Google Redirecting virus, also messes with cookies?

Solved
By Afrosammy
Feb 13, 2013
Topic Status:
Not open for further replies.
  1. I've used MWB to attempt to remove it, but every time it do it comes back at some point less than two hours later. I know EXACTLY how I got it because I was being stupid and careless. There was some music I was downloading, and I mistakenly hit one of the fake "download now" links, and before I noticed the file was different from the others, it was too late. There was some kind of flashplayer installer involved as well.

    Besides redirecting things on google after I click them (but not all the time for some reason), it's also made me unable to access my Gmail account because it says my browsers cookies are disabled. A few other websites tell me this as well despite them definitely being enabled. This not only happens in Firefox, but Internet Explorer as well. Besides that, I haven't noticed it doing anything else odd, but it's probably screwing things up behind the scenes as well. Anywhere, here's the info I need to paste, starting with MWB logs.

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.11.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    afrosammy :: AFROSAMMY-PC [administrator]

    2/11/2013 12:11:21 AM
    mbam-log-2013-02-11 (00-11-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 270729
    Time elapsed: 7 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000032.@ (Trojan.Clicker) -> Quarantined and deleted successfully.

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2
    Run by afrosammy at 1:41:58 on 2013-02-13
    Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8191.5294 [GMT -6:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\AIM\aim.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.108\deploy\LoLLauncher.exe
    C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.239\deploy\LolClient.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN34624778402302316&ctid=CT3268494&SSPV=SP_IENSP06
    uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
    uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SMessaging] C:\Users\afrosammy\AppData\Local\Strongvault Online Backup\SMessaging.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{5CD69964-B7CC-476A-A253-4A530DF3CBD3} : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{CE3735C2-2E93-4DBA-B0BD-3D9E0A48E49E} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{F01E3132-A3E1-4CCC-AE59-A950F4F4B92E} : DHCPNameServer = 7.254.254.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN21817309582264818
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\afrosammy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-02-11 16:24; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-5 8704]
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-11 14456]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-10 283200]
    R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-14 1236968]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-8 3467768]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-10-31 66728]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
    R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2011-9-29 27136]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-19 31232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-11 38096]
    S3 Neo_nic;VPN Client Device Driver - nic;C:\Windows\System32\drivers\Neo_0052.sys [2012-1-20 30072]
    S3 Neo_po;VPN Client Device Driver - po;C:\Windows\System32\drivers\Neo_0112.sys [2012-1-20 30072]
    S3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0049.sys [2012-1-20 30072]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-1-5 20992]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-5 59392]
    S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-19 738152]
    S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-4 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-12 03:01:36 38096 ----a-w- C:\Windows\System32\drivers\gfiark.sys
    2013-02-12 03:00:59 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
    2013-02-12 02:15:55 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\LavasoftStatistics
    2013-02-11 22:26:40 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
    2013-02-11 22:25:54 47496 ----a-w- C:\Windows\System32\sbbd.exe
    2013-02-11 22:25:54 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
    2013-02-11 22:24:46 -------- d-----w- C:\Users\afrosammy\AppData\Local\adawarebp
    2013-02-11 22:24:46 -------- d-----w- C:\ProgramData\blekko toolbars
    2013-02-11 22:24:45 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2013-02-11 22:24:41 -------- d-----w- C:\Program Files (x86)\adawaretb
    2013-02-11 22:24:40 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2013-02-11 22:24:07 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
    2013-02-11 10:47:52 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
    2013-02-11 02:43:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2013-02-09 11:04:51 -------- d-----w- C:\Users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
    2013-02-09 04:52:23 -------- d-----w- C:\Users\afrosammy\AppData\Local\SplitMediaLabs
    2013-02-09 04:50:59 -------- d-----w- C:\ProgramData\SplitMediaLabs
    2013-02-09 04:50:59 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
    2013-02-09 04:50:15 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
    2013-02-06 01:07:16 -------- d-----w- C:\Users\afrosammy\AppData\Local\TERA
    2013-02-05 20:35:13 -------- d-----w- C:\ProgramData\HappyCloud
    2013-02-05 06:33:28 -------- d-----w- C:\Program Files (x86)\Peach Princess
    2013-02-04 04:04:52 -------- d-----w- C:\Users\afrosammy\Spice and Wolf Complete Series
    2013-02-02 22:54:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-02 11:00:26 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\Malwarebytes
    2013-02-02 10:56:33 -------- d-----w- C:\ProgramData\Tarma Installer
    2013-02-02 10:41:15 -------- d-----w- C:\Users\afrosammy\AppData\Local\CRE
    2013-02-02 10:40:10 -------- d-----w- C:\Users\afrosammy\AppData\Local\VisualBeeExe
    2013-02-02 10:39:26 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
    2013-02-02 10:39:09 -------- d-----w- C:\Users\afrosammy\AppData\Local\Stronghold_LLC
    2013-02-02 10:38:56 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2013-02-02 10:38:49 -------- d-----w- C:\ProgramData\VisualBee
    2013-02-02 10:38:11 -------- d-----w- C:\Users\afrosammy\AppData\Local\Coupon Companion Plugin
    2013-01-31 16:42:40 5999736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2013-01-27 04:22:49 -------- d-----w- C:\Users\afrosammy\.swt
    2013-01-26 03:43:02 -------- d-----w- C:\Program Files (x86)\Carpe Fulgur
    .
    ==================== Find3M ====================
    .
    2013-02-08 16:56:40 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-08 16:56:40 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-02 22:54:35 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2013-02-02 22:54:35 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-11 05:24:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-12-11 05:24:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-12-10 21:25:54 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-12-01 04:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-12-01 00:40:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    .
    ============= FINISH: 1:43:22.62 ===============

    Attached Files:

  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  3. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    Incidentally, before checking this thread when I woke up, I did install something and emptied my recycle bin of a few things as well. I also uninstalled them after seeing the reply in the thread. I'll post the FRST first then the Search.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013
    Ran by SYSTEM at 14-02-2013 01:21:40
    Running from E:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" [201608 2012-09-20] (GFI Software)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
    HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1398440 2011-12-14] (Ask)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SMessaging] C:\Users\afrosammy\AppData\Local\Strongvault Online Backup\SMessaging.exe [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-12-11] (Lavasoft)
    HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
    HKLM-x32\...\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" -controlservice -slave [1851088 2013-01-15] (Comodo Security Solutions, Inc.)
    HKU\afrosammy\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [1398680 2012-10-22] (BitTorrent, Inc.)
    HKLM-x32\...\Runonce: [*CA] [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)

    ==================== Services (Whitelisted) ===================

    2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1236968 2012-12-14] (Lavasoft Limited)
    2 CLPSLauncher; "C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe" [70352 2013-01-30] (Comodo Security Solutions Inc.)
    2 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" -service [1851088 2013-01-15] (Comodo Security Solutions, Inc.)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-30] ()
    2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3677000 2012-09-20] (GFI Software)
    2 TeamViewer8; "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe" [3467768 2012-12-14] (TeamViewer GmbH)
    3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [738152 2012-07-19] (Tunngle.net GmbH)
    3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2012-01-04] ()

