012] [13:55 18/08/2012] 599217F5335E0E903C90C0B14947B3D7

Searching for "*iLivid*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 973 bytes [06:07 08/10/2011] [06:07 08/10/2011] 2BB92A5058803E4EE315568128A81514
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat --a--c- 234 bytes [06:07 08/10/2011] [06:07 08/10/2011] DF912DD672E819AC5ECF62EE712C5AC3
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe --a--c- 3027150 bytes [06:07 08/10/2011] [15:36 04/10/2011] 0276FA170081D222A66109EB26610B36
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk --a--c- 0 bytes [06:07 08/10/2011] [06:07 08/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi --a--c- 265728 bytes [06:07 08/10/2011] [15:36 04/10/2011] DA59EDF8FC5B00422B3027E51B09353A
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par --a--c- 1565 bytes [06:07 08/10/2011] [06:07 08/10/2011] A4EAF2261CFCBA91A42C8B7E959B4C6F
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res --a--c- 2513233 bytes [06:07 08/10/2011] [15:36 04/10/2011] C9141917C3F2BF08A4154E09F241961B
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 973 bytes [06:07 08/10/2011] [06:07 08/10/2011] 2BB92A5058803E4EE315568128A81514
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat --a--c- 234 bytes [06:07 08/10/2011] [06:07 08/10/2011] DF912DD672E819AC5ECF62EE712C5AC3
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe --a--c- 3027150 bytes [06:07 08/10/2011] [15:36 04/10/2011] 0276FA170081D222A66109EB26610B36
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk --a--c- 0 bytes [06:07 08/10/2011] [06:07 08/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi --a--c- 265728 bytes [06:07 08/10/2011] [15:36 04/10/2011] DA59EDF8FC5B00422B3027E51B09353A
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par --a--c- 1565 bytes [06:07 08/10/2011] [06:07 08/10/2011] A4EAF2261CFCBA91A42C8B7E959B4C6F
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res --a--c- 2513233 bytes [06:07 08/10/2011] [15:36 04/10/2011] C9141917C3F2BF08A4154E09F241961B
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Flp.ilivid.com%2Fimages%2F406.png --a---- 711 bytes [04:16 23/08/2012] [04:16 23/08/2012] 63CEB218EA6EADA00A29A9404B03A04B
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.ilivid.com%2Ffavicon.png --a---- 711 bytes [06:10 23/09/2011] [06:10 23/09/2011] 63CEB218EA6EADA00A29A9404B03A04B
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\lp.ilivid.com.idx --a---- 471 bytes [04:16 23/08/2012] [07:15 24/08/2012] 6D4E03B8D01C1DD340826860745238DC
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\www.ilivid.com.idx --a---- 728 bytes [06:10 23/09/2011] [08:21 02/04/2012] 9FC7292ECA7EEC88CD2B1C369F359B05
C:\_OTL\MovedFiles\09112012_153119\C_Program Files (x86)\iLivid\ilivid.exe --a---- 2033152 bytes [06:07 08/10/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\09112012_153119\C_Program Files (x86)\iLivid\ilivid.ico --a---- 9662 bytes [06:07 08/10/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll --a---- 1236368 bytes [06:06 08/10/2011] [17:10 27/09/2011] 7B3E521FE419E62BAEE9AA33495BE2B4
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe --a---- 1700752 bytes [06:06 08/10/2011] [17:10 27/09/2011] 3C8578C0C94432FB1010D05286062FBB
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlp.dll --a---- 351232 bytes [06:06 08/10/2011] [14:38 02/08/2011] 4D9F92DF1AA8AA39F7645C27D6E7CB1A
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlp.xpt --a---- 1051 bytes [06:06 08/10/2011] [17:10 27/09/2011] AFD0611AD79C4D2AA3F82637329A1711
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 400896 bytes [06:06 08/10/2011] [17:08 27/09/2011] CB30F72CDD4CF5EF7C01805390D7F4E9
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 395776 bytes [06:06 08/10/2011] [17:09 27/09/2011] 5878826F1265306CAA5058FF46D6D147
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 395776 bytes [06:06 08/10/2011] [17:09 27/09/2011] 1E9E57C77120959CA486244F1DFF77A4
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 395776 bytes [06:06 08/10/2011] [17:10 27/09/2011] F40633334EBF76768177B49AE1308BCB
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 395776 bytes [06:06 08/10/2011] [17:10 27/09/2011] 0B15C79091D5C380F80307A4E4EDA967
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\content\DataMngr.js --a---- 16466 bytes [06:06 08/10/2011] [13:50 24/08/2011] 64D9BB164FF6E51FBF5541DEAEE23EFD
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll --a---- 1778584 bytes [06:06 08/10/2011] [17:10 27/09/2011] 9E7340CA01F2140B15C1169822F3D8E4
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngrUI.exe --a---- 2272656 bytes [06:06 08/10/2011] [17:10 27/09/2011] 468C722A34009CD90CE5C7E506251507
C:\Windows\Prefetch\DATAMNGRUI.EXE-6EB67F83.pf --a---- 29718 bytes [08:51 10/09/2012] [03:40 11/09/2012] 0DA068F141560D12BBE950748C768A10

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\LocalLow\searchquband d------ [09:57 28/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\LocalLow\searchqutoolbar d------ [06:06 08/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Roaming\Mozilla\Firefox\Profiles\ubkywt8p.default\searchqutoolbar d------ [06:06 08/10/2011]

Searching for "*iLivid*"
C:\Program Files (x86)\Windows iLivid Toolbar d------ [06:05 08/10/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [06:07 08/10/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid d------ [06:07 08/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Program Files (x86)\iLivid d------ [06:07 08/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\Local\Ilivid Player d------ [06:07 08/10/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr d------ [06:05 08/10/2011]
C:\_OTL\MovedFiles\09112012_153119\C_Users\Domsfriend\AppData\LocalLow\DataMngr d------ [09:57 28/10/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Contact"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"Publisher"="Bandoo Media Inc."

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q=");"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=101&systemid=406&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=101&systemid=406&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q="
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"URL"="http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q=");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=101&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=101&systemid=406&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\Files\Homepage]
"Value"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://www.searchqu.com/406");"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\Files\UrlbarSearch]
"Value"="http://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q="
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q=");"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\IEBHO]
"DNSUrl"="http://www.searchqu.com/web?src=derr&appid=101&systemid=406&q="
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\IEBHO]
"404Url"="http://www.searchqu.com/web?src=404&appid=101&systemid=406&q="
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\IEBHO]
"SearchUrl"="http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q="
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\IEBHO]
"NewTabUrl"="http://www.searchqu.com/406"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\IEBHO\RelatedSearch]
"url"="http://www.searchqu.com/related.html"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\List\Item2]
"Value"="http://www.searchqu.com/406"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\SelectedSearch]
"Value"="iLivid Web Search"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers\Files\SelectedSearch]
"DefaultValue"="user_pref("browser.search.selectedEngine", "iLivid Web Search");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\player]
"installpath"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\player\hosts\ilivid.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayIcon"="C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"UninstallString"=""C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"ModifyPath"="C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"HelpLink"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"URLUpdateInfo"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"UninstallString"="C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch]
"Value"="iLivid Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch]
"DefaultValue"="user_pref("browser.search.selectedEngine", "iLivid Web Search");"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\Files\SelectedSearch]
"Value"="iLivid Web Search"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\Files\SelectedSearch]
"DefaultValue"="user_pref("browser.search.selectedEngine", "iLivid Web Search");"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_CURRENT_USER\Software\SearchCore for Browsers]
"DLLPath"="C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers]
"ShortDllPath"="C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers]
"ShortDllPath64"="C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll"
[HKEY_CURRENT_USER\Software\SearchCore for Browsers]
"UIPath"="C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA2D3A09-91F8-4BDB-B37B-9B6EC6206556}]
"AppPath"="C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"="C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
"DLLPath"="C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
"ShortDllPath"="C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
"ShortDllPath64"="C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
"UIPath"="C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers]
"DLLPath"="C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers]
"ShortDllPath"="C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers]
"ShortDllPath64"="C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll"
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers]
"UIPath"="C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 11th, 2012, 12:07 am

