TechSpot

Sirefef .AA .W .AN .P .AB being detected by anti-virus help please!

Solved
By Brennan
Jul 14, 2012
Topic Status:
Not open for further replies.
  1. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      [2012/07/05 22:22:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
      [2012/07/05 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
      [2012/07/05 14:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C10A0F99-E347-4810-9CC8-A7EABBB435FA}
      [2012/07/05 14:13:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6B40FE08-5D1F-40F4-8E53-57117E930208}
      [2012/06/28 16:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1F8E927B-8889-4CB5-AC23-C1547454A102}
      [2012/06/28 16:25:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D54BE971-E239-487F-9D1C-DFBB5CA13F05}
      [2012/06/27 11:13:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{09BD7D8B-4489-4270-8858-A75DE8689E6B}
      [2012/06/27 11:12:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1BA0E979-F501-4281-AE03-E813D706815E}
      [2012/07/25 01:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC770009EDE70303F3074F147CE7
      [2012/07/24 15:41:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3AF9414B-43AF-4E4F-AAED-C7D22DAC1E29}
      [2012/07/24 15:41:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2B16D1FC-F499-4A94-A7DA-27A930D0216E}.
      [2012/07/26 15:55:32 | 000,000,000 | ---D | C] -- C:\4470915eeb6b043b763cac9dcc
      CHR - default_search_provider: Search the web (Babylon) (Enabled)
      CHR - default_search_provider: search_url = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
      [2012/07/25 03:18:00 | 000,049,607 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\{3E9BB2A7-62CA-4EFA-A4E6-F6F6168A652D}.XPI
      FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q="
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    Once that's done, run OTL Quick Scan again and post a new log.
  2. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    The OTL Fix log is extremely large (over 2.1 million characters/43 posts) is there some sort of search function app that could find what you need to know like files that failed to move or cannot be found etc.?

    The Babylon search page still comes up in new Firefox tabs.

    OTL logfile created on: 29/07/2012 11:40:57 PM - Run 4
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.87 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.89% Memory free
    7.74 Gb Paging File | 5.78 Gb Available in Paging File | 74.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 28.31 Gb Free Space | 6.08% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/27 06:33:14 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    PRC - [2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/10/11 11:28:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/06/14 23:31:22 | 000,056,320 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\iShutdown.exe
    PRC - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
    PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    PRC - [2010/05/05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/05/05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
    PRC - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
    PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
    PRC - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/27 06:33:13 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    MOD - [2012/07/27 04:55:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/07/27 04:55:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/07/27 04:55:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/07/27 04:55:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/07/27 04:55:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/07/27 04:55:23 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/07/13 17:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/06/20 11:47:10 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/20 11:47:08 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/20 11:47:06 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/06/20 11:47:04 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/20 11:47:02 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/14 23:31:22 | 000,056,320 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\iShutdown.exe
    MOD - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
    MOD - [2010/05/05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
    MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/27 06:33:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/05 20:45:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/12/18 12:21:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/26 16:42:55 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/05/05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/05/05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/05/05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/05/05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/05/05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/05/05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010/05/05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/04/21 18:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 BB 87 4E 84 53 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{5A682723-4FC1-488F-9414-65722B0E0E8C}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\..\SearchScopes\{BC0C2AA9-7FD6-446B-8058-26F32035299C}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ca"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/26 03:18:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/26 03:44:40 | 000,000,000 | ---D | M]