    ==================== Drivers (Whitelisted) =====================

    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-06] ()
    3 BlackBox; C:\Windows\SysWow64\Drivers\BlackBox.sys [35712 2012-07-18] ()
    1 CFRMD; C:\Windows\SysWow64\Drivers\CFRMD.sys [37976 2012-09-02] (Windows (R) Win 7 DDK provider)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-10] (DT Soft Ltd)
    3 gfiark; C:\Windows\System32\Drivers\gfiark.sys [38096 2012-12-17] (GFI Software)
    0 gfibto; C:\Windows\System32\Drivers\gfibto.sys [14456 2013-02-11] (GFI Software)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
    3 Neo_nic; C:\Windows\System32\DRIVERS\Neo_0052.sys [30072 2012-01-19] (SoftEther Corporation)
    3 Neo_po; C:\Windows\System32\DRIVERS\Neo_0112.sys [30072 2012-01-19] (SoftEther Corporation)
    3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0049.sys [30072 2012-01-19] (SoftEther Corporation)
    3 Normandy; C:\Windows\SysWow64\Drivers\Normandy.sys [34560 2012-07-18] ()
    3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-02-13 23:06 - 2013-02-13 23:06 - 00002047 ____A C:\Users\Public\Desktop\AntiError.lnk
    2013-02-13 23:06 - 2013-02-13 23:06 - 00002043 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
    2013-02-13 22:54 - 2013-02-13 22:54 - 01464189 ____A (Farbar) C:\Users\afrosammy\Downloads\FRST64(2).exe
    2013-02-13 22:17 - 2013-02-13 22:18 - 00000000 ____D C:\Users\All Users\COMODO
    2013-02-13 22:16 - 2013-02-13 23:08 - 00000000 ____D C:\Program Files (x86)\Comodo
    2013-02-13 22:16 - 2013-02-13 22:16 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2013-02-13 22:16 - 2013-02-13 22:16 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2013-02-13 22:16 - 2013-02-13 22:16 - 00000000 ____D C:\Users\All Users\Comodo Downloader
    2013-02-13 22:07 - 2013-02-13 22:14 - 130846192 ____A (COMODO) C:\Users\afrosammy\Downloads\cfw_installer.exe
    2013-02-13 21:47 - 2013-02-13 21:47 - 00005729 ____A C:\Users\afrosammy\Downloads\wsock32.zip
    2013-02-13 21:47 - 2012-03-21 04:40 - 00001110 ____A C:\Users\afrosammy\Desktop\readme.txt
    2013-02-13 21:47 - 2012-01-20 05:54 - 00015360 ____A (Microsoft Corporation) C:\Users\afrosammy\Desktop\wsock32.dll
    2013-02-13 21:46 - 2013-02-13 21:46 - 02398248 ____A (Check Point Software Technologies LTD) C:\Users\afrosammy\Downloads\zafwSetupWeb_110_000_057.exe
    2013-02-13 21:44 - 2013-02-13 21:44 - 02475830 ____A (Sphinx Software ) C:\Users\afrosammy\Downloads\Windows7FirewallControl-Setup-x64.exe
    2013-02-13 21:36 - 2013-02-13 21:36 - 02400736 ____A (Check Point Software Technologies LTD) C:\Users\afrosammy\Downloads\zaSetupWeb_110_000_057.exe
    2013-02-13 18:02 - 2013-02-13 18:03 - 01464189 ____A (Farbar) C:\Users\afrosammy\Downloads\FRST64(1).exe
    2013-02-13 16:15 - 2013-02-13 16:15 - 01464189 ____A (Farbar) C:\Users\afrosammy\Downloads\FRST64.exe
    2013-02-12 23:43 - 2013-02-12 23:51 - 00019628 ____A C:\Users\afrosammy\Desktop\dds.txt
    2013-02-12 23:43 - 2013-02-12 23:51 - 00008433 ____A C:\Users\afrosammy\Desktop\attach.txt
    2013-02-12 23:41 - 2013-02-12 23:41 - 00688992 ____R (Swearware) C:\Users\afrosammy\Desktop\dds.com
    2013-02-12 19:32 - 2013-02-12 19:32 - 00545363 ____A C:\Users\afrosammy\Downloads\Autoruns.zip
    2013-02-12 14:41 - 2013-02-12 14:49 - 22978253 ____A C:\Users\afrosammy\Downloads\Shioyama_Bou,_Shima_Miko_No_Shoya_(www.hentairules.net)_(English).zip
    2013-02-11 19:10 - 2013-02-11 19:10 - 00581631 ____A C:\Users\afrosammy\Desktop\Untitled.wmv
    2013-02-11 19:01 - 2012-12-17 04:43 - 00038096 ____A (GFI Software) C:\Windows\System32\Drivers\gfiark.sys
    2013-02-11 19:00 - 2013-02-11 19:00 - 00000000 ____D C:\Users\All Users\Ad-Aware Antivirus
    2013-02-11 18:15 - 2013-02-11 18:15 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\LavasoftStatistics
    2013-02-11 14:26 - 2013-02-11 19:01 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
    2013-02-11 14:26 - 2013-02-11 14:26 - 00000000 ____D C:\Users\All Users\Lavasoft
    2013-02-11 14:25 - 2013-02-11 14:25 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
    2013-02-11 14:25 - 2012-09-20 03:40 - 00047496 ____A (GFI Software) C:\Windows\System32\sbbd.exe
    2013-02-11 14:24 - 2013-02-11 20:13 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Users\afrosammy\AppData\Local\adawarebp
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Program Files (x86)\adawaretb
    2013-02-11 14:23 - 2013-02-11 14:23 - 06133384 ____A (Lavasoft Limited) C:\Users\afrosammy\Downloads\Adaware_Installer.exe
    2013-02-11 05:57 - 2013-02-11 06:16 - 324668342 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Key of Evil Spirits - 01 [DF69701E].mkv
    2013-02-11 05:30 - 2013-02-11 05:56 - 472840749 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 12 [338B0DF0].mkv
    2013-02-11 05:01 - 2013-02-11 05:29 - 472776405 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 11 [1271FFDC].mkv
    2013-02-11 04:32 - 2013-02-11 05:01 - 472778254 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 10 [7CC38101].mkv
    2013-02-11 03:56 - 2013-02-11 04:31 - 472437037 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 09 [E0459180].mkv
    2013-02-11 03:24 - 2013-02-11 03:56 - 472790003 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 08 [A550C060].mkv
    2013-02-11 02:47 - 2013-02-11 02:47 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
    2013-02-11 02:46 - 2013-02-11 02:47 - 09356704 ____A (CCCP Project ) C:\Users\afrosammy\Downloads\Combined-Community-Codec-Pack-2012-12-30.exe
    2013-02-11 02:29 - 2013-02-11 03:23 - 472797178 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 06 [73D26B1A].mkv
    2013-02-11 02:00 - 2013-02-11 02:29 - 472718403 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 05 [10B9C848].mkv
    2013-02-11 01:13 - 2013-02-11 02:00 - 472631923 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 04 [37566FF8].mkv
    2013-02-11 00:47 - 2013-02-11 01:12 - 472754132 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 03 [CF28B9AA].mkv
    2013-02-11 00:00 - 2013-02-11 00:47 - 472765992 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 02 [F5D471C9].mkv
    2013-02-10 18:43 - 2013-02-10 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-02-10 18:03 - 2013-02-11 00:32 - 472471923 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 01 [72632885].mkv
    2013-02-09 03:04 - 2013-02-09 03:04 - 00000000 ____D C:\Users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
    2013-02-09 02:40 - 2013-02-09 03:29 - 169698202 ____A C:\Users\afrosammy\Downloads\djfapulousfires.rar
    2013-02-08 20:52 - 2013-02-08 20:52 - 00000000 ____D C:\Users\afrosammy\AppData\Local\SplitMediaLabs
    2013-02-08 20:50 - 2013-02-08 20:50 - 00000000 ____D C:\Users\All Users\SplitMediaLabs
    2013-02-08 20:50 - 2013-02-08 20:50 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
    2013-02-08 20:50 - 2013-02-08 20:50 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
    2013-02-08 20:47 - 2013-02-08 20:49 - 38102272 ____A (SplitMediaLabs) C:\Users\afrosammy\Downloads\xsplit_installer_v1.2.1301.2501.exe
    2013-02-07 21:10 - 2013-02-07 21:10 - 00000000 ____D C:\Users\afrosammy\Desktop\playlists
    2013-02-07 19:09 - 2013-02-07 19:10 - 04091677 ____A C:\Users\afrosammy\Downloads\TM_MM.zip
    2013-02-06 14:00 - 2013-02-12 23:36 - 00000000 ____D C:\Users\afrosammy\Desktop\Exist Trace
    2013-02-05 17:07 - 2013-02-05 17:07 - 00000000 ____D C:\Users\afrosammy\AppData\Local\TERA
    2013-02-05 15:22 - 2013-02-05 15:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-02-05 12:35 - 2013-02-12 15:56 - 00000000 ____D C:\Users\All Users\HappyCloud
    2013-02-05 12:33 - 2013-02-05 12:33 - 03725160 ____A C:\Users\afrosammy\Downloads\TERA-Setup-HC.exe
    2013-02-04 22:33 - 2013-02-04 22:33 - 00000000 ____D C:\Program Files (x86)\Peach Princess
    2013-02-04 22:32 - 2013-02-04 22:32 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\InstallShield
    2013-02-04 22:24 - 2013-02-04 22:32 - 27177997 ____A C:\Users\afrosammy\Downloads\Carn,_Otome_Gari_(www.hentairules.net)_(English).zip
    2013-02-04 22:22 - 2013-02-04 22:41 - 113120131 ____A C:\Users\afrosammy\Downloads\John_Sitch-Oh,_Schoolgirl_Encyclopedia_(www.hentairules.net)_(English).zip
    2013-02-04 16:10 - 2013-02-04 22:34 - 00000000 ____D C:\Users\afrosammy\Desktop\dream
    2013-02-03 20:04 - 2013-02-04 08:57 - 00000000 ____D C:\Users\afrosammy\Spice and Wolf Complete Series
    2013-02-02 14:54 - 2013-02-02 14:54 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-02-02 14:54 - 2013-02-02 14:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-02-02 03:00 - 2013-02-02 03:00 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\Malwarebytes
    2013-02-02 02:41 - 2013-02-02 02:41 - 00000000 ____D C:\Users\afrosammy\AppData\Local\CRE
    2013-02-02 02:40 - 2013-02-02 02:44 - 00000000 ____D C:\Users\afrosammy\AppData\Local\VisualBeeExe
    2013-02-02 02:39 - 2013-02-02 03:02 - 00000009 ____A C:\END
    2013-02-02 02:39 - 2013-02-02 02:39 - 00000000 ____D C:\Users\afrosammy\AppData\Local\Stronghold_LLC
    2013-02-02 02:38 - 2013-02-02 02:55 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2013-02-02 02:38 - 2013-02-02 02:44 - 00000000 ____D C:\Users\afrosammy\AppData\Local\Coupon Companion Plugin
    2013-02-02 02:38 - 2013-02-02 02:40 - 00000000 ____D C:\Users\All Users\VisualBee
    2013-02-02 02:38 - 2013-02-02 02:38 - 01126400 ____A ( ) C:\Users\afrosammy\Downloads\EfficientReminderFree-Setup.exe
    2013-02-02 02:37 - 2013-02-02 02:37 - 00635864 ____A C:\Users\afrosammy\Downloads\cbsidlm-tr1_10a-Efficient_Reminder_Free-SEO-10921373.exe
    2013-02-01 19:40 - 2013-02-01 19:44 - 12414260 ____A C:\Users\afrosammy\Downloads\Igumox,_Omocha-kun_To_Onee-san_(www.hentairules.net)_(English).zip
    2013-02-01 16:37 - 2013-02-01 16:37 - 01267154 ____A C:\Users\afrosammy\Downloads\namaroku130114.zip
    2013-02-01 15:21 - 2013-02-01 15:23 - 23631928 ____A C:\Users\afrosammy\Downloads\MaidRPG Starter Resources.zip
    2013-01-31 19:38 - 2013-01-31 19:38 - 00002552 ____A C:\Users\afrosammy\Desktop\shhhh.html
    2013-01-31 19:38 - 2013-01-31 19:38 - 00000000 ____D C:\Users\afrosammy\Desktop\shhhh_files
    2013-01-28 23:53 - 2013-01-28 23:58 - 27264180 ____A C:\Users\afrosammy\Downloads\[Kitani_Sai]_Ahhn_-_Balance.rar
    2013-01-28 23:49 - 2013-01-28 23:55 - 82976045 ____A C:\Users\afrosammy\Downloads\OT_IS.zip
    2013-01-27 04:49 - 2013-01-27 04:51 - 07791370 ____A C:\Users\afrosammy\Desktop\Don't Starve Progress - YouTube.flv
    2013-01-27 00:17 - 2013-01-27 00:17 - 00889416 ____A (Microsoft Corporation) C:\Users\afrosammy\Downloads\dotNetFx40_Full_setup.exe
    2013-01-26 20:22 - 2013-01-26 20:22 - 03112296 ____A C:\Users\afrosammy\Downloads\LeagueofLegends.exe
    2013-01-26 20:22 - 2013-01-26 20:22 - 00000000 ____D C:\Users\afrosammy\.swt
    2013-01-26 18:39 - 2013-01-26 18:39 - 00000032 ____A C:\Users\afrosammy\Desktop\mus.txt
    2013-01-25 19:43 - 2013-01-25 19:43 - 00000000 ____D C:\Program Files (x86)\Carpe Fulgur
    2013-01-22 14:34 - 2013-02-08 20:39 - 24250701 ____A C:\Users\afrosammy\Desktop\MaidRPG Starter Resources.zip
    2013-01-21 19:57 - 2013-01-21 19:57 - 00018708 ____A C:\Users\afrosammy\Downloads\6696300d590ca7cea2de45e60cd6b6766631c5fe.zip
    2013-01-21 19:22 - 2013-01-21 19:22 - 00000000 ____D C:\Users\afrosammy\Documents\Klei
    2013-01-21 00:13 - 2013-01-21 00:13 - 00000136 ____A C:\Users\afrosammy\Desktop\con things.txt
    2013-01-20 00:56 - 2013-01-20 00:56 - 00000019 ____A C:\Users\afrosammy\Desktop\manga.txt
    2013-01-19 23:52 - 2013-01-19 23:52 - 00000386 ____A C:\Users\afrosammy\Desktop\wertgertg.txt
    2013-01-19 22:43 - 2013-01-19 22:46 - 13781527 ____A C:\Users\afrosammy\Downloads\SG_C.zip