OTL logfile created on: 11/09/2012 4:00:47 p.m. - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Domsfriend\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.06% Memory free
7.99 Gb Paging File | 6.04 Gb Available in Paging File | 75.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 342.30 Gb Free Space | 36.75% Space Free | Partition Type: NTFS
Drive D: | 697.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: LINCOLN-PC | User Name: Domsfriend | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/11 15:27:18 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Domsfriend\Desktop\OTL.exe
PRC - [2012/09/02 12:06:56 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/08/29 12:03:38 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/08/21 21:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Domsfriend\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/04 22:14:09 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/07/26 19:52:04 | 001,095,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/07/02 16:02:28 | 004,473,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/05/16 08:56:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/05/15 22:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/11/07 22:15:09 | 010,057,216 | ---- | M] () -- C:\Folding@HomeCPU\1\FahCore_a4.exe
PRC - [2011/11/05 19:25:18 | 010,057,216 | ---- | M] () -- C:\Folding@HomeCPU\2\FahCore_a4.exe
PRC - [2011/11/05 19:23:07 | 010,057,216 | ---- | M] () -- C:\Folding@HomeCPU\3\FahCore_a4.exe
PRC - [2011/11/05 18:57:28 | 010,057,216 | ---- | M] () -- C:\Folding@HomeCPU\4\FahCore_a4.exe
PRC - [2011/11/05 18:28:40 | 000,422,400 | ---- | M] () -- C:\Folding@HomeCPU\4\Fah.exe
PRC - [2011/11/05 18:28:40 | 000,422,400 | ---- | M] () -- C:\Folding@HomeCPU\3\Fah.exe
PRC - [2011/11/05 18:28:40 | 000,422,400 | ---- | M] () -- C:\Folding@HomeCPU\2\Fah.exe
PRC - [2011/11/05 18:28:40 | 000,422,400 | ---- | M] () -- C:\Folding@HomeCPU\1\Fah.exe
PRC - [2011/10/14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2011/10/02 21:15:49 | 001,739,320 | ---- | M] (TheGreenBow) -- C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe
PRC - [2011/09/28 05:10:37 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011/08/31 04:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/25 09:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/07/29 11:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/20 21:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/04/12 20:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2010/02/03 15:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/11/20 23:15:56 | 000,192,056 | ---- | M] (TheGreenBow) -- C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\tgbike.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/08 15:30:26 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/09/08 15:30:24 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/09/08 15:30:24 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/09/08 15:30:24 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/09/08 15:30:24 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/02 12:07:11 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012/09/02 12:07:11 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012/09/02 12:07:10 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012/09/02 12:07:09 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012/09/02 12:07:09 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012/09/02 12:07:09 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012/09/02 12:07:09 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012/09/02 12:07:08 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2012/09/02 12:07:08 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012/09/02 12:07:08 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012/09/02 12:07:08 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/09/02 12:07:08 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012/09/02 12:07:08 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012/08/15 23:02:59 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2011/08/19 15:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/07/29 11:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 11:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/09/30 15:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/03/19 21:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009/03/19 21:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/11/20 23:15:54 | 000,162,872 | ---- | M] (TheGreenBow) [Auto | Running] -- C:\Windows\SysNative\TgbStarter.exe -- (TgbIke Starter)
SRV:64bit: - [2009/07/14 13:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 13:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/11 15:22:01 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/08/29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/08/15 23:03:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/16 08:56:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/15 22:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/11/05 18:28:40 | 000,422,400 | ---- | M] () [4]) Folding@home-CPU-[4] [Auto | Running] -- C:\Folding@HomeCPU\4\Fah.exe -- (Folding@home-CPU-[4])
SRV - [2011/11/05 18:28:40 | 000,422,400 | ---- | M] () [3]) Folding@home-CPU-[3] [Auto | Running] -- C:\Folding@HomeCPU\3\Fah.exe -- (Folding@home-CPU-[3])
SRV - [2011/11/05 18:28:40 | 000,422,400 | ---- | M] () [2]) Folding@home-CPU-[2] [Auto | Running] -- C:\Folding@HomeCPU\2\Fah.exe -- (Folding@home-CPU-[2])
SRV - [2011/11/05 18:28:40 | 000,422,400 | ---- | M] () [1]) Folding@home-CPU-[1] [Auto | Running] -- C:\Folding@HomeCPU\1\Fah.exe -- (Folding@home-CPU-[1])
SRV - [2011/10/14 13:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/09/19 04:33:00 | 003,897,432 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/09/08 23:00:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 04:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 09:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 21:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 21:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 21:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 21:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 21:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 21:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/19 05:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/11/29 14:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/22 22:22:44 | 000,028,728 | ---- | M] (TheGreenBow) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndistgb.sys -- (ndistgb)
DRV:64bit: - [2011/05/25 11:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/04/10 17:33:57 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/26 17:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/04/12 20:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/01/11 22:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/20 23:15:46 | 000,132,664 | ---- | M] (TheGreenBow) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\DfilterVPN.sys -- (TgbIpSec)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/09/04 17:39:10 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/17 15:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 13:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 13:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 13:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 12:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/14 09:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/11 08:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/11 08:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 08:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/27 13:15:20 | 000,092,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/14 13:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 15:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-nz
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 69 7E 35 84 CA CB 01 [binary data]
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\SearchScopes,DefaultScope = {DB1378C1-910A-41B8-98DF-BB8A24DA202F}
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=220512_53all&babsrc=SP_ss&mntrId=809c75b4000000000000687f74f75f77
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\SearchScopes\{DB1378C1-910A-41B8-98DF-BB8A24DA202F}: "URL" = http://nz.search.yahoo.com/search?ei=ut ... &ilc=12&p={searchTerms}
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://nz.search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Domsfriend\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Domsfriend\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Domsfriend\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/27 18:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/11 16:36:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/27 21:25:51 | 000,000,000 | ---D | M]