    [2010/12/21 00:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
    [2012/07/29 23:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\extensions
    [2012/07/29 23:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\extensions\staged
    [2012/07/26 03:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/26 00:56:37 | 000,525,861 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2012/06/28 20:54:48 | 000,123,007 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\MAFIAAFIRE@MAFIAAFIRE.COM.XPI
    [2012/07/25 22:17:45 | 000,051,994 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
    [2011/12/07 09:32:00 | 000,017,877 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\VTZILLA@VIRUSTOTAL.COM.XPI
    [2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.ca/
    CHR - default_search_provider: Search the web (Babylon) (Enabled)
    CHR - default_search_provider: search_url = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.ca/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/21 22:57:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
    O4 - HKCU..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe ()
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBEC50A-0523-446D-979C-2166E23665DB}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  3. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/29 01:45:42 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SimCity 4
    [2012/07/26 18:00:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012/07/26 17:29:09 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2012/07/26 17:27:05 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2012/07/26 17:04:55 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/07/26 16:46:01 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012/07/26 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RTL8111BCRTL8112L_LAN_V735222009_Win7
    [2012/07/26 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012/07/26 16:38:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012/07/26 16:32:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/07/26 05:30:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2012/07/26 03:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/07/26 03:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/07/26 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012/07/26 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/07/26 03:41:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/07/26 03:24:14 | 000,773,632 | ---- | C] (Robert Simpson, et al.) -- C:\Users\User\AppData\Roaming\System.Data.SQLite.dll
    [2012/07/26 03:13:18 | 000,886,272 | ---- | C] (Tigzy) -- C:\Users\User\Desktop\WhyIGotInfected.exe
    [2012/07/25 14:39:49 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
    [2012/07/25 04:01:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
    [2012/07/25 02:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/07/25 01:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC770009EDE70303F3074F147CE7
    [2012/07/24 15:14:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/07/24 02:08:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe
    [2012/07/22 23:00:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2012/07/21 23:04:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/21 22:58:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/21 22:48:16 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
    [2012/07/19 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47F569FA-D49F-4BFA-B107-50D6F4646E98}
    [2012/07/19 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{52FCC9BD-51F0-488F-ADF9-E23891FB76AB}
    [2012/07/18 13:39:51 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
    [2012/07/18 13:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
    [2012/07/18 13:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/18 13:31:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/18 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/17 17:45:23 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/17 15:29:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/07/17 15:08:15 | 001,437,107 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
    [2012/07/15 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/15 01:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/15 00:39:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
    [2012/07/14 01:05:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/14 01:05:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/14 01:05:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/14 01:05:26 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/14 01:05:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/12 12:14:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/05 22:24:27 | 000,000,000 | ---D | C] -- C:\MyAudio
    [2012/07/05 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