    ==================== One Month Modified Files and Folders =======

    2013-02-13 23:14 - 2012-01-03 20:40 - 00077738 ____A C:\Windows\PFRO.log
    2013-02-13 23:14 - 2012-01-03 18:34 - 00000000 ____D C:\Users\All Users\NVIDIA
    2013-02-13 23:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-02-13 23:14 - 2009-07-13 20:51 - 00087399 ____A C:\Windows\setupact.log
    2013-02-13 23:13 - 2012-01-03 19:33 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\BitTorrent
    2013-02-13 23:13 - 2009-07-13 20:45 - 00017040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-02-13 23:13 - 2009-07-13 20:45 - 00017040 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-02-13 23:10 - 2013-02-13 23:10 - 00000000 ____D C:\FRST
    2013-02-13 23:08 - 2013-02-13 22:16 - 00000000 ____D C:\Program Files (x86)\Comodo
    2013-02-13 23:06 - 2013-02-13 23:06 - 00002047 ____A C:\Users\Public\Desktop\AntiError.lnk
    2013-02-13 23:06 - 2013-02-13 23:06 - 00002043 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
    2013-02-13 23:01 - 2012-01-13 22:30 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\Skype
    2013-02-13 22:55 - 2012-09-03 08:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-02-13 22:54 - 2013-02-13 22:54 - 01464189 ____A (Farbar) C:\Users\afrosammy\Downloads\FRST64(2).exe
    2013-02-13 22:50 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-02-13 22:42 - 2012-01-03 23:28 - 00000000 ____D C:\Users\All Users\PMB Files
    2013-02-13 22:42 - 2012-01-03 23:28 - 00000000 ____D C:\Users\afrosammy\AppData\Local\PMB Files
    2013-02-13 22:27 - 2012-05-11 11:12 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000UA.job
    2013-02-13 22:18 - 2013-02-13 22:17 - 00000000 ____D C:\Users\All Users\COMODO
    2013-02-13 22:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
    2013-02-13 22:16 - 2013-02-13 22:16 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2013-02-13 22:16 - 2013-02-13 22:16 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2013-02-13 22:16 - 2013-02-13 22:16 - 00000000 ____D C:\Users\All Users\Comodo Downloader
    2013-02-13 22:14 - 2013-02-13 22:07 - 130846192 ____A (COMODO) C:\Users\afrosammy\Downloads\cfw_installer.exe
    2013-02-13 21:47 - 2013-02-13 21:47 - 00005729 ____A C:\Users\afrosammy\Downloads\wsock32.zip
    2013-02-13 21:46 - 2013-02-13 21:46 - 02398248 ____A (Check Point Software Technologies LTD) C:\Users\afrosammy\Downloads\zafwSetupWeb_110_000_057.exe
    2013-02-13 21:44 - 2013-02-13 21:44 - 02475830 ____A (Sphinx Software ) C:\Users\afrosammy\Downloads\Windows7FirewallControl-Setup-x64.exe
    2013-02-13 21:36 - 2013-02-13 21:36 - 02400736 ____A (Check Point Software Technologies LTD) C:\Users\afrosammy\Downloads\zaSetupWeb_110_000_057.exe
    2013-02-13 18:03 - 2013-02-13 18:02 - 01464189 ____A (Farbar) C:\Users\afrosammy\Downloads\FRST64(1).exe
    2013-02-13 16:15 - 2013-02-13 16:15 - 01464189 ____A (Farbar) C:\Users\afrosammy\Downloads\FRST64.exe
    2013-02-13 02:27 - 2012-05-11 11:12 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000Core.job
    2013-02-12 23:51 - 2013-02-12 23:43 - 00019628 ____A C:\Users\afrosammy\Desktop\dds.txt
    2013-02-12 23:51 - 2013-02-12 23:43 - 00008433 ____A C:\Users\afrosammy\Desktop\attach.txt
    2013-02-12 23:41 - 2013-02-12 23:41 - 00688992 ____R (Swearware) C:\Users\afrosammy\Desktop\dds.com
    2013-02-12 23:36 - 2013-02-06 14:00 - 00000000 ____D C:\Users\afrosammy\Desktop\Exist Trace
    2013-02-12 21:06 - 2013-01-03 02:46 - 00000000 ____D C:\Users\afrosammy\Documents\BloodBowlChaos
    2013-02-12 20:57 - 2012-01-16 19:21 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
    2013-02-12 19:48 - 2012-02-23 23:47 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-02-12 19:32 - 2013-02-12 19:32 - 00545363 ____A C:\Users\afrosammy\Downloads\Autoruns.zip
    2013-02-12 15:56 - 2013-02-05 12:35 - 00000000 ____D C:\Users\All Users\HappyCloud
    2013-02-12 15:54 - 2013-01-04 17:22 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\KudosChatSearch
    2013-02-12 15:18 - 2012-11-22 10:41 - 00000000 ____D C:\Users\afrosammy\Desktop\44
    2013-02-12 15:02 - 2012-01-26 03:49 - 00000000 ____D C:\Users\afrosammy\Torrents
    2013-02-12 14:49 - 2013-02-12 14:41 - 22978253 ____A C:\Users\afrosammy\Downloads\Shioyama_Bou,_Shima_Miko_No_Shoya_(www.hentairules.net)_(English).zip
    2013-02-11 20:13 - 2013-02-11 14:24 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
    2013-02-11 19:10 - 2013-02-11 19:10 - 00581631 ____A C:\Users\afrosammy\Desktop\Untitled.wmv
    2013-02-11 19:01 - 2013-02-11 14:26 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
    2013-02-11 19:00 - 2013-02-11 19:00 - 00000000 ____D C:\Users\All Users\Ad-Aware Antivirus
    2013-02-11 18:15 - 2013-02-11 18:15 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\LavasoftStatistics
    2013-02-11 14:26 - 2013-02-11 14:26 - 00000000 ____D C:\Users\All Users\Lavasoft
    2013-02-11 14:26 - 2012-06-28 14:37 - 00000000 ____D C:\Users\afrosammy\AppData\Local\Downloaded Installations
    2013-02-11 14:25 - 2013-02-11 14:25 - 00014456 ____A (GFI Software) C:\Windows\System32\Drivers\gfibto.sys
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Users\afrosammy\AppData\Local\adawarebp
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
    2013-02-11 14:24 - 2013-02-11 14:24 - 00000000 ____D C:\Program Files (x86)\adawaretb
    2013-02-11 14:24 - 2012-01-03 18:07 - 01363565 ____A C:\Windows\WindowsUpdate.log
    2013-02-11 14:23 - 2013-02-11 14:23 - 06133384 ____A (Lavasoft Limited) C:\Users\afrosammy\Downloads\Adaware_Installer.exe
    2013-02-11 06:16 - 2013-02-11 05:57 - 324668342 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Key of Evil Spirits - 01 [DF69701E].mkv
    2013-02-11 05:57 - 2012-01-03 18:10 - 00000000 ____D C:\users\afrosammy
    2013-02-11 05:56 - 2013-02-11 05:30 - 472840749 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 12 [338B0DF0].mkv
    2013-02-11 05:29 - 2013-02-11 05:01 - 472776405 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 11 [1271FFDC].mkv
    2013-02-11 05:01 - 2013-02-11 04:32 - 472778254 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 10 [7CC38101].mkv
    2013-02-11 04:31 - 2013-02-11 03:56 - 472437037 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 09 [E0459180].mkv
    2013-02-11 03:56 - 2013-02-11 03:24 - 472790003 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 08 [A550C060].mkv
    2013-02-11 03:23 - 2013-02-11 02:29 - 472797178 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 06 [73D26B1A].mkv
    2013-02-11 03:12 - 2012-08-03 03:40 - 00001456 ____A C:\Users\afrosammy\AppData\Local\Adobe Save for Web 12.0 Prefs
    2013-02-11 02:47 - 2013-02-11 02:47 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
    2013-02-11 02:47 - 2013-02-11 02:46 - 09356704 ____A (CCCP Project ) C:\Users\afrosammy\Downloads\Combined-Community-Codec-Pack-2012-12-30.exe
    2013-02-11 02:29 - 2013-02-11 02:00 - 472718403 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 05 [10B9C848].mkv
    2013-02-11 02:00 - 2013-02-11 01:13 - 472631923 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 04 [37566FF8].mkv
    2013-02-11 01:12 - 2013-02-11 00:47 - 472754132 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 03 [CF28B9AA].mkv
    2013-02-11 00:47 - 2013-02-11 00:00 - 472765992 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 02 [F5D471C9].mkv
    2013-02-11 00:32 - 2013-02-10 18:03 - 472471923 ____A C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 01 [72632885].mkv