[2011/10/08 18:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Extensions
[2011/03/02 20:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ojhsg95w.default\extensions
[2012/09/11 15:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions
[2011/05/18 21:37:37 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2012/05/14 18:26:34 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/04/22 11:49:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\battlefieldplay4free@ea.com
[2011/08/19 18:19:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com
[2012/05/13 17:15:33 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\ietab@ip.cn
[2011/07/05 22:46:50 | 000,009,339 | ---- | M] () (No name found) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\firefox\profiles\ubkywt8p.default\extensions\plugin@apture.com.xpi
[2012/09/08 16:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/08 16:29:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/12 19:09:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/17 19:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/06/02 11:47:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/07/18 16:50:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011/08/19 18:18:54 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2012/05/06 13:24:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2011/09/29 18:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/27 18:45:30 | 000,002,355 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/09/29 12:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/08 18:05:55 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Domsfriend\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Domsfriend\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Domsfriend\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Domsfriend\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Turn Off the Lights = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.3_0\
CHR - Extension: YouTube = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.6_0\
CHR - Extension: AdBlock = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.40_0\
CHR - Extension: Skype Click to Call = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.5.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Domsfriend\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/09/10 21:18:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [TgbVpn] C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe (TheGreenBow)
O4:64bit: - HKLM..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000..\Run: [Akamai NetSession Interface] C:\Users\Domsfriend\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000..\Run: [Facebook Update] C:\Users\Domsfriend\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3630749389-2258371352-599158283-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3630749389-2258371352-599158283-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3630749389-2258371352-599158283-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/stati ... 0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87FE5EC8-E1BB-4BBE-AE1A-A6661AE14C0F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B49F06C4-4DA9-40B2-BD37-361797E674FF}: DhcpNameServer = 178.32.51.4 76.73.18.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0A255E7-D6BA-4087-BABB-906270D77759}: NameServer = 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9A12D39-CC55-4AE8-8E37-5D3E00A2D5F8}: DhcpNameServer = 178.32.51.4 76.73.18.50
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/11 15:31:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/11 15:27:17 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Domsfriend\Desktop\OTL.exe
[2012/09/10 21:41:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/10 21:19:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/10 20:56:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/10 20:56:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/10 20:56:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/10 20:55:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 20:45:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/10 20:45:22 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\Domsfriend\Desktop\ComboFix.exe
[2012/09/10 18:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls
[2012/09/08 20:13:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/08 16:25:49 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Roaming\Skype
[2012/09/08 16:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/08 16:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/08 16:25:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/08 16:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/09/08 15:22:11 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/08 10:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/09/07 22:23:16 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Local\Facebook
[2012/09/01 18:34:44 | 002,388,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_edit_w7sbc.exe
[2012/09/01 18:34:44 | 002,388,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_w7sbc.exe
[2012/09/01 18:34:44 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC
[2012/09/01 18:28:27 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll.backup
[2012/09/01 18:28:26 | 015,181,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shell32_backup_wti.dll
[2012/09/01 18:28:26 | 001,842,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame_backup_wti.dll
[2012/09/01 18:28:25 | 003,208,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_wti.exe
[2012/09/01 18:28:25 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OobeFldr_backup_wti.dll
[2012/09/01 18:17:24 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Theme Resource Changer X64 v1.0
[2012/09/01 18:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Theme Resource Changer
[2012/08/31 22:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HUD RED
[2012/08/31 21:47:53 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Local\Korbin_Bickel
[2012/08/31 21:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Manager
[2012/08/31 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Theme Manager
[2012/08/31 21:40:21 | 002,851,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup
[2012/08/31 21:40:18 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup
[2012/08/31 12:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/08/31 12:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/08/27 18:55:48 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\Documents\NBGI
[2012/08/27 18:55:20 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Local\NBGI
[2012/08/26 10:56:53 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN
[2012/08/26 10:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivitizeVPN
[2012/08/26 10:56:52 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Local\Babylon
[2012/08/25 13:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sleeping Dogs
[2012/08/22 22:22:09 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2012/08/22 22:21:39 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/08/22 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Local\Apps
[2012/08/22 22:20:09 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Local\Deployment
[2012/08/17 18:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012/08/15 11:08:08 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Local\Dxtory Software
[2012/08/15 11:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2012/08/15 11:08:03 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll
[2012/08/15 11:08:02 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2012/08/15 11:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software
[2012/08/15 08:57:39 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\Documents\Activision
[2012/08/13 16:55:32 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/12 16:40:50 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FFOLKES Unlocks
[2012/08/12 16:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FFOLKES Unlocks
[2012/08/12 16:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\pb
[2012/08/12 16:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\mods
[2012/05/16 07:12:24 | 000,095,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\DSETUP.dll
[2012/05/16 07:12:22 | 000,517,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\DXSETUP.exe
[2012/05/16 07:12:20 | 000,587,200 | ---- | C] (Flexera Software, Inc.) -- C:\Program Files (x86)\ISSetup.dll
[2012/05/16 07:12:17 | 001,566,040 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dsetup32.dll
[2012/05/16 07:12:16 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vcredist_x86.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/11 16:01:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/11 15:50:11 | 000,165,376 | ---- | M] () -- C:\Users\Domsfriend\Desktop\SystemLook_x64.exe
[2012/09/11 15:46:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/11 15:46:40 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/11 15:45:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012/09/11 15:45:26 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
[2012/09/11 15:27:18 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Domsfriend\Desktop\OTL.exe
[2012/09/10 22:36:03 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
[2012/09/10 22:36:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
[2012/09/10 21:18:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/10 20:45:22 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\Domsfriend\Desktop\ComboFix.exe
[2012/09/10 20:45:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
[2012/09/08 11:55:37 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/08 11:55:37 | 000,282,696 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/08 06:40:50 | 000,014,416 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 06:40:50 | 000,014,416 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 20:23:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/05 16:18:32 | 000,151,608 | ---- | M] () -- C:\Windows\UTP.exe
[2012/09/01 18:37:24 | 005,062,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/01 18:28:27 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2012/08/31 21:40:21 | 002,851,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2012/08/31 21:40:19 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2012/08/28 21:37:11 | 000,281,120 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/08/21 21:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 21:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 21:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 21:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 21:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 21:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 21:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 21:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 21:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/15 23:02:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 23:02:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/11 15:50:11 | 000,165,376 | ---- | C] () -- C:\Users\Domsfriend\Desktop\SystemLook_x64.exe
[2012/09/10 20:56:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/10 20:56:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/10 20:56:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/10 20:56:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/10 20:56:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/07 22:23:27 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
[2012/09/07 22:23:22 | 000,000,926 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
[2012/09/01 18:28:23 | 000,151,608 | ---- | C] () -- C:\Windows\UTP.exe
[2012/08/31 22:15:34 | 000,009,112 | ---- | C] () -- C:\Program Files (x86)\HUD RED Topshell Basic.theme
[2012/08/31 22:15:34 | 000,009,106 | ---- | C] () -- C:\Program Files (x86)\HUD RED Topshell.theme
[2012/08/31 22:15:34 | 000,009,094 | ---- | C] () -- C:\Program Files (x86)\HUD RED Basic.theme
[2012/08/31 22:15:31 | 000,009,088 | ---- | C] () -- C:\Program Files (x86)\HUD RED.theme
[2012/07/18 16:37:54 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2012/06/05 16:33:57 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012/05/16 07:22:25 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/05/16 07:12:32 | 362,468,194 | ---- | C] () -- C:\Program Files (x86)\BLR_Client.hogg
[2012/05/16 07:12:24 | 000,121,054 | ---- | C] () -- C:\Program Files (x86)\JUN2008_XACT_x64.cab
[2012/05/16 07:12:24 | 000,109,445 | ---- | C] () -- C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
[2012/05/16 07:12:24 | 000,105,044 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
[2012/05/16 07:12:24 | 000,097,152 | ---- | C] () -- C:\Program Files (x86)\dxupdate.cab
[2012/05/16 07:12:24 | 000,096,817 | ---- | C] () -- C:\Program Files (x86)\APR2007_xinput_x64.cab
[2012/05/16 07:12:24 | 000,093,734 | ---- | C] () -- C:\Program Files (x86)\Mar2008_XACT_x86.cab
[2012/05/16 07:12:24 | 000,093,686 | ---- | C] () -- C:\Program Files (x86)\Jun2010_XACT_x86.cab
[2012/05/16 07:12:24 | 000,093,180 | ---- | C] () -- C:\Program Files (x86)\Feb2010_XACT_x86.cab
[2012/05/16 07:12:24 | 000,093,128 | ---- | C] () -- C:\Program Files (x86)\JUN2008_XACT_x86.cab
[2012/05/16 07:12:24 | 000,093,106 | ---- | C] () -- C:\Program Files (x86)\Aug2009_XACT_x86.cab
[2012/05/16 07:12:24 | 000,092,996 | ---- | C] () -- C:\Program Files (x86)\Aug2008_XACT_x86.cab
[2012/05/16 07:12:24 | 000,092,740 | ---- | C] () -- C:\Program Files (x86)\Mar2009_XACT_x86.cab
[2012/05/16 07:12:24 | 000,092,684 | ---- | C] () -- C:\Program Files (x86)\Nov2008_XACT_x86.cab
[2012/05/16 07:12:24 | 000,087,142 | ---- | C] () -- C:\Program Files (x86)\AUG2006_xinput_x64.cab
[2012/05/16 07:12:24 | 000,087,101 | ---- | C] () -- C:\Program Files (x86)\Apr2006_xinput_x64.cab
[2012/05/16 07:12:24 | 000,086,037 | ---- | C] () -- C:\Program Files (x86)\Oct2005_xinput_x64.cab
[2012/05/16 07:12:24 | 000,055,154 | ---- | C] () -- C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
[2012/05/16 07:12:24 | 000,055,058 | ---- | C] () -- C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
[2012/05/16 07:12:24 | 000,054,678 | ---- | C] () -- C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
[2012/05/16 07:12:24 | 000,054,600 | ---- | C] () -- C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
[2012/05/16 07:12:24 | 000,054,522 | ---- | C] () -- C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
[2012/05/16 07:12:24 | 000,053,302 | ---- | C] () -- C:\Program Files (x86)\APR2007_xinput_x86.cab
[2012/05/16 07:12:24 | 000,050,643 | ---- | C] () -- C:\Program Files (x86)\FoxCompat.ini
[2012/05/16 07:12:24 | 000,046,144 | ---- | C] () -- C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
[2012/05/16 07:12:24 | 000,046,058 | ---- | C] () -- C:\Program Files (x86)\AUG2006_xinput_x86.cab
[2012/05/16 07:12:24 | 000,046,010 | ---- | C] () -- C:\Program Files (x86)\Apr2006_xinput_x86.cab
[2012/05/16 07:12:24 | 000,045,359 | ---- | C] () -- C:\Program Files (x86)\Oct2005_xinput_x86.cab
[2012/05/16 07:12:24 | 000,044,624 | ---- | C] () -- C:\Program Files (x86)\dxdllreg_x86.cab
[2012/05/16 07:12:24 | 000,040,415 | ---- | C] () -- C:\Program Files (x86)\data1.hdr
[2012/05/16 07:12:24 | 000,038,710 | ---- | C] () -- C:\Program Files (x86)\PCConsole-FoxEngine.ini
[2012/05/16 07:12:24 | 000,032,045 | ---- | C] () -- C:\Program Files (x86)\PCConsole-FoxInput.ini
[2012/05/16 07:12:24 | 000,026,270 | ---- | C] () -- C:\Program Files (x86)\0x040c.ini
[2012/05/16 07:12:24 | 000,025,860 | ---- | C] () -- C:\Program Files (x86)\0x0407.ini
[2012/05/16 07:12:24 | 000,022,492 | ---- | C] () -- C:\Program Files (x86)\0x0409.ini
[2012/05/16 07:12:24 | 000,021,905 | ---- | C] () -- C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
[2012/05/16 07:12:24 | 000,021,867 | ---- | C] () -- C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
[2012/05/16 07:12:24 | 000,021,851 | ---- | C] () -- C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
[2012/05/16 07:12:24 | 000,021,298 | ---- | C] () -- C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
[2012/05/16 07:12:24 | 000,020,713 | ---- | C] () -- C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
[2012/05/16 07:12:24 | 000,018,496 | ---- | C] () -- C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
[2012/05/16 07:12:24 | 000,011,986 | ---- | C] () -- C:\Program Files (x86)\layout.bin
[2012/05/16 07:12:24 | 000,005,265 | ---- | C] () -- C:\Program Files (x86)\FoxHud.ini
[2012/05/16 07:12:24 | 000,002,884 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2012/05/16 07:12:24 | 000,000,512 | ---- | C] () -- C:\Program Files (x86)\data2.cab
[2012/05/16 07:12:24 | 000,000,154 | ---- | C] () -- C:\Program Files (x86)\local_version_cc.xml
[2012/05/16 07:12:23 | 000,227,165 | ---- | C] () -- C:\Program Files (x86)\setup.inx
[2012/05/16 07:12:23 | 000,226,250 | ---- | C] () -- C:\Program Files (x86)\Mar2008_XAudio_x86.cab
[2012/05/16 07:12:23 | 000,212,807 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