    ========== Files - Modified Within 30 Days ==========

    [2012/07/29 23:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/29 23:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
    [2012/07/29 23:22:12 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/29 23:22:12 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/29 23:21:56 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/29 23:21:56 | 000,630,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/29 23:21:56 | 000,111,626 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/29 23:14:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/29 23:14:35 | 3119,030,272 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/29 23:14:06 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/29 23:14:06 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/29 23:14:06 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/29 05:16:01 | 000,014,454 | ---- | M] () -- C:\Users\User\Desktop\[isoHunt] The.Way.Of.The.Gun.2000.DVDRip.XviD-DiSSOLVE.torrent
    [2012/07/29 04:54:00 | 000,015,511 | ---- | M] () -- C:\Users\User\Desktop\Glengarry_Glen_Ross_[1992]_HDTVRip_XviD_-_CODY.7243056.TPB.torrent
    [2012/07/29 04:28:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
    [2012/07/29 04:25:59 | 000,065,441 | ---- | M] () -- C:\Users\User\Desktop\[isoHunt] Mystic.River.2003.DVDRip.XViD-BTSFilms.torrent
    [2012/07/26 18:30:37 | 000,300,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/26 18:11:25 | 000,773,632 | ---- | M] (Robert Simpson, et al.) -- C:\Users\User\AppData\Roaming\System.Data.SQLite.dll
    [2012/07/26 16:42:55 | 000,215,040 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012/07/26 16:42:55 | 000,067,584 | ---- | M] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2012/07/26 16:37:59 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2012/07/26 16:29:47 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/07/26 16:25:53 | 001,656,601 | ---- | M] () -- C:\Users\User\Desktop\AiCharger_V10006_XpVistaWin7.zip
    [2012/07/26 03:28:23 | 000,001,437 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/07/26 03:24:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/07/26 03:24:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/07/26 03:19:07 | 000,002,044 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/26 03:13:19 | 000,886,272 | ---- | M] (Tigzy) -- C:\Users\User\Desktop\WhyIGotInfected.exe
    [2012/07/25 14:38:28 | 001,552,384 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
    [2012/07/25 04:39:14 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
    [2012/07/25 04:02:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
    [2012/07/24 20:09:47 | 000,000,055 | ---- | M] () -- C:\Windows\SysWow64\BRDH2270DW.DAT
    [2012/07/24 02:08:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe
    [2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2012/07/21 22:57:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/21 22:48:19 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
    [2012/07/18 13:31:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 15:56:18 | 3224,686,592 | ---- | M] () -- C:\Users\User\Desktop\X15-65733.iso
    [2012/07/17 15:08:15 | 001,437,107 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
    [2012/07/16 09:22:41 | 000,000,212 | ---- | M] () -- C:\Users\User\Desktop\VirHelp.url
    [2012/07/15 01:05:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/15 01:04:42 | 000,735,282 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/15 00:39:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
    [2012/07/14 11:52:17 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\4r3mlo0h.exe
    [2012/07/14 01:20:47 | 522,565,534 | ---- | M] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
    [2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
    [2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
    [2012/07/05 22:22:46 | 000,000,249 | ---- | M] () -- C:\user.js
    [2012/07/05 20:43:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/07/05 20:43:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/07/05 20:43:57 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/07/29 05:16:00 | 000,014,454 | ---- | C] () -- C:\Users\User\Desktop\[isoHunt] The.Way.Of.The.Gun.2000.DVDRip.XviD-DiSSOLVE.torrent
    [2012/07/29 04:53:59 | 000,015,511 | ---- | C] () -- C:\Users\User\Desktop\Glengarry_Glen_Ross_[1992]_HDTVRip_XviD_-_CODY.7243056.TPB.torrent
    [2012/07/29 04:25:57 | 000,065,441 | ---- | C] () -- C:\Users\User\Desktop\[isoHunt] Mystic.River.2003.DVDRip.XViD-BTSFilms.torrent
    [2012/07/26 17:29:51 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2012/07/26 17:29:07 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2012/07/26 17:27:13 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2012/07/26 17:27:12 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2012/07/26 17:27:11 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2012/07/26 16:46:01 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2012/07/26 16:25:52 | 001,656,601 | ---- | C] () -- C:\Users\User\Desktop\AiCharger_V10006_XpVistaWin7.zip
    [2012/07/26 03:42:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/07/26 03:24:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/07/26 03:24:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/07/25 14:38:28 | 001,552,384 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
    [2012/07/25 05:01:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/25 04:39:14 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
    [2012/07/24 20:09:47 | 000,000,055 | ---- | C] () -- C:\Windows\SysWow64\BRDH2270DW.DAT
    [2012/07/18 13:31:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 15:38:12 | 3224,686,592 | ---- | C] () -- C:\Users\User\Desktop\X15-65733.iso
    [2012/07/16 09:22:28 | 000,000,212 | ---- | C] () -- C:\Users\User\Desktop\VirHelp.url
    [2012/07/15 01:04:48 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/14 11:52:15 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\4r3mlo0h.exe
    [2012/07/14 01:14:55 | 522,565,534 | ---- | C] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
    [2012/07/14 01:05:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/14 01:05:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/14 01:05:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/14 01:05:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/14 01:05:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/10 23:19:53 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
    [2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
    [2012/07/05 22:22:45 | 000,000,249 | ---- | C] () -- C:\user.js
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/02/29 05:38:47 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/16 00:38:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2012/02/16 00:38:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2011/03/17 22:07:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/07 04:21:50 | 000,735,282 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/20 17:48:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/12/18 11:47:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/12/18 11:47:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/09/13 13:26:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/09/13 13:26:16 | 000,030,566 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

    ========== LOP Check ==========

    [2012/07/29 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
    [2011/09/22 06:43:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    [2011/09/13 21:56:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
    [2012/06/14 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Day 1 Studios
    [2012/05/26 10:34:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FrostWire
    [2011/12/14 04:39:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
    [2011/12/15 01:05:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
    [2012/05/07 02:46:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker
    [2011/10/27 01:45:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Kawa
    [2011/01/06 06:44:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Regensoft
    [2011/11/12 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\System
    [2012/04/18 02:34:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
    [2011/09/01 00:50:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
    [2011/07/21 17:56:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUpMedia
    [2011/01/19 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
    [2012/01/28 03:10:17 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\wyUpdate AU
    [2012/03/30 22:51:10 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========

    < End of report >
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    No biggie. Looks like a lot of it was fixed anyway.