    2013-02-10 21:20 - 2012-04-26 16:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-02-10 18:43 - 2013-02-10 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-02-10 03:28 - 2012-01-03 22:45 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\vlc
    2013-02-10 01:04 - 2012-09-03 08:28 - 00000364 ____A C:\Windows\Tasks\RegInOut Scheduled Scan - afrosammy.job
    2013-02-09 03:29 - 2013-02-09 02:40 - 169698202 ____A C:\Users\afrosammy\Downloads\djfapulousfires.rar
    2013-02-09 03:04 - 2013-02-09 03:04 - 00000000 ____D C:\Users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
    2013-02-08 20:52 - 2013-02-08 20:52 - 00000000 ____D C:\Users\afrosammy\AppData\Local\SplitMediaLabs
    2013-02-08 20:50 - 2013-02-08 20:50 - 00000000 ____D C:\Users\All Users\SplitMediaLabs
    2013-02-08 20:50 - 2013-02-08 20:50 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
    2013-02-08 20:50 - 2013-02-08 20:50 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
    2013-02-08 20:49 - 2013-02-08 20:47 - 38102272 ____A (SplitMediaLabs) C:\Users\afrosammy\Downloads\xsplit_installer_v1.2.1301.2501.exe
    2013-02-08 20:39 - 2013-01-22 14:34 - 24250701 ____A C:\Users\afrosammy\Desktop\MaidRPG Starter Resources.zip
    2013-02-08 08:56 - 2012-09-03 08:39 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-02-08 08:56 - 2012-09-03 08:39 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-02-07 21:10 - 2013-02-07 21:10 - 00000000 ____D C:\Users\afrosammy\Desktop\playlists
    2013-02-07 19:10 - 2013-02-07 19:09 - 04091677 ____A C:\Users\afrosammy\Downloads\TM_MM.zip
    2013-02-06 07:57 - 2012-01-13 22:30 - 00000000 ____D C:\Users\All Users\Skype
    2013-02-05 17:07 - 2013-02-05 17:07 - 00000000 ____D C:\Users\afrosammy\AppData\Local\TERA
    2013-02-05 15:22 - 2013-02-05 15:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-02-05 12:33 - 2013-02-05 12:33 - 03725160 ____A C:\Users\afrosammy\Downloads\TERA-Setup-HC.exe
    2013-02-04 22:41 - 2013-02-04 22:22 - 113120131 ____A C:\Users\afrosammy\Downloads\John_Sitch-Oh,_Schoolgirl_Encyclopedia_(www.hentairules.net)_(English).zip
    2013-02-04 22:35 - 2012-01-03 19:01 - 00441399 ____A C:\Windows\DirectX.log
    2013-02-04 22:34 - 2013-02-04 16:10 - 00000000 ____D C:\Users\afrosammy\Desktop\dream
    2013-02-04 22:33 - 2013-02-04 22:33 - 00000000 ____D C:\Program Files (x86)\Peach Princess
    2013-02-04 22:33 - 2012-01-03 18:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-02-04 22:32 - 2013-02-04 22:32 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\InstallShield
    2013-02-04 22:32 - 2013-02-04 22:24 - 27177997 ____A C:\Users\afrosammy\Downloads\Carn,_Otome_Gari_(www.hentairules.net)_(English).zip
    2013-02-04 08:57 - 2013-02-03 20:04 - 00000000 ____D C:\Users\afrosammy\Spice and Wolf Complete Series
    2013-02-02 22:06 - 2013-01-14 12:40 - 00000000 ____D C:\Users\afrosammy\Desktop\Pastagame
    2013-02-02 18:26 - 2013-01-14 10:22 - 00000000 ____D C:\Users\afrosammy\Documents\Pasta Game
    2013-02-02 14:54 - 2013-02-02 14:54 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-02-02 14:54 - 2013-02-02 14:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-02-02 14:54 - 2012-11-10 16:52 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-02-02 14:54 - 2012-11-10 16:52 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-02-02 14:54 - 2012-05-22 16:24 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
    2013-02-02 14:54 - 2012-01-05 16:18 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-02-02 14:54 - 2012-01-05 16:18 - 00000000 ____D C:\Program Files (x86)\Java
    2013-02-02 04:39 - 2012-11-04 15:13 - 00000000 ____D C:\Program Files (x86)\The Binding of Isaac
    2013-02-02 04:39 - 2012-09-08 15:54 - 00000000 ____D C:\Program Files (x86)\Home
    2013-02-02 03:03 - 2012-01-03 19:34 - 00000000 ____D C:\Users\afrosammy\AppData\Local\Conduit
    2013-02-02 03:02 - 2013-02-02 02:39 - 00000009 ____A C:\END
    2013-02-02 03:00 - 2013-02-02 03:00 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\Malwarebytes
    2013-02-02 02:55 - 2013-02-02 02:38 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2013-02-02 02:44 - 2013-02-02 02:40 - 00000000 ____D C:\Users\afrosammy\AppData\Local\VisualBeeExe
    2013-02-02 02:44 - 2013-02-02 02:38 - 00000000 ____D C:\Users\afrosammy\AppData\Local\Coupon Companion Plugin
    2013-02-02 02:41 - 2013-02-02 02:41 - 00000000 ____D C:\Users\afrosammy\AppData\Local\CRE
    2013-02-02 02:40 - 2013-02-02 02:38 - 00000000 ____D C:\Users\All Users\VisualBee
    2013-02-02 02:39 - 2013-02-02 02:39 - 00000000 ____D C:\Users\afrosammy\AppData\Local\Stronghold_LLC
    2013-02-02 02:38 - 2013-02-02 02:38 - 01126400 ____A ( ) C:\Users\afrosammy\Downloads\EfficientReminderFree-Setup.exe
    2013-02-02 02:37 - 2013-02-02 02:37 - 00635864 ____A C:\Users\afrosammy\Downloads\cbsidlm-tr1_10a-Efficient_Reminder_Free-SEO-10921373.exe
    2013-02-02 02:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
    2013-02-01 19:44 - 2013-02-01 19:40 - 12414260 ____A C:\Users\afrosammy\Downloads\Igumox,_Omocha-kun_To_Onee-san_(www.hentairules.net)_(English).zip
    2013-02-01 16:37 - 2013-02-01 16:37 - 01267154 ____A C:\Users\afrosammy\Downloads\namaroku130114.zip
    2013-02-01 15:23 - 2013-02-01 15:21 - 23631928 ____A C:\Users\afrosammy\Downloads\MaidRPG Starter Resources.zip
    2013-01-31 19:38 - 2013-01-31 19:38 - 00002552 ____A C:\Users\afrosammy\Desktop\shhhh.html
    2013-01-31 19:38 - 2013-01-31 19:38 - 00000000 ____D C:\Users\afrosammy\Desktop\shhhh_files
    2013-01-29 01:15 - 2012-12-26 21:30 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\Tropico 4
    2013-01-28 23:58 - 2013-01-28 23:53 - 27264180 ____A C:\Users\afrosammy\Downloads\[Kitani_Sai]_Ahhn_-_Balance.rar
    2013-01-28 23:55 - 2013-01-28 23:49 - 82976045 ____A C:\Users\afrosammy\Downloads\OT_IS.zip
    2013-01-27 19:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-01-27 04:51 - 2013-01-27 04:49 - 07791370 ____A C:\Users\afrosammy\Desktop\Don't Starve Progress - YouTube.flv
    2013-01-27 04:30 - 2012-01-13 22:30 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-01-27 00:17 - 2013-01-27 00:17 - 00889416 ____A (Microsoft Corporation) C:\Users\afrosammy\Downloads\dotNetFx40_Full_setup.exe
    2013-01-26 20:22 - 2013-01-26 20:22 - 03112296 ____A C:\Users\afrosammy\Downloads\LeagueofLegends.exe
    2013-01-26 20:22 - 2013-01-26 20:22 - 00000000 ____D C:\Users\afrosammy\.swt
    2013-01-26 18:56 - 2012-06-14 08:35 - 00000000 ____D C:\users\Guest
    2013-01-26 18:56 - 2012-03-05 21:26 - 00000000 ____D C:\Users\afrosammy\AppData\Roaming\puush
    2013-01-26 18:56 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
    2013-01-26 18:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-01-26 18:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
    2013-01-26 18:39 - 2013-01-26 18:39 - 00000032 ____A C:\Users\afrosammy\Desktop\mus.txt
    2013-01-25 19:43 - 2013-01-25 19:43 - 00000000 ____D C:\Program Files (x86)\Carpe Fulgur
    2013-01-22 02:17 - 2012-02-03 08:50 - 00000000 ____D C:\Nexon
    2013-01-21 19:57 - 2013-01-21 19:57 - 00018708 ____A C:\Users\afrosammy\Downloads\6696300d590ca7cea2de45e60cd6b6766631c5fe.zip
    2013-01-21 19:22 - 2013-01-21 19:22 - 00000000 ____D C:\Users\afrosammy\Documents\Klei
    2013-01-21 17:35 - 2012-01-17 09:34 - 00006656 ____A C:\Users\afrosammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-01-21 00:13 - 2013-01-21 00:13 - 00000136 ____A C:\Users\afrosammy\Desktop\con things.txt
    2013-01-20 00:56 - 2013-01-20 00:56 - 00000019 ____A C:\Users\afrosammy\Desktop\manga.txt
    2013-01-19 23:52 - 2013-01-19 23:52 - 00000386 ____A C:\Users\afrosammy\Desktop\wertgertg.txt
    2013-01-19 22:46 - 2013-01-19 22:43 - 13781527 ____A C:\Users\afrosammy\Downloads\SG_C.zip