[2012/05/16 07:12:23 | 000,198,096 | ---- | C] () -- C:\Program Files (x86)\AUG2007_XACT_x64.cab
[2012/05/16 07:12:23 | 000,197,283 | ---- | C] () -- C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
[2012/05/16 07:12:23 | 000,197,122 | ---- | C] () -- C:\Program Files (x86)\JUN2007_XACT_x64.cab
[2012/05/16 07:12:23 | 000,196,762 | ---- | C] () -- C:\Program Files (x86)\NOV2007_XACT_x64.cab
[2012/05/16 07:12:23 | 000,195,766 | ---- | C] () -- C:\Program Files (x86)\APR2007_XACT_x64.cab
[2012/05/16 07:12:23 | 000,194,675 | ---- | C] () -- C:\Program Files (x86)\FEB2007_XACT_x64.cab
[2012/05/16 07:12:23 | 000,192,475 | ---- | C] () -- C:\Program Files (x86)\DEC2006_XACT_x64.cab
[2012/05/16 07:12:23 | 000,192,131 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
[2012/05/16 07:12:23 | 000,191,720 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
[2012/05/16 07:12:23 | 000,182,903 | ---- | C] () -- C:\Program Files (x86)\AUG2006_XACT_x64.cab
[2012/05/16 07:12:23 | 000,182,361 | ---- | C] () -- C:\Program Files (x86)\OCT2006_XACT_x64.cab
[2012/05/16 07:12:23 | 000,180,785 | ---- | C] () -- C:\Program Files (x86)\JUN2006_XACT_x64.cab
[2012/05/16 07:12:23 | 000,179,133 | ---- | C] () -- C:\Program Files (x86)\Apr2006_XACT_x64.cab
[2012/05/16 07:12:23 | 000,178,359 | ---- | C] () -- C:\Program Files (x86)\Feb2006_XACT_x64.cab
[2012/05/16 07:12:23 | 000,153,012 | ---- | C] () -- C:\Program Files (x86)\AUG2007_XACT_x86.cab
[2012/05/16 07:12:23 | 000,152,909 | ---- | C] () -- C:\Program Files (x86)\JUN2007_XACT_x86.cab
[2012/05/16 07:12:23 | 000,151,225 | ---- | C] () -- C:\Program Files (x86)\APR2007_XACT_x86.cab
[2012/05/16 07:12:23 | 000,148,264 | ---- | C] () -- C:\Program Files (x86)\NOV2007_XACT_x86.cab
[2012/05/16 07:12:23 | 000,147,983 | ---- | C] () -- C:\Program Files (x86)\FEB2007_XACT_x86.cab
[2012/05/16 07:12:23 | 000,145,599 | ---- | C] () -- C:\Program Files (x86)\DEC2006_XACT_x86.cab
[2012/05/16 07:12:23 | 000,138,205 | ---- | C] () -- C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
[2012/05/16 07:12:23 | 000,138,017 | ---- | C] () -- C:\Program Files (x86)\OCT2006_XACT_x86.cab
[2012/05/16 07:12:23 | 000,137,235 | ---- | C] () -- C:\Program Files (x86)\AUG2006_XACT_x86.cab
[2012/05/16 07:12:23 | 000,136,301 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
[2012/05/16 07:12:23 | 000,133,671 | ---- | C] () -- C:\Program Files (x86)\JUN2006_XACT_x86.cab
[2012/05/16 07:12:23 | 000,133,103 | ---- | C] () -- C:\Program Files (x86)\Apr2006_XACT_x86.cab
[2012/05/16 07:12:23 | 000,132,409 | ---- | C] () -- C:\Program Files (x86)\Feb2006_XACT_x86.cab
[2012/05/16 07:12:23 | 000,125,892 | ---- | C] () -- C:\Program Files (x86)\config.bin
[2012/05/16 07:12:23 | 000,124,596 | ---- | C] () -- C:\Program Files (x86)\Jun2010_XACT_x64.cab
[2012/05/16 07:12:23 | 000,122,446 | ---- | C] () -- C:\Program Files (x86)\Feb2010_XACT_x64.cab
[2012/05/16 07:12:23 | 000,122,408 | ---- | C] () -- C:\Program Files (x86)\Aug2009_XACT_x64.cab
[2012/05/16 07:12:23 | 000,122,336 | ---- | C] () -- C:\Program Files (x86)\Mar2008_XACT_x64.cab
[2012/05/16 07:12:23 | 000,121,794 | ---- | C] () -- C:\Program Files (x86)\Nov2008_XACT_x64.cab
[2012/05/16 07:12:23 | 000,121,772 | ---- | C] () -- C:\Program Files (x86)\Aug2008_XACT_x64.cab
[2012/05/16 07:12:23 | 000,121,506 | ---- | C] () -- C:\Program Files (x86)\Mar2009_XACT_x64.cab
[2012/05/16 07:12:22 | 000,278,060 | ---- | C] () -- C:\Program Files (x86)\Jun2010_XAudio_x86.cab
[2012/05/16 07:12:22 | 000,277,338 | ---- | C] () -- C:\Program Files (x86)\Jun2010_XAudio_x64.cab
[2012/05/16 07:12:22 | 000,277,191 | ---- | C] () -- C:\Program Files (x86)\Feb2010_XAudio_x86.cab
[2012/05/16 07:12:22 | 000,276,960 | ---- | C] () -- C:\Program Files (x86)\Feb2010_XAudio_x64.cab
[2012/05/16 07:12:22 | 000,275,044 | ---- | C] () -- C:\Program Files (x86)\Mar2009_XAudio_x64.cab
[2012/05/16 07:12:22 | 000,273,960 | ---- | C] () -- C:\Program Files (x86)\Nov2008_XAudio_x64.cab
[2012/05/16 07:12:22 | 000,273,264 | ---- | C] () -- C:\Program Files (x86)\Aug2009_XAudio_x64.cab
[2012/05/16 07:12:22 | 000,273,018 | ---- | C] () -- C:\Program Files (x86)\Mar2009_XAudio_x86.cab
[2012/05/16 07:12:22 | 000,272,642 | ---- | C] () -- C:\Program Files (x86)\Aug2009_XAudio_x86.cab
[2012/05/16 07:12:22 | 000,272,611 | ---- | C] () -- C:\Program Files (x86)\Nov2008_XAudio_x86.cab
[2012/05/16 07:12:22 | 000,271,412 | ---- | C] () -- C:\Program Files (x86)\Aug2008_XAudio_x64.cab
[2012/05/16 07:12:22 | 000,271,038 | ---- | C] () -- C:\Program Files (x86)\Aug2008_XAudio_x86.cab
[2012/05/16 07:12:22 | 000,269,628 | ---- | C] () -- C:\Program Files (x86)\JUN2008_XAudio_x64.cab
[2012/05/16 07:12:22 | 000,269,024 | ---- | C] () -- C:\Program Files (x86)\JUN2008_XAudio_x86.cab
[2012/05/16 07:12:22 | 000,251,194 | ---- | C] () -- C:\Program Files (x86)\Mar2008_XAudio_x64.cab
[2012/05/16 07:12:22 | 000,235,955 | ---- | C] () -- C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
[2012/05/16 07:12:22 | 000,232,635 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
[2012/05/16 07:12:20 | 000,803,884 | ---- | C] () -- C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
[2012/05/16 07:12:20 | 000,802,113 | ---- | C] () -- C:\Program Files (x86)\data1.cab
[2012/05/16 07:12:20 | 000,796,867 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
[2012/05/16 07:12:20 | 000,768,036 | ---- | C] () -- C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
[2012/05/16 07:12:20 | 000,762,188 | ---- | C] () -- C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
[2012/05/16 07:12:20 | 000,752,783 | ---- | C] () -- C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
[2012/05/16 07:12:20 | 000,728,456 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
[2012/05/16 07:12:20 | 000,699,044 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
[2012/05/16 07:12:20 | 000,698,612 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
[2012/05/16 07:12:20 | 000,698,472 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
[2012/05/16 07:12:20 | 000,695,865 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
[2012/05/16 07:12:19 | 000,852,286 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
[2012/05/16 07:12:19 | 000,849,919 | ---- | C] () -- C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
[2012/05/16 07:12:19 | 000,849,167 | ---- | C] () -- C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
[2012/05/16 07:12:19 | 000,844,884 | ---- | C] () -- C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
[2012/05/16 07:12:19 | 000,818,260 | ---- | C] () -- C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
[2012/05/16 07:12:18 | 001,550,796 | ---- | C] () -- C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
[2012/05/16 07:12:18 | 001,464,672 | ---- | C] () -- C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
[2012/05/16 07:12:18 | 001,463,878 | ---- | C] () -- C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
[2012/05/16 07:12:18 | 001,443,282 | ---- | C] () -- C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
[2012/05/16 07:12:18 | 001,412,902 | ---- | C] () -- C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
[2012/05/16 07:12:18 | 001,397,830 | ---- | C] () -- C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
[2012/05/16 07:12:18 | 001,362,796 | ---- | C] () -- C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
[2012/05/16 07:12:18 | 001,357,976 | ---- | C] () -- C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
[2012/05/16 07:12:18 | 001,350,542 | ---- | C] () -- C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
[2012/05/16 07:12:18 | 001,347,354 | ---- | C] () -- C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
[2012/05/16 07:12:18 | 001,336,002 | ---- | C] () -- C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
[2012/05/16 07:12:18 | 001,247,499 | ---- | C] () -- C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
[2012/05/16 07:12:18 | 001,127,217 | ---- | C] () -- C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
[2012/05/16 07:12:18 | 001,115,221 | ---- | C] () -- C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
[2012/05/16 07:12:18 | 001,084,720 | ---- | C] () -- C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
[2012/05/16 07:12:18 | 001,079,456 | ---- | C] () -- C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
[2012/05/16 07:12:18 | 001,078,962 | ---- | C] () -- C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
[2012/05/16 07:12:18 | 001,077,644 | ---- | C] () -- C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
[2012/05/16 07:12:18 | 001,067,160 | ---- | C] () -- C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
[2012/05/16 07:12:18 | 001,064,925 | ---- | C] () -- C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
[2012/05/16 07:12:18 | 001,040,745 | ---- | C] () -- C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
[2012/05/16 07:12:18 | 001,013,225 | ---- | C] () -- C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
[2012/05/16 07:12:18 | 000,994,154 | ---- | C] () -- C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
[2012/05/16 07:12:18 | 000,965,421 | ---- | C] () -- C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
[2012/05/16 07:12:18 | 000,944,460 | ---- | C] () -- C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
[2012/05/16 07:12:18 | 000,937,246 | ---- | C] () -- C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
[2012/05/16 07:12:18 | 000,931,471 | ---- | C] () -- C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
[2012/05/16 07:12:18 | 000,930,116 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
[2012/05/16 07:12:18 | 000,919,044 | ---- | C] () -- C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
[2012/05/16 07:12:18 | 000,916,430 | ---- | C] () -- C:\Program Files (x86)\Apr2006_MDX1_x86.cab
[2012/05/16 07:12:18 | 000,900,598 | ---- | C] () -- C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
[2012/05/16 07:12:18 | 000,867,828 | ---- | C] () -- C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
[2012/05/16 07:12:18 | 000,867,612 | ---- | C] () -- C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
[2012/05/16 07:12:18 | 000,864,600 | ---- | C] () -- C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
[2012/05/16 07:12:17 | 003,319,740 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
[2012/05/16 07:12:17 | 003,146,312 | ---- | C] () -- C:\Program Files (x86)\pbsvc_blr.exe
[2012/05/16 07:12:17 | 003,112,111 | ---- | C] () -- C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
[2012/05/16 07:12:17 | 001,973,702 | ---- | C] () -- C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
[2012/05/16 07:12:17 | 001,906,878 | ---- | C] () -- C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
[2012/05/16 07:12:17 | 001,802,058 | ---- | C] () -- C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
[2012/05/16 07:12:17 | 001,800,160 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
[2012/05/16 07:12:17 | 001,794,084 | ---- | C] () -- C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
[2012/05/16 07:12:17 | 001,792,608 | ---- | C] () -- C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
[2012/05/16 07:12:17 | 001,769,862 | ---- | C] () -- C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
[2012/05/16 07:12:17 | 001,709,360 | ---- | C] () -- C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
[2012/05/16 07:12:17 | 001,708,152 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
[2012/05/16 07:12:17 | 001,612,446 | ---- | C] () -- C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
[2012/05/16 07:12:17 | 001,607,774 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
[2012/05/16 07:12:17 | 001,607,358 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
[2012/05/16 07:12:17 | 001,607,286 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
[2012/05/16 07:12:17 | 001,606,039 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
[2012/05/16 07:12:17 | 001,574,376 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
[2012/05/16 07:12:17 | 001,571,154 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
[2012/05/16 07:12:16 | 004,162,630 | ---- | C] () -- C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
[2012/05/16 07:12:14 | 008,525,240 | ---- | C] () -- C:\Program Files (x86)\Blacklight Retribution.exe
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/09 11:54:57 | 000,000,353 | ---- | C] () -- C:\Users\Domsfriend\AppData\Roaming\Network Meter_Settings.ini
[2011/11/10 18:09:28 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/10/24 17:20:56 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/10/06 21:27:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/08/08 21:47:40 | 000,000,009 | ---- | C] () -- C:\Windows\SysWow64\status.bin
[2011/05/19 09:05:09 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/12 18:56:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/10 17:47:14 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/02 19:13:56 | 000,024,273 | ---- | C] () -- C:\Users\Domsfriend\AppData\Roaming\UserTile.png
[2011/03/01 15:36:48 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/01 15:36:43 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/01 15:36:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/28 21:46:19 | 000,000,107 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/02/12 18:13:43 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/12 18:13:43 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/12 18:13:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/12 18:13:40 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/02/12 18:09:51 | 000,034,960 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/02/12 18:09:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/12 18:09:17 | 000,028,463 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2011/04/12 19:35:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\.minecraft
[2011/04/12 19:35:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\.minecraft
[2012/08/27 21:23:16 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\.minecraft
[2012/05/08 18:38:11 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\2K Sports
[2012/05/06 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Babylon
[2012/05/27 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\BabylonToolbar
[2012/04/28 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Bioshock
[2012/04/01 13:21:22 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\bizarre creations
[2012/05/27 21:30:42 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Chief Architect Premier X3
[2011/08/29 18:36:46 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\DAEMON Tools Lite
[2011/04/04 19:47:13 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\DAEMON Tools Pro
[2011/05/16 22:47:35 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Gadgets4Vista
[2011/08/17 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\GetRightToGo
[2012/09/08 11:30:26 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\IObit
[2011/08/29 17:57:11 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Lionhead Studios
[2012/03/04 18:04:56 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\MAXON
[2011/11/07 15:24:59 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Mount&Blade
[2011/09/28 16:43:14 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Mount&Blade Warband
[2011/05/08 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/08/19 21:53:48 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\OpenCandy
[2011/08/25 18:30:25 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Opera
[2012/08/09 22:40:45 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Origin
[2011/08/30 22:00:33 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\PunkBuster
[2012/05/28 22:49:11 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/03/03 22:46:14 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Summitsoft
[2011/08/07 20:22:34 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\SystemRequirementsLab
[2011/10/29 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\TeamViewer
[2011/08/30 18:43:24 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\The Creative Assembly
[2012/08/22 16:32:45 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\TS3Client
[2011/08/19 18:18:53 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\ts3overlay
[2012/07/10 13:44:40 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\TuneUpMedia
[2011/12/10 12:48:34 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Tunngle
[2012/06/26 07:29:21 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Ubisoft
[2012/09/09 22:58:43 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\uTorrent
[2012/09/06 06:37:25 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\xsecva
[2012/05/06 17:15:34 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\YourFileDownloader
[2012/03/28 16:19:01 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\.minecraft
[2012/09/10 22:36:01 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000Core.job
[2012/09/10 22:36:03 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3630749389-2258371352-599158283-1000UA.job
[2012/07/30 16:55:44 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 11th, 2012, 12:08 am