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
      CHR - default_search_provider: Search the web (Babylon) (Enabled)
      CHR - default_search_provider: search_url = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
  5. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    Here's a random sample chunk of the log. (I made it green for you to be extra helpful :D )
    C:\4470915eeb6b043b763cac9dcc\160f55ef1daf7459e7413ceeb6c422\0a7ed2ce83136752e0d617\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7601.17514_bg-bg_6d516e8e629b8476 folder moved successfully.
    C:\4470915eeb6b043b763cac9dcc\160f55ef1daf7459e7413ceeb6c422\0a7ed2ce83136752e0d617\x86_microsoft-windows-shell32.resources_31bf3856ad364e35_6.1.7601.17514_ar-sa_c7118d05721b331f folder moved successfully.
    C:\4470915eeb6b043b763cac9dcc\160f55ef1daf7459e7413ceeb6c422\0a7ed2ce83136752e0d617\x86_microsoft-windows-shell-setup_31bf3856ad364e35_6.1.7601.17514_none_d4623c9747e247a7 folder moved successfully.
    C:\4470915eeb6b043b763cac9dcc\160f55ef1daf7459e7413ceeb6c422\0a7ed2ce83136752e0d617\x86_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.17514_none_4544cf0e5f20beea folder moved successfully.
    C:\4470915eeb6b043b763cac9dcc\160f55ef1daf7459e7413ceeb6c422\0a7ed2ce83136752e0d617\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85 folder moved successfully.
    C:\4470915eeb6b043b763cac9dcc\160f55ef1daf7459e7413ceeb6c422\0a7ed2ce83136752e0d617\x86_microsoft-windows-shdocvw_31bf3856ad364e35_6.1.7601.17514_none_e97c57706a2846db folder moved successfully.
    C:\4470915eeb6b043b763cac9dcc\160f55ef1daf7459e7413ceeb6c422\0a7ed2ce83136752e0d617\x86_microsoft-windows-shacct_31bf3856ad364e35_6.1.7601.17514_none_c8099d957fb7652d folder moved successfully.

    Here's the end of the log, everything above it was all "folder moved successfully" unless I missed something.

    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi moved successfully.
    Prefs.js: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q=" removed from keyword.URL
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: User
    ->Temp folder emptied: 111042028 bytes
    ->Temporary Internet Files folder emptied: 536171 bytes
    ->Java cache emptied: 213538 bytes
    ->FireFox cache emptied: 23356595 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 57994 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33234 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 129.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07292012_230044

    Files\Folders moved on Reboot...
    C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please go in to Chrome, hit the Tools button (looks like a wrench), and press Settings.

    Now, hit Manage Search Engines. Search for Babylon in the list, select it, and hit the X button on the far right.

    Let me know if you see Babylon.
  7. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    I removed it from the list of Search engines in Chrome. (I don't use Chrome I just had it installed to try it out)

    Babylon still appears as the homepage for Chrome and new tab URL for Firefox.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: User
    ->Temp folder emptied: 25450925 bytes
    ->Temporary Internet Files folder emptied: 306795 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 23269137 bytes
    ->Google Chrome cache emptied: 6414185 bytes
    ->Flash cache emptied: 492 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2336 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 53.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07302012_030054

    Files\Folders moved on Reboot...
    C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next Quick Scan please.
  9. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    OTL logfile created on: 30/07/2012 11:30:30 PM - Run 5
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.87 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.56% Memory free
    7.74 Gb Paging File | 6.07 Gb Available in Paging File | 78.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 28.91 Gb Free Space | 6.21% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/10/11 11:28:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/06/14 23:31:22 | 000,056,320 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\iShutdown.exe
    PRC - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
    PRC - [2011/04/27 09:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files (x86)\Vuze\Azureus.exe
    PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    PRC - [2010/05/05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
    PRC - [2010/05/05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
    PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
    PRC - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
    PRC - [2004/12/02 19:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
    PRC - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/27 04:55:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/07/27 04:55:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/07/27 04:55:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/07/27 04:55:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/07/27 04:55:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/07/27 04:55:23 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/06/20 11:47:10 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/20 11:47:08 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/20 11:47:06 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/06/20 11:47:04 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/20 11:47:02 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/05/25 02:52:14 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
    MOD - [2012/05/25 02:52:14 | 000,015,884 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll
    MOD - [2011/11/17 16:34:36 | 000,028,160 | ---- | M] () -- C:\Users\User\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/14 23:31:22 | 000,056,320 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\iShutdown.exe
    MOD - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
    MOD - [2011/04/27 09:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files (x86)\Vuze\aereg.dll
    MOD - [2010/05/05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
    MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/27 06:33:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/05 20:45:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/12/18 12:21:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/26 16:42:55 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/05/05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/05/05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/05/05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/05/05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/05/05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/05/05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010/05/05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/04/21 18:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 BB 87 4E 84 53 CB 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{5A682723-4FC1-488F-9414-65722B0E0E8C}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\..\SearchScopes\{BC0C2AA9-7FD6-446B-8058-26F32035299C}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ca"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/26 03:18:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/26 03:44:40 | 000,000,000 | ---D | M]