    ZeroAccess:
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\@
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\L
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\L\00000004.@
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\L\201d3dde
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\L\76603ac3
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000004.@
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000008.@
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\000000cb.@
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000000.@
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000032.@
    C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-02-12 15:57:22

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8191.12 MB
    Available physical RAM: 7388.88 MB
    Total Pagefile: 8189.27 MB
    Available Pagefile: 7378.21 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:159.58 GB) NTFS
    2 Drive e: (KS) (Removable) (Total:3.65 GB) (Free:3.65 GB) FAT32
    3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    4 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 3745 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 8186E052

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 465 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: C3072E18

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3741 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E KS FAT32 Removable 3741 MB Healthy

    =========================================================

    Last Boot: 2013-02-13 04:50

    ==================== End Of Log =============================


    Farbar Recovery Scan Tool (x64) Version: 12-02-2013
    Ran by SYSTEM at 2013-02-14 01:23:28
    Running from E:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  5. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    Everything seems to be back to normal, thanks a ton. I'm definitely going to have to be more careful when I go on download sprees.
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next steps to search for leftover malware and rootkits, redirects:

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    Oddly enough, this fix caused my Firewall to start working, and it hasn't worked since I installed windows. I assumed it was because this wasn't a legit copy.

    ComboFix 13-02-13.02 - afrosammy 4/2013 Thu 16:25:50.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8191.6037 [GMT -6:00]
    Running from: c:\users\afrosammy\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-14 to 2013-02-14 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-14 22:38 . 2013-02-14 22:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-02-14 22:38 . 2013-02-14 22:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2013-02-14 22:38 . 2013-02-14 22:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-14 07:10 . 2013-02-14 07:10 -------- d-----w- C:\FRST
    2013-02-14 06:17 . 2013-02-14 06:18 -------- d-----w- c:\programdata\COMODO
    2013-02-14 06:16 . 2013-02-14 07:46 -------- d-----w- c:\program files (x86)\Comodo
    2013-02-14 06:16 . 2013-02-14 06:16 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-02-14 06:16 . 2013-02-14 06:16 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2013-02-14 06:16 . 2013-02-14 06:16 -------- d-----w- c:\programdata\Comodo Downloader
    2013-02-12 03:01 . 2012-12-17 12:43 38096 ----a-w- c:\windows\system32\drivers\gfiark.sys
    2013-02-12 03:00 . 2013-02-12 03:00 -------- d-----w- c:\programdata\Ad-Aware Antivirus
    2013-02-12 02:15 . 2013-02-12 02:15 -------- d-----w- c:\users\afrosammy\AppData\Roaming\LavasoftStatistics
    2013-02-11 22:26 . 2013-02-11 22:26 -------- d-----w- c:\programdata\Lavasoft
    2013-02-11 22:26 . 2013-02-12 03:01 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
    2013-02-11 22:25 . 2013-02-11 22:25 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-02-11 22:25 . 2012-09-20 11:40 47496 ----a-w- c:\windows\system32\sbbd.exe
    2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\users\afrosammy\AppData\Local\adawarebp
    2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\programdata\blekko toolbars
    2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
    2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\program files (x86)\adawaretb
    2013-02-11 22:24 . 2013-02-11 22:24 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2013-02-11 22:24 . 2013-02-12 04:13 -------- d-----w- c:\users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
    2013-02-11 10:47 . 2013-02-11 10:47 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
    2013-02-11 02:43 . 2013-02-11 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2013-02-09 11:04 . 2013-02-09 11:04 -------- d-----w- c:\users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
    2013-02-09 04:52 . 2013-02-09 04:52 -------- d-----w- c:\users\afrosammy\AppData\Local\SplitMediaLabs
    2013-02-09 04:50 . 2013-02-09 04:50 -------- d-----w- c:\programdata\SplitMediaLabs
    2013-02-09 04:50 . 2013-02-09 04:50 -------- d-----w- c:\program files (x86)\SplitMediaLabs
    2013-02-09 04:50 . 2013-02-09 04:50 -------- d-----w- c:\users\afrosammy\AppData\Roaming\SplitMediaLabs
    2013-02-06 01:07 . 2013-02-06 01:07 -------- d-----w- c:\users\afrosammy\AppData\Local\TERA
    2013-02-05 20:35 . 2013-02-12 23:56 -------- d-----w- c:\programdata\HappyCloud
    2013-02-05 06:33 . 2013-02-05 06:33 -------- d-----w- c:\program files (x86)\Peach Princess
    2013-02-05 06:32 . 2013-02-05 06:32 -------- d-----w- c:\users\afrosammy\AppData\Roaming\InstallShield
    2013-02-04 04:04 . 2013-02-04 16:57 -------- d-----w- c:\users\afrosammy\Spice and Wolf Complete Series
    2013-02-02 22:54 . 2013-02-02 22:54 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-02 11:00 . 2013-02-02 11:00 -------- d-----w- c:\users\afrosammy\AppData\Roaming\Malwarebytes
    2013-02-02 10:56 . 2013-02-02 10:59 -------- d-----w- c:\programdata\Tarma Installer
    2013-02-02 10:41 . 2013-02-02 10:41 -------- d-----w- c:\users\afrosammy\AppData\Local\CRE
    2013-02-02 10:40 . 2013-02-02 10:44 -------- d-----w- c:\users\afrosammy\AppData\Local\VisualBeeExe
    2013-02-02 10:39 . 2013-02-02 10:39 -------- d-----w- c:\users\afrosammy\AppData\Local\Stronghold_LLC
    2013-02-02 10:38 . 2013-02-02 10:55 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2013-02-02 10:38 . 2013-02-02 10:40 -------- d-----w- c:\programdata\VisualBee
    2013-02-02 10:38 . 2013-02-02 10:44 -------- d-----w- c:\users\afrosammy\AppData\Local\Coupon Companion Plugin
    2013-01-27 12:30 . 2013-01-27 12:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-01-27 04:22 . 2013-01-27 04:22 -------- d-----w- c:\users\afrosammy\.swt
    2013-01-26 03:43 . 2013-01-26 03:43 -------- d-----w- c:\program files (x86)\Carpe Fulgur
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-08 16:56 . 2012-09-03 16:39 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-08 16:56 . 2012-09-03 16:39 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-02 22:54 . 2012-05-23 00:24 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2013-02-02 22:54 . 2012-01-06 00:18 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-12-14 22:49 . 2013-01-10 03:05 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-11 05:24 . 2012-12-01 00:40 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-12-11 05:24 . 2012-01-19 16:04 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-12-10 21:25 . 2012-01-19 16:04 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-12-03 15:47 . 2012-12-19 06:53 9271352 ----a-w- c:\windows\system32\nvcuda.dll
    2012-12-03 15:47 . 2012-12-19 06:53 841272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-12-03 15:47 . 2012-12-19 06:53 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-12-03 15:47 . 2012-12-19 06:53 7446192 ----a-w- c:\windows\system32\nvopencl.dll
    2012-12-03 15:47 . 2012-12-19 06:53 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2012-12-03 15:47 . 2012-12-19 06:53 2784104 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-12-03 15:47 . 2012-12-19 06:53 26811240 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-12-03 15:47 . 2012-12-19 06:53 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-12-03 15:47 . 2012-12-19 06:53 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-12-03 15:47 . 2012-12-19 06:53 245432 ----a-w- c:\windows\system32\nvinitx.dll
    2012-12-03 15:47 . 2012-12-19 06:53 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-12-03 15:47 . 2012-12-19 06:53 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-12-03 15:47 . 2012-12-19 06:53 201136 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-12-03 15:47 . 2012-12-19 06:53 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-12-03 15:47 . 2012-12-19 06:53 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-12-03 15:47 . 2012-12-19 06:53 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-12-03 15:47 . 2012-12-19 06:53 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-12-03 15:47 . 2012-11-23 06:30 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-12-03 15:47 . 2012-08-17 00:42 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-12-03 15:47 . 2012-08-17 00:42 2816824 ----a-w- c:\windows\system32\nvapi64.dll
    2012-12-03 15:47 . 2012-08-17 00:42 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-12-03 15:47 . 2012-08-17 00:42 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-12-03 15:47 . 2012-08-17 00:42 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-12-03 15:47 . 2012-01-04 02:41 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-12-03 15:47 . 2012-01-04 02:41 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-12-01 05:49 . 2012-08-17 00:43 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-12-01 05:49 . 2012-08-17 00:29 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-12-01 05:49 . 2012-08-17 00:29 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-12-01 05:49 . 2012-08-17 00:29 890216 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-12-01 05:48 . 2012-08-17 00:29 6223208 ----a-w- c:\windows\system32\nvcpl.dll
    2012-12-01 05:48 . 2012-08-17 00:29 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-12-01 04:43 . 2012-12-01 04:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-12-01 00:40 . 2012-01-19 16:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-12-14 21:51 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-22 1398680]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 BlackBox;BlackBox SR2; [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096]
    R3 Neo_nic;VPN Client Device Driver - nic;c:\windows\system32\DRIVERS\Neo_0052.sys [2012-01-20 30072]
    R3 Neo_po;VPN Client Device Driver - po;c:\windows\system32\DRIVERS\Neo_0112.sys [2012-01-20 30072]
    R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0049.sys [2012-01-20 30072]
    R3 Normandy;Normandy SR2; [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-04 1255736]
    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-11 14456]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-10 283200]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-15 1236968]
    S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 82872]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-11-01 66728]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
    S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2011-09-29 27136]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 16:56]
    .
    2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000Core.job
    - c:\users\afrosammy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 19:12]
    .
    2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000UA.job
    - c:\users\afrosammy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11 19:12]
    .
    2013-02-10 c:\windows\Tasks\RegInOut Scheduled Scan - afrosammy.job
    - c:\program files (x86)\RegInOut\RegInOut.exe [2011-12-30 08:33]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2012-09-20 201608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN34624778402302316&ctid=CT3268494&SSPV=SP_IENSP06
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
    FF - ProfilePath - c:\users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN21817309582264818
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
    FF - ExtSQL: 2013-02-11 16:24; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
    Wow6432Node-HKLM-Run-SMessaging - c:\users\afrosammy\AppData\Local\Strongvault Online Backup\SMessaging.exe
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="???楴??汐杵?愠???敗?汐杵? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="???楴??汐杵?愠???敗?汐杵? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-14 16:47:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-14 22:47
    .
    Pre-Run: 170,780,729,344 bytes free
    Post-Run: 175,072,235,520 bytes free
    .
    - - End Of File - - A08D4EFBF3E0BDB83A5D10AE89ABCE7C
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ZeroAccess trojan/rootkit causes a whole host of issues, including disabling your firewall, killing Windows Update, etc.