OTL Extras logfile created on: 11/09/2012 4:00:47 p.m. - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Domsfriend\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.06% Memory free
7.99 Gb Paging File | 6.04 Gb Available in Paging File | 75.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 342.30 Gb Free Space | 36.75% Space Free | Partition Type: NTFS
Drive D: | 697.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: LINCOLN-PC | User Name: Domsfriend | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{68C4646E-1474-41C9-A148-1C50AAA0EEBF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB7F628C-F16A-42B8-82C2-B6BC033636CE}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{55A49C79-D080-4FB0-B5E7-A0C955D65214}C:\program files (x86)\2k_games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k_games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{585C36BA-C352-42BB-AF8D-F05439876A3E}C:\users\domsfriend\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\domsfriend\appdata\local\akamai\netsession_win.exe |
"TCP Query User{AD00DC08-5ED2-4A7C-8C9A-2B3386068904}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{8DAD03CB-DA30-4283-929A-959DBE1CC4D8}C:\users\domsfriend\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\domsfriend\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A235C216-5761-488B-9050-F76289F3A73B}C:\program files (x86)\2k_games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k_games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{C9519F97-37A1-466A-A98B-76D789EA4E5B}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{40BD15A3-E031-5CF1-6994-550A4C059127}" = ATI Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.5
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{79899C6B-E315-4A3F-8904-02DEAB8D660D}" = Corel Graphics - Windows Shell Extension 32 Bit
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64)
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCE7423E-1D84-4CD3-9E32-220EC9358D97}" = CorelDRAW Graphics Suite X6 (x64)
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{076B4237-0A24-466F-B5C2-6EE84FEF7C4D}" = Chief Architect Premier X3
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A086701-1EEE-43F5-A9DB-DE2D73DC543D}_is1" = Aliens vs. Predator
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5435FF3C-48CF-4B34-85E1-2C95673EB254}" = Dawn of War - Soulstorm
"{5E1E4C7A-A7D6-42F0-BDBA-DF20200E144E}" = Tune Sweeper
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77EC0035-AFBA-4A8C-814A-6A887224C1A1}" = DeskScapes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{835BCA58-EBE8-415B-8E7F-457F76F15821}" = IObit Toolbar v6.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{906A2451-03FB-43FF-A2F6-D4A1412BC7B0}" = Theme Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1}_is1" = ArcaniA - Gothic 4 Patch
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"¡¶É±³öÖØΧ3ÈËÀà¸ïÃü¡·ÓÎÏÀ°¿ÏèÖÐÎÄÍêÕûÓ²ÅÌ°æ_is1" = ɱ³öÖØΧ3ÈËÀà¸ïÃü
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon Kindle" = Amazon Kindle
"Any to Icon" = Any to Icon
"APB Reloaded" = APB Reloaded
"avast" = avast! Free Antivirus
"AVIConverter" = AVIConverter 2.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"Blend_4.0.20525.0" = Microsoft Expression Blend 4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Combat Arms" = Combat Arms
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dark Souls_is1" = Dark Souls
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DeskScapes" = DeskScapes
"dips64" = Desktop Icon Position Saver (64-bit)
"DivX Setup" = DivX Setup
"Dxtory2.0_is1" = Dxtory version 2.0.118
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"Endless Space_is1" = Endless Space
"ESN Sonar-0.70.4" = ESN Sonar
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"FFOLKES 2142 Unlocks mod v1.01" = FFOLKES 2142 Unlocks mod v1.01
"Game Booster_is1" = Game Booster 3
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Ghost Recon Future Soldier_is1" = Ghost Recon Future Soldier
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"IObit Malware Fighter_is1" = IObit Malware Fighter
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"MinecraftCrack1.0" = MinecraftCrack
"Mount&Blade" = Mount&Blade
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"OPERATION7" = OPERATION7
"Orcs Must Die!_is1" = Orcs Must Die!
"Orcs Must Die_is1" = Orcs Must Die
"Origin" = Origin
"PowerISO" = PowerISO
"PrivitizeVPN" = PrivitizeVPN
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Savage2" = Savage 2 - A Tortured Soul
"SearchCore for Browsers" = SearchCore for Browsers
"Sleeping Dogs_is1" = Sleeping Dogs version 1.4
"Smart Defrag 2_is1" = Smart Defrag 2
"Steam App 104700" = Super Monday Night Combat
"Steam App 10680" = Aliens vs. Predator
"Steam App 113400" = APB Reloaded
"Steam App 2300" = DOOM II: Hell on Earth
"Steam App 3410" = Heavy Weapon Deluxe
"Steam App 37960" = Jewel Quest
"Steam App 45750" = Lost Planet 2
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TheGreenBow IPSec VPN Client" = TheGreenBow IPSec VPN Client
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Vikingr" = Vikingr 0.84
"VLC media player" = VLC media player 1.1.11
"Web_4.0.1165.0" = Microsoft Expression Web 4
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WolfTeam" = WolfTeam
"Xfire" = Xfire (remove only)
"yukongold" = Yukon Gold