    [2010/12/21 00:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
    [2012/07/29 23:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\extensions
    [2012/07/26 03:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/29 23:43:50 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2012/06/28 20:54:48 | 000,123,007 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\MAFIAAFIRE@MAFIAAFIRE.COM.XPI
    [2012/07/25 22:17:45 | 000,051,994 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
    [2011/12/07 09:32:00 | 000,017,877 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\VTZILLA@VIRUSTOTAL.COM.XPI
    [2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.ca/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
    CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}
    CHR - homepage: http://www.google.ca/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/21 22:57:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
    O4 - HKCU..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe ()
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBEC50A-0523-446D-979C-2166E23665DB}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/29 01:45:42 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SimCity 4
    [2012/07/26 18:00:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012/07/26 17:29:09 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2012/07/26 17:27:05 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2012/07/26 17:04:55 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/07/26 16:46:01 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012/07/26 16:42:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RTL8111BCRTL8112L_LAN_V735222009_Win7
    [2012/07/26 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012/07/26 16:38:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012/07/26 16:32:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/07/26 05:30:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2012/07/26 03:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/07/26 03:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/07/26 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2012/07/26 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/07/26 03:41:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/07/26 03:24:14 | 000,773,632 | ---- | C] (Robert Simpson, et al.) -- C:\Users\User\AppData\Roaming\System.Data.SQLite.dll
    [2012/07/26 03:13:18 | 000,886,272 | ---- | C] (Tigzy) -- C:\Users\User\Desktop\WhyIGotInfected.exe
    [2012/07/25 14:39:49 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
    [2012/07/25 04:01:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
    [2012/07/25 02:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/07/25 01:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC770009EDE70303F3074F147CE7
    [2012/07/24 15:14:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/07/24 02:08:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe
    [2012/07/22 23:00:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2012/07/21 23:04:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/21 22:58:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/21 22:48:16 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
    [2012/07/19 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47F569FA-D49F-4BFA-B107-50D6F4646E98}
    [2012/07/19 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{52FCC9BD-51F0-488F-ADF9-E23891FB76AB}
    [2012/07/18 13:39:51 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
    [2012/07/18 13:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
    [2012/07/18 13:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/18 13:31:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/18 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/17 17:45:23 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/17 15:29:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/07/17 15:08:15 | 001,437,107 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
    [2012/07/15 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/15 01:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/15 00:39:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
    [2012/07/14 01:05:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/14 01:05:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/14 01:05:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/14 01:05:26 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/14 01:05:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/12 12:14:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/05 22:24:27 | 000,000,000 | ---D | C] -- C:\MyAudio
    [2012/07/05 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 23:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/30 23:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
    [2012/07/30 04:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
    [2012/07/30 03:09:27 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 03:09:27 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 03:08:38 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/30 03:08:38 | 000,630,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/30 03:08:38 | 000,111,626 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/30 03:01:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 03:01:48 | 3119,030,272 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 03:01:18 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/30 03:01:18 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/30 03:01:18 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
    [2012/07/30 02:27:30 | 060,869,579 | ---- | M] () -- C:\Users\User\Desktop\Slender_v0_9_5.zip
    [2012/07/30 02:07:16 | 000,001,142 | ---- | M] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk
    [2012/07/29 05:16:01 | 000,014,454 | ---- | M] () -- C:\Users\User\Desktop\[isoHunt] The.Way.Of.The.Gun.2000.DVDRip.XviD-DiSSOLVE.torrent
    [2012/07/29 04:54:00 | 000,015,511 | ---- | M] () -- C:\Users\User\Desktop\Glengarry_Glen_Ross_[1992]_HDTVRip_XviD_-_CODY.7243056.TPB.torrent
    [2012/07/29 04:25:59 | 000,065,441 | ---- | M] () -- C:\Users\User\Desktop\[isoHunt] Mystic.River.2003.DVDRip.XViD-BTSFilms.torrent