    Please try Windows Update and let me know how it works. There may be a bit more problems...

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  9. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    Wow, skimming these logs, it looks like I had a lot of crap on my computer. Adware one first.

    # AdwCleaner v2.112 - Logfile created 02/15/2013 at 06:45:37
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : afrosammy - AFROSAMMY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\afrosammy\Downloads\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Deleted : C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\searchplugins\Conduit.xml
    Folder Deleted : C:\Program Files (x86)\adawaretb
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\BitTorrentBar
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\ProgramData\blekko toolbars
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\afrosammy\AppData\Local\Conduit
    Folder Deleted : C:\Users\afrosammy\AppData\Local\Coupon Companion Plugin
    Folder Deleted : C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
    Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\adawaretb
    Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\BitTorrentBar
    Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\afrosammy\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\adawaretb
    Folder Deleted : C:\Users\afrosammy\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32804100-B238-45F4-B15E-C5A2F2F7400B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\BitTorrentBar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5E32ED8-17CF-4ABE-A118-6B9AF9A0E784}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D81FFEAB-BE9F-4B81-A02B-A4E7A9B1B96F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN34624778402302316&ctid=CT3268494&SSPV=SP_IENSP06 --> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\prefs.js

    C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\user.js ... Deleted !

    Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=1[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.1 Customized Web Search");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494[...]
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");
    Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&Sea[...]
    Deleted : user_pref("ct3268494.UserID", "UN21817309582264818");
    Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]
    Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
    Deleted : user_pref("smartbar.machineId", "IQZYQWGDUI4LFW8GMAYCYTWETNRSMVIYI72KL2D+ITCT+DQXZY1FEE/TNNSCWIPKWVP[...]

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Chromium v window_placement_www: {
    bloodbowl-game: {
    com_/: {
    bottom: 670

    File : C:\Users\afrosammy\AppData\Local\Chromium\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [329 octets] - [15/02/2013 06:45:15]
    AdwCleaner[S2].txt - [11469 octets] - [15/02/2013 06:45:37]

    ########## EOF - C:\AdwCleaner[S2].txt - [11530 octets] ##########
  10. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    Also, the windows update worked fine.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.3 (02.12.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by afrosammy on 02/15/2013 Fri at 7:01:18.13
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] hkey_current_user\software\visualbee
    Successfully deleted: [Registry Key] hkey_local_machine\software\visualbee
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



    ~~~ Files

    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\visualbee"
    Successfully deleted: [Folder] "C:\Users\afrosammy\appdata\local\adawarebp"
    Successfully deleted: [Folder] "C:\Users\afrosammy\appdata\local\stronghold_llc"
    Successfully deleted: [Folder] "C:\Users\afrosammy\appdata\local\visualbeeexe"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\afrosammy\AppData\Roaming\mozilla\firefox\profiles\irxpqbgp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    Successfully deleted the following from C:\Users\afrosammy\AppData\Roaming\mozilla\firefox\profiles\irxpqbgp.default\prefs.js

    user_pref("extensions.crossrider.bic", "13c9a7c18a547be5a7b77bc17a239abc");
    user_pref("extensions.jid1-yZwVFzbsyfMrqQ@jetpack.install-event-fired", true);
    Emptied folder: C:\Users\afrosammy\AppData\Roaming\mozilla\firefox\profiles\irxpqbgp.default\minidumps [548 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 02/15/2013 Fri at 7:10:54.41
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent. Let's check for remnants...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
     
  12. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    Eset logs

    C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000000.@ Win64/Sirefef.AW trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000032.@ Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000064.@ a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\RegInOut\engine.dll a variant of Win32/Adware.AntiMalwarePro.AD application cleaned by deleting - quarantined
    C:\Program Files (x86)\RegInOut\RegInOut.exe a variant of Win32/Adware.PCFresher.A application cleaned by deleting - quarantined
    C:\Users\afrosammy\Downloads\cbsidlm-tr1_10a-Efficient_Reminder_Free-SEO-10921373.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How did OTL go? Let me see that once done please. :)
  14. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    OTL logfile created on: 2/16/2013 7:18:34 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\afrosammy\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.47% Memory free
    16.00 Gb Paging File | 14.21 Gb Available in Paging File | 88.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 149.82 Gb Free Space | 32.17% Space Free | Partition Type: NTFS

    Computer Name: AFROSAMMY-PC | User Name: afrosammy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/15 21:47:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afrosammy\Desktop\OTL.exe
    PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    PRC - [2012/12/14 03:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/11/30 18:40:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/02/15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/02/08 10:56:40 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/05 17:22:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
    SRV - [2012/12/14 03:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2012/12/03 09:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/11/30 18:40:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2012/07/19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
    SRV - [2012/06/26 14:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
    SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/02/11 16:25:54 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
    DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
    DRV:64bit: - [2012/10/31 20:43:50 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
    DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/04/10 17:32:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/20 01:10:35 | 000,030,072 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Neo_0112.sys -- (Neo_po)
    DRV:64bit: - [2012/01/20 01:09:36 | 000,030,072 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Neo_0052.sys -- (Neo_nic)
    DRV:64bit: - [2012/01/20 00:12:13 | 000,030,072 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Neo_0049.sys -- (Neo_VPN)
    DRV:64bit: - [2011/11/14 21:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2011/09/29 01:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
    DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/04/20 17:24:54 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:25:46 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2009/12/01 14:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2012/07/18 02:21:04 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
    DRV - [2012/07/18 02:17:13 | 000,035,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\BlackBox.sys -- (BlackBox)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 68 29 52 EF 54 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5
    FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:7.6.0.2
    FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8
    FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google Search&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\afrosammy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\afrosammy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/11 16:24:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/15 06:45:54 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/11 16:24:48 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/15 06:45:54 | 000,000,000 | ---D | M]