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FLV Downloader" = FLV Downloader
"Google Chrome" = Google Chrome
"PassGen" = PassGen
"Torus" = Torus
"YourFileDownloader" = YourFileDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/09/2012 11:22:14 p.m. | Computer Name = Lincoln-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PrivitizeVPN.exe, version: 1.0.0.1, time
stamp: 0x5037de9d Faulting module name: VPN.dll_unloaded, version: 0.0.0.0, time
stamp: 0x50409af7 Exception code: 0xc0000005 Fault offset: 0x70d87320 Faulting process
id: 0xea8 Faulting application start time: 0x01cd8fcc9cb55f7b Faulting application
path: C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe Faulting module path:
VPN.dll Report Id: e1625688-fbbf-11e1-af1d-e89d4d5a6853

Error - 10/09/2012 11:33:06 p.m. | Computer Name = Lincoln-PC | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 3.2.61.3, time stamp:
0x2a425e19 Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb3b Exception code: 0xc0020043 Fault offset: 0x0005cd59 Faulting process id:
0xf2c Faulting application start time: 0x01cd8fcde08317d7 Faulting application path:
C:\Users\Domsfriend\Desktop\OTL.exe Faulting module path: C:\Windows\syswow64\RPCRT4.dll
Report
Id: 65df9397-fbc1-11e1-af1d-e89d4d5a6853