    [2012/07/26 18:30:37 | 000,300,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/26 18:11:25 | 000,773,632 | ---- | M] (Robert Simpson, et al.) -- C:\Users\User\AppData\Roaming\System.Data.SQLite.dll
    [2012/07/26 16:42:55 | 000,215,040 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012/07/26 16:42:55 | 000,067,584 | ---- | M] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2012/07/26 16:37:59 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2012/07/26 16:29:47 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/07/26 16:25:53 | 001,656,601 | ---- | M] () -- C:\Users\User\Desktop\AiCharger_V10006_XpVistaWin7.zip
    [2012/07/26 03:28:23 | 000,001,437 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/07/26 03:24:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/07/26 03:24:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/07/26 03:19:07 | 000,002,044 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/26 03:13:19 | 000,886,272 | ---- | M] (Tigzy) -- C:\Users\User\Desktop\WhyIGotInfected.exe
    [2012/07/25 14:38:28 | 001,552,384 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
    [2012/07/25 04:39:14 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
    [2012/07/25 04:02:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
    [2012/07/24 20:09:47 | 000,000,055 | ---- | M] () -- C:\Windows\SysWow64\BRDH2270DW.DAT
    [2012/07/24 02:08:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\User\Desktop\esetsmartinstaller_enu.exe
    [2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2012/07/21 22:57:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/21 22:48:19 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
    [2012/07/18 13:31:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 15:56:18 | 3224,686,592 | ---- | M] () -- C:\Users\User\Desktop\X15-65733.iso
    [2012/07/17 15:08:15 | 001,437,107 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
    [2012/07/16 09:22:41 | 000,000,212 | ---- | M] () -- C:\Users\User\Desktop\VirHelp.url
    [2012/07/15 01:05:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/15 01:04:42 | 000,735,282 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/15 00:39:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
    [2012/07/14 11:52:17 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\4r3mlo0h.exe
    [2012/07/14 01:20:47 | 522,565,534 | ---- | M] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
    [2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
    [2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
    [2012/07/05 22:22:46 | 000,000,249 | ---- | M] () -- C:\user.js
    [2012/07/05 20:43:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/07/05 20:43:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/07/05 20:43:57 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/07/30 02:07:16 | 000,001,142 | ---- | C] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk
    [2012/07/30 01:54:22 | 060,869,579 | ---- | C] () -- C:\Users\User\Desktop\Slender_v0_9_5.zip
    [2012/07/29 05:16:00 | 000,014,454 | ---- | C] () -- C:\Users\User\Desktop\[isoHunt] The.Way.Of.The.Gun.2000.DVDRip.XviD-DiSSOLVE.torrent
    [2012/07/29 04:53:59 | 000,015,511 | ---- | C] () -- C:\Users\User\Desktop\Glengarry_Glen_Ross_[1992]_HDTVRip_XviD_-_CODY.7243056.TPB.torrent
    [2012/07/29 04:25:57 | 000,065,441 | ---- | C] () -- C:\Users\User\Desktop\[isoHunt] Mystic.River.2003.DVDRip.XViD-BTSFilms.torrent
    [2012/07/26 17:29:51 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2012/07/26 17:29:07 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2012/07/26 17:27:13 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2012/07/26 17:27:12 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2012/07/26 17:27:11 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2012/07/26 16:46:01 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
    [2012/07/26 16:25:52 | 001,656,601 | ---- | C] () -- C:\Users\User\Desktop\AiCharger_V10006_XpVistaWin7.zip
    [2012/07/26 03:42:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/07/26 03:24:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/07/26 03:24:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/07/25 14:38:28 | 001,552,384 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
    [2012/07/25 05:01:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/25 04:39:14 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
    [2012/07/24 20:09:47 | 000,000,055 | ---- | C] () -- C:\Windows\SysWow64\BRDH2270DW.DAT
    [2012/07/18 13:31:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/17 15:38:12 | 3224,686,592 | ---- | C] () -- C:\Users\User\Desktop\X15-65733.iso
    [2012/07/16 09:22:28 | 000,000,212 | ---- | C] () -- C:\Users\User\Desktop\VirHelp.url
    [2012/07/15 01:04:48 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/14 11:52:15 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\4r3mlo0h.exe
    [2012/07/14 01:14:55 | 522,565,534 | ---- | C] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
    [2012/07/14 01:05:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/14 01:05:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/14 01:05:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/14 01:05:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/14 01:05:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/10 23:19:53 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
    [2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
    [2012/07/05 22:22:45 | 000,000,249 | ---- | C] () -- C:\user.js
    [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/02/29 05:38:47 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/16 00:38:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2012/02/16 00:38:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2011/03/17 22:07:15 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/07 04:21:50 | 000,735,282 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/20 17:48:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/12/18 11:47:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/12/18 11:47:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/09/13 13:26:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/09/13 13:26:16 | 000,030,566 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