    [2012/01/03 21:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Extensions
    [2012/01/03 21:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/01/03 21:34:13 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2013/02/15 07:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions
    [2013/02/08 20:11:12 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    [2012/11/16 00:26:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    [2012/11/10 00:13:04 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    [2012/10/26 16:52:56 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\netvideohunter@netvideohunter.com
    [2013/02/13 21:24:04 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/02/05 17:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/02/06 09:57:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/02/05 17:22:42 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/29 06:01:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 00:43:40 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://search.conduit.com/?CUI=UN16514828533478195&ctid=CT3268494&SearchSource=48&sspv=SP_CHNSP06
    CHR - homepage: http://www.google.com/
    CHR - Extension: No name found = C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: No name found = C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Skype Click to Call = C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
    CHR - Extension: No name found = C:\Users\afrosammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/02/14 16:40:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe (GFI Software)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O4 - HKLM..\RunOnce: [AOLRebootNeeded] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.13.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab (PubPlugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CD69964-B7CC-476A-A253-4A530DF3CBD3}: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE3735C2-2E93-4DBA-B0BD-3D9E0A48E49E}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F01E3132-A3E1-4CCC-AE59-A950F4F4B92E}: DhcpNameServer = 7.254.254.254
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/15 21:47:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\afrosammy\Desktop\OTL.exe
    [2013/02/15 18:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/02/15 07:01:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/15 07:00:59 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/15 03:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2013/02/14 16:47:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/02/14 16:40:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013/02/14 16:20:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/02/14 16:20:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/02/14 16:20:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/02/14 16:19:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/14 16:18:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/02/14 16:17:43 | 005,032,798 | R--- | C] (Swearware) -- C:\Users\afrosammy\Desktop\ComboFix.exe
    [2013/02/14 01:10:50 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/02/14 00:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
    [2013/02/14 00:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2013/02/14 00:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
    [2013/02/14 00:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2013/02/13 01:41:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/02/13 01:41:09 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\afrosammy\Desktop\dds.com
    [2013/02/11 21:01:36 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys
    [2013/02/11 21:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
    [2013/02/11 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\LavasoftStatistics
    [2013/02/11 16:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
    [2013/02/11 16:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2013/02/11 16:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
    [2013/02/11 16:25:54 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
    [2013/02/11 16:25:54 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/02/11 16:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2013/02/11 16:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2013/02/11 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
    [2013/02/11 04:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
    [2013/02/11 04:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
    [2013/02/10 20:43:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2013/02/09 05:04:51 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
    [2013/02/08 22:52:23 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Local\SplitMediaLabs
    [2013/02/08 22:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
    [2013/02/08 22:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
    [2013/02/08 22:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
    [2013/02/08 22:50:15 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
    [2013/02/07 23:10:49 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Desktop\playlists
    [2013/02/06 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Desktop\Exist Trace
    [2013/02/05 19:07:16 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Local\TERA
    [2013/02/05 17:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/02/05 14:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud
    [2013/02/05 00:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Peach Princess
    [2013/02/05 00:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YUMEMIRUKUSURI
    [2013/02/05 00:32:55 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\InstallShield
    [2013/02/04 18:10:06 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Desktop\dream
    [2013/02/03 22:04:52 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Spice and Wolf Complete Series
    [2013/02/02 05:00:26 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Roaming\Malwarebytes
    [2013/02/02 04:41:15 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\AppData\Local\CRE
    [2013/02/02 04:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
    [2013/01/27 06:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/27 06:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/01/27 00:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
    [2013/01/26 22:22:49 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\.swt
    [2013/01/25 21:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carpe Fulgur
    [2013/01/21 21:22:35 | 000,000,000 | ---D | C] -- C:\Users\afrosammy\Documents\Klei
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/16 06:57:58 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/16 06:57:58 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/16 06:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/16 06:27:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000UA.job
    [2013/02/16 04:27:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3290293250-150117656-2269639603-1000Core.job
    [2013/02/15 23:23:27 | 002,248,579 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_15022013_212229.png
    [2013/02/15 21:47:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\afrosammy\Desktop\OTL.exe
    [2013/02/15 17:42:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/15 17:42:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2013/02/15 17:42:32 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/15 17:36:48 | 000,018,286 | ---- | M] () -- C:\Users\afrosammy\Desktop\jaa1gl12bqm344owhhpdpape231515610.3.jpg
    [2013/02/15 06:42:41 | 004,999,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/15 03:13:59 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/15 03:13:59 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/15 03:13:58 | 000,731,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/15 00:11:14 | 000,023,917 | ---- | M] () -- C:\Users\afrosammy\Desktop\bfdhbd.png
    [2013/02/14 21:39:34 | 017,342,897 | ---- | M] () -- C:\Users\afrosammy\Desktop\Untitled.wmv
    [2013/02/14 16:40:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/02/14 16:18:01 | 005,032,798 | R--- | M] (Swearware) -- C:\Users\afrosammy\Desktop\ComboFix.exe
    [2013/02/13 01:41:10 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\afrosammy\Desktop\dds.com
    [2013/02/12 17:29:16 | 001,108,935 | ---- | M] () -- C:\Users\afrosammy\Desktop\245245.PNG
    [2013/02/11 16:25:54 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/02/11 16:19:00 | 000,283,067 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_11022013_171846.png
    [2013/02/11 16:18:38 | 000,006,026 | ---- | M] () -- C:\Users\afrosammy\Desktop\ertreh.PNG
    [2013/02/11 08:16:19 | 324,668,342 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Key of Evil Spirits - 01 [DF69701E].mkv
    [2013/02/11 07:56:11 | 472,840,749 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 12 [338B0DF0].mkv
    [2013/02/11 07:29:55 | 472,776,405 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 11 [1271FFDC].mkv
    [2013/02/11 07:01:12 | 472,778,254 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 10 [7CC38101].mkv
    [2013/02/11 06:31:55 | 472,437,037 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 09 [E0459180].mkv
    [2013/02/11 05:56:24 | 472,790,003 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 08 [A550C060].mkv
    [2013/02/11 05:23:46 | 472,797,178 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 06 [73D26B1A].mkv
    [2013/02/11 05:12:15 | 000,001,456 | ---- | M] () -- C:\Users\afrosammy\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2013/02/11 04:29:10 | 472,718,403 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 05 [10B9C848].mkv
    [2013/02/11 04:00:29 | 472,631,923 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 04 [37566FF8].mkv
    [2013/02/11 03:12:43 | 472,754,132 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 03 [CF28B9AA].mkv
    [2013/02/11 02:47:04 | 472,765,992 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 02 [F5D471C9].mkv
    [2013/02/11 02:32:35 | 472,471,923 | ---- | M] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 01 [72632885].mkv
    [2013/02/10 03:04:51 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - afrosammy.job
    [2013/02/08 22:39:52 | 024,250,701 | ---- | M] () -- C:\Users\afrosammy\Desktop\MaidRPG Starter Resources.zip
    [2013/02/08 19:16:21 | 000,139,155 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_08022013_201632.png
    [2013/02/07 01:15:33 | 000,386,356 | ---- | M] () -- C:\Users\afrosammy\Desktop\waifu.PNG
    [2013/02/02 04:09:19 | 000,116,039 | ---- | M] () -- C:\Users\afrosammy\Desktop\jhgjhg.png
    [2013/02/02 03:34:02 | 000,400,813 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_02022013_043341.png
    [2013/02/01 23:53:01 | 003,462,371 | ---- | M] () -- C:\Users\afrosammy\Desktop\P2010001.JPG
    [2013/02/01 23:45:22 | 000,065,035 | ---- | M] () -- C:\Users\afrosammy\Desktop\dfhgh.png
    [2013/02/01 23:40:26 | 000,194,885 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_02022013_003652.png
    [2013/01/31 23:02:33 | 000,673,482 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_01022013_000217.png
    [2013/01/31 21:41:46 | 000,330,538 | ---- | M] () -- C:\Users\afrosammy\Desktop\forbidden_knowledge.png
    [2013/01/31 01:22:00 | 000,595,562 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_31012013_022159.png
    [2013/01/29 02:10:45 | 000,620,530 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_29012013_031033.png
    [2013/01/29 02:04:13 | 000,656,978 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_29012013_030408.png
    [2013/01/27 23:08:24 | 000,455,800 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_28012013_000816.png
    [2013/01/27 06:51:56 | 007,791,370 | ---- | M] () -- C:\Users\afrosammy\Desktop\Don't Starve Progress - YouTube.flv
    [2013/01/25 03:59:56 | 000,184,665 | ---- | M] () -- C:\Users\afrosammy\Desktop\aetheth.png
    [2013/01/24 19:48:16 | 000,147,806 | ---- | M] () -- C:\Users\afrosammy\Desktop\IMG_24012013_204818.png
    [2013/01/21 23:51:16 | 000,033,977 | ---- | M] () -- C:\Users\afrosammy\Desktop\Untitled.png
    [2013/01/21 19:35:45 | 000,006,656 | ---- | M] () -- C:\Users\afrosammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/21 05:00:04 | 000,626,194 | ---- | M] () -- C:\Users\afrosammy\Desktop\fkunE.jpg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/15 23:22:33 | 002,248,579 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_15022013_212229.png
    [2013/02/15 17:36:47 | 000,018,286 | ---- | C] () -- C:\Users\afrosammy\Desktop\jaa1gl12bqm344owhhpdpape231515610.3.jpg
    [2013/02/15 00:11:06 | 000,023,917 | ---- | C] () -- C:\Users\afrosammy\Desktop\bfdhbd.png
    [2013/02/14 16:20:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/02/14 16:20:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/02/14 16:20:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/02/14 16:20:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/02/14 16:20:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/02/12 17:29:16 | 001,108,935 | ---- | C] () -- C:\Users\afrosammy\Desktop\245245.PNG
    [2013/02/11 21:10:03 | 017,342,897 | ---- | C] () -- C:\Users\afrosammy\Desktop\Untitled.wmv
    [2013/02/11 16:18:44 | 000,283,067 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_11022013_171846.png
    [2013/02/11 16:18:38 | 000,006,026 | ---- | C] () -- C:\Users\afrosammy\Desktop\ertreh.PNG
    [2013/02/11 07:57:06 | 324,668,342 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Key of Evil Spirits - 01 [DF69701E].mkv
    [2013/02/11 07:30:23 | 472,840,749 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 12 [338B0DF0].mkv
    [2013/02/11 07:01:29 | 472,776,405 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 11 [1271FFDC].mkv
    [2013/02/11 06:32:18 | 472,778,254 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 10 [7CC38101].mkv
    [2013/02/11 05:56:50 | 472,437,037 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 09 [E0459180].mkv
    [2013/02/11 05:24:11 | 472,790,003 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 08 [A550C060].mkv
    [2013/02/11 04:29:31 | 472,797,178 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 06 [73D26B1A].mkv
    [2013/02/11 04:00:54 | 472,718,403 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 05 [10B9C848].mkv
    [2013/02/11 03:13:01 | 472,631,923 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 04 [37566FF8].mkv
    [2013/02/11 02:47:24 | 472,754,132 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 03 [CF28B9AA].mkv
    [2013/02/11 02:00:13 | 472,765,992 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 02 [F5D471C9].mkv
    [2013/02/10 20:03:00 | 472,471,923 | ---- | C] () -- C:\Users\afrosammy\[Over-Time] The Hero Yoshihiko and the Demon King's Castle - 01 [72632885].mkv
    [2013/02/08 19:16:18 | 000,139,155 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_08022013_201632.png
    [2013/02/07 01:15:33 | 000,386,356 | ---- | C] () -- C:\Users\afrosammy\Desktop\waifu.PNG
    [2013/02/02 04:09:05 | 000,116,039 | ---- | C] () -- C:\Users\afrosammy\Desktop\jhgjhg.png
    [2013/02/02 03:33:37 | 000,400,813 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_02022013_043341.png
    [2013/02/01 23:52:35 | 003,462,371 | ---- | C] () -- C:\Users\afrosammy\Desktop\P2010001.JPG
    [2013/02/01 23:45:21 | 000,065,035 | ---- | C] () -- C:\Users\afrosammy\Desktop\dfhgh.png
    [2013/02/01 23:40:22 | 000,194,885 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_02022013_003652.png
    [2013/01/31 23:02:26 | 000,673,482 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_01022013_000217.png
    [2013/01/31 21:43:02 | 000,184,665 | ---- | C] () -- C:\Users\afrosammy\Desktop\aetheth.png
    [2013/01/31 21:35:04 | 000,330,538 | ---- | C] () -- C:\Users\afrosammy\Desktop\forbidden_knowledge.png
    [2013/01/31 01:21:56 | 000,595,562 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_31012013_022159.png
    [2013/01/29 02:10:41 | 000,620,530 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_29012013_031033.png
    [2013/01/29 02:04:09 | 000,656,978 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_29012013_030408.png
    [2013/01/27 23:08:18 | 000,455,800 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_28012013_000816.png
    [2013/01/27 06:49:37 | 007,791,370 | ---- | C] () -- C:\Users\afrosammy\Desktop\Don't Starve Progress - YouTube.flv
    [2013/01/24 19:48:14 | 000,147,806 | ---- | C] () -- C:\Users\afrosammy\Desktop\IMG_24012013_204818.png
    [2013/01/22 16:34:14 | 024,250,701 | ---- | C] () -- C:\Users\afrosammy\Desktop\MaidRPG Starter Resources.zip
    [2013/01/21 05:00:03 | 000,626,194 | ---- | C] () -- C:\Users\afrosammy\Desktop\fkunE.jpg
    [2012/09/24 09:15:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
    [2012/09/14 14:50:22 | 000,007,629 | ---- | C] () -- C:\Users\afrosammy\AppData\Local\Resmon.ResmonCfg
    [2012/08/03 05:40:11 | 000,001,456 | ---- | C] () -- C:\Users\afrosammy\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2012/07/18 02:21:04 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
    [2012/07/18 02:16:50 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
    [2012/02/02 21:44:28 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/02/02 21:44:28 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/02/02 21:44:25 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012/02/02 21:44:25 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2012/02/02 21:44:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/01/19 10:04:28 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/01/19 10:04:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/01/17 11:34:24 | 000,006,656 | ---- | C] () -- C:\Users\afrosammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/05/31 00:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2011/05/31 00:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
  15. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/08/01 01:28:06 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\.minecraft
    [2012/07/29 03:45:41 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\.techniclauncher
    [2012/01/19 19:22:49 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Ableton
    [2012/01/03 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\acccore
    [2013/02/11 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
    [2012/12/14 15:26:00 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Audacity
    [2013/02/16 07:17:50 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\BitTorrent
    [2012/04/10 17:34:17 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\DAEMON Tools Pro
    [2012/10/12 14:53:23 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Frogwares
    [2012/08/27 18:46:48 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Gensokyo.org
    [2012/11/04 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Hive Cluster
    [2012/10/31 05:33:48 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Kalypso Media
    [2013/02/12 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\KudosChatSearch
    [2013/01/04 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\KudosChatSearchApp
    [2012/01/16 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Leadertech
    [2012/01/05 02:04:46 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\LolClient
    [2012/05/23 12:00:18 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\LolClient2
    [2012/01/05 05:30:42 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\ManyCam
    [2012/04/23 06:38:59 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Mount&Blade Warband
    [2012/02/27 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\OpenOffice.org
    [2012/01/19 10:04:25 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\PunkBuster
    [2013/01/26 20:56:16 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\puush
    [2012/01/04 02:02:04 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\RenPy
    [2012/06/27 23:36:08 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Screaming Bee
    [2012/08/27 18:46:48 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\ShanghaiAlice
    [2012/07/01 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\six-updater
    [2012/06/28 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\six-zsync
    [2013/02/08 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
    [2012/06/26 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\SystemRequirementsLab
    [2012/04/13 02:51:12 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\TeamViewer
    [2013/01/29 03:15:27 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Tropico 4
    [2012/07/01 17:26:10 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\TS3Client
    [2012/09/24 09:15:22 | 000,000,000 | ---D | M] -- C:\Users\afrosammy\AppData\Roaming\Tunngle