Error - 10/09/2012 11:38:02 p.m. | Computer Name = Lincoln-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c98 Start
Time: 01cd8fcc9ba3a13c Termination Time: 16 Application Path: C:\Windows\Explorer.EXE

Report
Id: 92ba78db-fbc1-11e1-af1d-e89d4d5a6853

Error - 10/09/2012 11:39:55 p.m. | Computer Name = Lincoln-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.13.142, time
stamp: 0x4fb21865 Faulting module name: nvvsvc.exe, version: 8.17.13.142, time stamp:
0x4fb21865 Exception code: 0x40000015 Fault offset: 0x000000000004eec5 Faulting process
id: 0x61c Faulting application start time: 0x01cd8fcf0f05e9b4 Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 597d552e-fbc2-11e1-bd09-b5cc22b8b950

Error - 10/09/2012 11:39:56 p.m. | Computer Name = Lincoln-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 10/09/2012 11:39:56 p.m. | Computer Name = Lincoln-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 10/09/2012 11:47:01 p.m. | Computer Name = Lincoln-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800401F9

Error - 10/09/2012 11:47:01 p.m. | Computer Name = Lincoln-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 10/09/2012 11:47:13 p.m. | Computer Name = Lincoln-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvvsvc.exe, version: 8.17.13.142, time
stamp: 0x4fb21865 Faulting module name: nvvsvc.exe, version: 8.17.13.142, time stamp:
0x4fb21865 Exception code: 0x40000015 Fault offset: 0x000000000004eec5 Faulting process
id: 0x5f4 Faulting application start time: 0x01cd8fd012a8d4ca Faulting application
path: C:\Windows\system32\nvvsvc.exe Faulting module path: C:\Windows\system32\nvvsvc.exe
Report
Id: 5eee5959-fbc3-11e1-baf5-efdf2a1aaa53

Error - 10/09/2012 11:48:40 p.m. | Computer Name = Lincoln-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PrivitizeVPN.exe, version: 1.0.0.1, time
stamp: 0x5037de9d Faulting module name: VPN.dll_unloaded, version: 0.0.0.0, time
stamp: 0x504dc7c0 Exception code: 0xc0000005 Fault offset: 0x74657320 Faulting process
id: 0xd18 Faulting application start time: 0x01cd8fd02e6c74eb Faulting application
path: C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe Faulting module path:
VPN.dll Report Id: 92770f4e-fbc3-11e1-baf5-efdf2a1aaa53

[ Media Center Events ]
Error - 12/06/2012 7:05:10 a.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 11:05:10 p.m. - Error connecting to the internet. 11:05:10 p.m. -
Unable to contact server..

Error - 12/06/2012 7:07:24 a.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 11:07:03 p.m. - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 12/06/2012 7:07:51 a.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 11:07:45 p.m. - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 12/06/2012 9:10:37 a.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 1:10:28 a.m. - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 23/06/2012 6:45:39 p.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 10:45:39 a.m. - Error connecting to the internet. 10:45:39 a.m. -
Unable to contact server..

Error - 23/06/2012 6:45:49 p.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 10:45:44 a.m. - Error connecting to the internet. 10:45:44 a.m. -
Unable to contact server..

Error - 23/06/2012 7:48:54 p.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 11:48:54 a.m. - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 23/06/2012 7:49:39 p.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 11:49:27 a.m. - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 23/06/2012 7:49:58 p.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 11:49:51 a.m. - Failed to retrieve Broadband (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 29/06/2012 7:13:38 a.m. | Computer Name = Lincoln-PC | Source = MCUpdate | ID = 0
Description = 11:13:38 p.m. - Error connecting to the internet. 11:13:38 p.m. -
Unable to contact server..