    ========== LOP Check ==========

    [2012/07/30 23:35:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
    [2011/09/22 06:43:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    [2011/09/13 21:56:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
    [2012/06/14 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Day 1 Studios
    [2012/05/26 10:34:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FrostWire
    [2011/12/14 04:39:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
    [2011/12/15 01:05:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice
    [2012/05/07 02:46:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker
    [2011/10/27 01:45:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Kawa
    [2011/01/06 06:44:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Regensoft
    [2011/11/12 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\System
    [2012/04/18 02:34:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
    [2011/09/01 00:50:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
    [2011/07/21 17:56:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUpMedia
    [2011/01/19 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
    [2012/01/28 03:10:17 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\wyUpdate AU
    [2012/03/30 22:51:10 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
  10. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crosrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox
    I looked up "rewards arcade" on goggle and I think it's a spyware thing I thought I got rid of . I had forgotten about it but looking at the log I recognized the name and it reminded me. Here is the old Malewarebytes log if you it helps.

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.08.01

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    User :: USER-PC [administrator]

    Protection: Enabled

    07/02/2012 10:36:52 PM
    mbam-log-2012-02-07 (22-36-52).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 407121
    Time elapsed: 1 hour(s), 3 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Delete on reboot.

    Registry Keys Detected: 11
    HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 29
    C:\Program Files (x86)\RewardsArcade (PUP.RewardsArcade) -> Delete on reboot.
    C:\Users\User\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    Files Detected: 86
    C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Delete on reboot.
    C:\Program Files (x86)\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\User\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    (end)
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Fix it in OTL:
    Open OTL, click the None button and copy and paste this into the Custom Scans/Fixes box, and hit Run Scan:
    Post the log that launches along with the fix log.
     
  12. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    OTL logfile created on: 31/07/2012 2:41:33 PM - Run 6
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 44.74% Memory free
    7.74 Gb Paging File | 5.55 Gb Available in Paging File | 71.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 28.25 Gb Free Space | 6.07% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < %PROGRAMFILES%\*. >
    [2012/07/26 03:42:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2011/07/13 13:13:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
    [2011/01/06 06:44:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
    [2011/10/29 01:56:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
    [2012/02/16 00:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brother
    [2012/02/16 00:38:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Browny02
    [2012/07/26 03:45:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2011/01/16 06:21:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
    [2012/07/05 20:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
    [2012/07/05 20:45:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Installation Information
    [2012/06/26 09:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Diablo III
    [2011/09/01 05:49:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
    [2012/07/29 23:40:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Everything
    [2011/10/27 01:45:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker
    [2011/12/12 10:13:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GOG.com
    [2012/07/26 16:45:59 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/07/26 16:32:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
    [2012/07/26 03:25:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2011/12/14 04:39:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView
    [2012/02/24 05:45:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ishutdown
    [2012/06/17 05:03:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
    [2012/07/26 03:44:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2011/12/15 01:04:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LibreOffice 3.4
    [2012/07/18 13:31:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/15 01:04:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/05/20 03:00:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010/12/18 11:24:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2010/12/18 10:42:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2012/07/26 03:18:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/07/26 03:26:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2012/06/02 00:04:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
    [2010/12/18 11:47:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
    [2012/07/26 03:45:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oracle
    [2012/05/07 02:46:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PacificPoker
    [2012/05/18 22:42:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
    [2012/07/26 19:30:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
    [2011/01/06 06:43:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Red Kawa
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2011/01/06 06:44:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Regensoft
    [2012/04/18 18:19:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
    [2012/07/10 20:28:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
    [2012/07/30 03:02:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
    [2012/04/18 02:34:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
    [2012/07/26 19:30:59 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
    [2012/04/18 03:59:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\trend micro
    [2011/07/22 06:30:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TuneUpMedia
    [2009/07/13 21:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
    [2012/01/28 03:09:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Universe Sandbox
    [2010/12/21 02:40:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
    [2012/01/05 06:45:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
    [2012/07/24 15:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze_Remote
    [2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2012/04/13 23:16:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2012/07/26 18:02:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2012/07/26 18:02:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2012/07/26 18:02:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2012/07/26 18:02:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2012/07/26 18:02:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

    < End of report >
  13. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    First time didn't work. Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox> in the current context!

    So I did it like the other ones.

    OTL by OldTimer - Version 3.2.54.0 log created on 07312012_145417

    All processes killed
    ========== OTL ==========
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: User
    ->Temp folder emptied: 72112 bytes
    ->Temporary Internet Files folder emptied: 78384 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 23193831 bytes
    ->Google Chrome cache emptied: 6836152 bytes
    ->Flash cache emptied: 492 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14394 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49394291 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 76.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07312012_145826

    Files\Folders moved on Reboot...
    C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
  14. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    I found HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox using regedit... can I delete it manually?
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Run this OTL script fix just like normal:


    Remove the following Programs from the Programs list by uninstalling them:

    Conduit - Several open-to-debate toolbars
    Browny02 - Unknown potentially dangerous program
    Full Tilt Poker - Engaged in Ponzi schemes, apparently
    PacificPoker -Engaged in malware distribution

    Post the fix log from OTL once done. Also, let me know if the rogue searches come back.
  16. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com deleted successfully.

    OTL by OldTimer - Version 3.2.54.0 log created on 08012012_153555

    Conduit - wasn't on the list I think I had uninstalled it before, (there was 2 .dll files left in the folder) I deleted it.
    Browny02 - this is a service for my printer if I remove it my printer doesn't work.
    Full Tilt Poker - I had previously uninstalled this so I just removed the folder with the remaining leftovers.
    PacificPoker - Uninstalled successfully.

    I redid the < %PROGRAMFILES%\*. > scan and they are not showing on the list anymore (except Browny02)

    My new tabs still open in Babylon search (Firefox) Chrome allows me to change what new tabs open as. Is there some way to change the new tab URL in Firefox's hidden settings, I forgot how to access them.

    I downloaded an addon to change the URL that opens in new tabs and it did strange things that it wasn't supposed to. (It kept opening new tabs over and over)
  17. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    I opened Firefox's config thing and saw all this stuff.
    [​IMG]
  18. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    I forgot to mention, when I open Task Manager there is no menu options at the top so I can't switch to services or close it normally its just a box with the currently running programs.
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. I'll keep that in mind for whitelisting purposes in the future. ;)

    For Task Manager, this might be related to your issue: http://www.helpmyos.com/t955-vista-7-task-manager-small-or-large-mode

    For Firefox, delete all those entries for Babylon search and Crossrider Apps (good job for finding that)!

    For Chrome, open up chrome://chrome/extensions/ in the address bar of Chrome, and tell me what extensions are installed. I'll let you know if they utilize a search campaign, such as Babylon.
  20. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    The Task Manager thing was what your message said, I just had to double-click it, haha.

    I couldn't delete anything on that list so I just saved my bookmarks and did a fresh install of Firefox, I checked the config menu and no more Babylon or "crossfire", yay! (same with new tabs)

    It says I have no extensions in Chrome (I never really used it except to try it out) I'm probably going to uninstall it after this anyway.

    Thankyou!
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  22. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date HijackThis installed!
    Malwarebytes Anti-Malware version 1.62.0.1300
    HijackThis 2.0.2
    JavaFX 2.1.1
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    Google Chrome 20.0.1132.57
    Google Chrome 21.0.1180.60
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please remove from the Programs list: Java(TM) 6 Update 31 and HijackThis 2.0.2.

    Other than that...good job!

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
  24. Brennan

    Brennan TS Enthusiast Topic Starter Posts: 106

    That seems to be everything thanks a bunch I'd be lost without you ;). One more question though would it be better to use a 3rd party firewall such as Zone Alarm instead of the standard Windows firewall? EDIT: Is it worth the 30 bucks for the full version of maleware bytes?
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Both questions... YES!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.