    ========== Purity Check ==========



    < End of report >
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL


    It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  17. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    All processes killed
    ========== OTL ==========
    C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
    C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
    C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
    C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
    C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
    C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
    C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\afrosammy\Desktop\cmd.bat deleted successfully.
    C:\Users\afrosammy\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: afrosammy
    ->Temp folder emptied: 3195004 bytes
    ->Temporary Internet Files folder emptied: 325599990 bytes
    ->Java cache emptied: 266116 bytes
    ->FireFox cache emptied: 474923467 bytes
    ->Google Chrome cache emptied: 235075141 bytes
    ->Flash cache emptied: 83796 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8632576 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 70043803 bytes
    ->Flash cache emptied: 57344 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 326443980 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 232350350 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
    RecycleBin emptied: 2570743545 bytes

    Total Files Cleaned = 4,051.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02162013_102403

    Files\Folders moved on Reboot...
    C:\Users\afrosammy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\sndappv2.log scheduled to be moved on reboot.
    C:\Windows\temp\~DF6B7544B9F59D7AEA.TMP moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  18. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Lavasoft Ad-Aware
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Malwarebytes Anti-Malware version 1.70.0.1100
    JavaFX 2.1.1
    Java(TM) 6 Update 22
    Java(TM) 6 Update 32
    Java 7 Update 13
    Java version out of Date!
    Adobe Flash Player 11.5.502.149
    Adobe Reader 10.1.5 Adobe Reader out of Date!
    Mozilla Firefox (18.0.2)
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Ad-Aware Antivirus AdAwareService.exe
    Ad-Aware Antivirus SBAMSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  19. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    Hm, I seem to have a not-so-important problem now that I've done all this. Videos on most websites won't play until totally loaded.

    Edit: Nevermind, found out the problem.
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Also, remove these two old versions of Java:

    Java(TM) 6 Update 22
    Java(TM) 6 Update 32


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  21. Afrosammy

    Afrosammy Newcomer, in training Topic Starter Posts: 25

    No, I think that's it. Thanks for all the help, I probably would've just had to deal with the crap on my computer without it
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Alrighty, topic solved! √
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.