[ System Events ]
Error - 10/09/2012 11:39:40 p.m. | Computer Name = Lincoln-PC | Source = Service Control Manager | ID = 7023
Description = The IP Helper service terminated with the following error: %%126

Error - 10/09/2012 11:42:05 p.m. | Computer Name = Lincoln-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/09/2012 11:43:00 p.m. | Computer Name = Lincoln-PC | Source = DCOM | ID = 10016
Description =

Error - 10/09/2012 11:44:00 p.m. | Computer Name = Lincoln-PC | Source = DCOM | ID = 10016
Description =

Error - 10/09/2012 11:46:59 p.m. | Computer Name = Lincoln-PC | Source = Service Control Manager | ID = 7023
Description = The IP Helper service terminated with the following error: %%126

Error - 10/09/2012 11:50:20 p.m. | Computer Name = Lincoln-PC | Source = DCOM | ID = 10016
Description =

Error - 10/09/2012 11:51:20 p.m. | Computer Name = Lincoln-PC | Source = DCOM | ID = 10016
Description =

Error - 10/09/2012 11:53:20 p.m. | Computer Name = Lincoln-PC | Source = DCOM | ID = 10016
Description =

Error - 10/09/2012 11:57:20 p.m. | Computer Name = Lincoln-PC | Source = DCOM | ID = 10016
Description =

Error - 11/09/2012 12:05:20 a.m. | Computer Name = Lincoln-PC | Source = DCOM | ID = 10016
Description =


< End of report >
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm

Re: Virus in windows/system32/services.exe

Unread postby Gary R » September 11th, 2012, 5:08 am

Next round ....

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent
uTorrentBar Toolbar
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 33
IObit Malware Fighter
IObit Toolbar v6.2
Smart Defrag 2


Use of P2P is the prime source of most infections.

Old versions of java can be exploited. We'll install the latest version later.

IOBit are a company with a well proven record of stealing other people's copyrighted work and incorporating it into their products.

Reboot your computer when they are all uninstalled.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
SRV - [2012/07/26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
DRV:64bit: - [2010/11/26 17:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q={searchTerms}
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=220512_53all&babsrc=SP_ss&mntrId=809c75b4000000000000687f74f75f77
IE - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
[2012/05/14 18:26:34 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/08/19 18:19:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com
[2011/04/12 19:09:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/17 19:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/06/02 11:47:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/07/18 16:50:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011/08/19 18:18:54 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2012/05/06 13:24:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/05/27 18:45:30 | 000,002,355 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/10/08 18:05:55 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3630749389-2258371352-599158283-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
[2012/09/08 10:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/08/26 10:56:52 | 000,000,000 | ---D | C] -- C:\Users\Domsfriend\AppData\Local\Babylon
[2012/05/06 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\Babylon
[2012/05/27 18:45:55 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\BabylonToolbar
[2012/09/08 11:30:26 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\IObit
[2012/09/09 22:58:43 | 000,000,000 | ---D | M] -- C:\Users\Domsfriend\AppData\Roaming\uTorrent

:Files
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi 
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe --a--c- 3027150 bytes [06:07 08/10/2011] [15:36 04/10/2011] 0276FA170081D222A66109EB26610B36
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par
C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Flp.ilivid.com%2Fimages%2F406.png
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.ilivid.com%2Ffavicon.png
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\lp.ilivid.com.idx 
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\www.ilivid.com.idx
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll 
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe 
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlp.dll 
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlp.xpt 
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF3.dll 
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF4.dll
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF5.dll 
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF6.dll
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF7.dll
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\content\DataMngr.js 
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngrUI.exe 
C:\Windows\Prefetch\DATAMNGRUI.EXE
C:\Program Files (x86)\Windows iLivid Toolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\IObit

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
[-HKEY_CURRENT_USER\Software\SearchCore for Browsers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers]
[-HKEY_CURRENT_USER\Software\SearchCore for Browsers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch]
"Value"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch]
"DefaultValue"=-
[HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers]
[-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[-HKEY_CURRENT_USER\Software\SearchCore for Browsers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA2D3A09-91F8-4BDB-B37B-9B6EC6206556}]
"AppPath"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers]
[-HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\DataMngr_Toolbar]
[-HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers]

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Virus in windows/system32/services.exe

Unread postby knowlze » September 11th, 2012, 6:56 am

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Error: No service named IMFservice was found to stop!
Service\Driver key IMFservice not found.
File C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe not found.
Error: No service named SmartDefragDriver was found to stop!
Service\Driver key SmartDefragDriver not found.
File C:\Windows\SysNative\drivers\SmartDefragDriver.sys not found.
Error: No service named UrlFilter was found to stop!
Service\Driver key UrlFilter not found.
File C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys not found.
Error: No service named RegFilter was found to stop!
Service\Driver key RegFilter not found.
File C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys not found.
Error: No service named FileMonitor was found to stop!
Service\Driver key FileMonitor not found.
File C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\mozilla\Firefox\Profiles\ubkywt8p.default\extensions\engine@conduit.com folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter not found.
File C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PrivitizeVPN deleted successfully.
C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1004\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1004\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\ not found.
C:\Users\Domsfriend\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Domsfriend\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Domsfriend\AppData\Local\Babylon folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\BabylonToolbar\IE folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\BabylonToolbar\FF folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\BabylonToolbar\CR folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\BabylonToolbar folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Domsfriend\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\Domsfriend\AppData\Roaming\uTorrent\ not found.
========== FILES ==========
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat moved successfully.
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.exe moved successfully.
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk moved successfully.
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi moved successfully.
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par moved successfully.
C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res moved successfully.
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk moved successfully.
File\Folder C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.dat not found.
Invalid Switch: 2011] 0276FA170081D222A66109EB26610B36
File\Folder C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.lnk not found.
File\Folder C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.msi not found.
File\Folder C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.par not found.
File\Folder C:\Users\All Users\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}\iLividSetupV1.res not found.
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Flp.ilivid.com%2Fimages%2F406.png moved successfully.
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.ilivid.com%2Ffavicon.png moved successfully.
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\lp.ilivid.com.idx moved successfully.
C:\Users\Domsfriend\AppData\Local\Opera\Opera\icons\www.ilivid.com.idx moved successfully.
File\Folder C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll not found.
File\Folder C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe not found.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlp.dll moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlp.xpt moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF3.dll moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF4.dll moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF5.dll moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF6.dll moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components\DataMngrHlpFF7.dll moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\content\DataMngr.js moved successfully.
File\Folder C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll not found.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngrUI.exe moved successfully.
File\Folder C:\Windows\Prefetch\DATAMNGRUI.EXE not found.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid not found.
File\Folder C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr not found.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\chrome\content folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\chrome folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Log folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Update folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Tweak folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Scroll folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Performance folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\News folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Defrag folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\button folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Border folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default\Boost folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin\Default folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Skin folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\LatestGames folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Language folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Freeware\FreeSoftwareDownload folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Freeware folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Driver folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster\Downloadpath folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_CURRENT_USER\Software\SearchCore for Browsers\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\ not found.
Registry key HKEY_CURRENT_USER\Software\SearchCore for Browsers\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\Files\SelectedSearch not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\SearchCore for Browsers\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA2D3A09-91F8-4BDB-B37B-9B6EC6206556}\\AppPath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchCore for Browsers\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-21-3630749389-2258371352-599158283-1000\Software\SearchCore for Browsers\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Domsfriend
->Temp folder emptied: 4403738 bytes
->Temporary Internet Files folder emptied: 887822 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 54780109 bytes
->Flash cache emptied: 1352 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.61.3 log created on 09112012_225020

Files\Folders moved on Reboot...
C:\Users\Domsfriend\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
knowlze
Member+
 
Posts: 37
Joined: September 8th, 2012, 9:08 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: mAL_rEm018 and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware