pallmall
2012-02-01, 07:40
Alright, First symptoms were slow running p/c, popups on Firefox etc. Hours later I was constantly being redirected and could not run any .exe files. On a restart, very long bootup time, booted into windows with all icons gone, start list empty and all other folders were empty (did research, files are still here, just have all been changed to be hidden), also a fake cleaner claiming RAM and HDD errors popped up. Ran and updated Spybot, Mbam and SAS and restarted pc. The fake cleaner is gone now, but symptoms have just gotten worse. Mbam no longer runs. Cannot reinstall any programs (access denied) even as administrator and in safe mode, and even after running rkill. Also, before running dds, I tried to disable teatimer, but again access is denied. I am on the verge of reformatting as usually I can fix these problems myself, but I would really prefer not to. I know I am horribly infected and any help or suggestions would be absolutely welcome. Thanks~
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brandon at 21:22:17 on 2012-01-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1700 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [TeamSpeak Update] rundll32
uRun: [DirectxBackupUpdate] rundll32.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9B694718-5AF3-4500-9782-0C27AD84625B} : DhcpNameServer = 75.75.75.75 75.75.76.76
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111009&q=
FF - prefs.js: network.proxy.ftp - :
FF - prefs.js: network.proxy.http - :
FF - prefs.js: network.proxy.socks - :
FF - prefs.js: network.proxy.ssl - :
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.BabylonToolbar_i.hardId - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15368
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:27:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.funmoods_i.instlDay - 15368
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.12:32:00
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-01 05:10:31 20480 ----a-w- C:\Windows\svchost.exe
2012-02-01 05:10:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-01 04:56:43 -------- d-----w- C:\brandon.exe
2012-02-01 00:52:27 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2012-02-01 00:52:23 -------- d-----w- C:\ProgramData\!SASCORE
2012-02-01 00:52:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-01 00:41:35 98816 ----a-w- C:\Windows\sed.exe
2012-02-01 00:41:35 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-01 00:41:35 256000 ----a-w- C:\Windows\PEV.exe
2012-02-01 00:41:35 208896 ----a-w- C:\Windows\MBR.exe
2012-01-31 23:46:59 -------- d--h--w- C:\Users\Brandon\AppData\Local\{DA4275D3-B039-4672-B880-AFB446A14C11}
2012-01-31 07:35:30 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4842FCAB-1BC9-4409-BA8F-77EDAC36714A}
2012-01-31 07:35:15 -------- d--h--w- C:\Users\Brandon\AppData\Local\{EE36309C-E0AA-4AA9-81D3-361F5177EB4E}
2012-01-31 03:00:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\C156.tmp
2012-01-31 03:00:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\C155.tmp
2012-01-30 18:11:29 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8769003B-DAD0-401E-8BAC-89DBE2854A26}
2012-01-30 18:11:18 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0C3D7A37-6B0F-4B94-BBA7-449C2006CC21}
2012-01-30 05:10:49 -------- d--h--w- C:\Users\Brandon\AppData\Local\{50F709DB-4B70-4337-BB46-65C13CCD16C7}
2012-01-30 05:10:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0018BE5D-2BBD-446D-8532-AA2604855499}
2012-01-29 18:57:32 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1E2A4E38-8EE1-42F6-BC8F-5D2227880425}
2012-01-29 10:38:25 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2012-01-29 10:38:25 497664 ---ha-w- C:\Windows\SysWow64\ac3filter.acm
2012-01-29 10:38:25 -------- d--h--w- C:\Program Files (x86)\AC3Filter
2012-01-29 10:27:54 -------- d--h--w- C:\Users\Brandon\AppData\Local\Babylon
2012-01-29 10:27:51 -------- d--h--w- C:\Users\Brandon\AppData\Roaming\Babylon
2012-01-29 10:27:51 -------- d--h--w- C:\ProgramData\Babylon
2012-01-28 19:43:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8F1B09DB-C544-4DAB-9AC5-DBACC89213C0}
2012-01-28 19:43:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{33C38EED-E54D-476A-B139-DE8FE97BD3CF}
2012-01-28 06:32:34 -------- d--h--w- C:\Users\Brandon\AppData\Local\{74996DF4-2246-4828-8C71-97565216E6CE}
2012-01-28 06:32:24 -------- d--h--w- C:\Users\Brandon\AppData\Local\{95E64F5F-BA57-45CF-9386-A67785AB0AC2}
2012-01-26 19:21:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F804A697-0A39-440D-922E-911A751F18AD}
2012-01-26 19:20:49 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0EBB4DAE-82FF-49A7-B62B-C94F5F97C79B}
2012-01-26 05:38:10 -------- d--h--w- C:\Users\Brandon\AppData\Local\{85EA41E8-9EE0-46F7-84FB-E39E3ECB86D6}
2012-01-26 05:38:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{87AF457A-D773-4E6E-8725-AC8D87F7CFE4}
2012-01-25 23:21:20 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4DFC288E-9A5B-4E00-AFDA-2AC25EB542E9}
2012-01-25 07:55:30 -------- d--h--w- C:\Users\Brandon\riotsGamesLogs
2012-01-24 23:57:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{34FBCC93-4804-45E5-9129-77B5E2AD8059}
2012-01-24 23:57:03 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1AB38624-AFFE-481C-9C65-83E86A36521F}
2012-01-23 21:48:06 -------- d--h--w- C:\Users\Brandon\AppData\Local\{BE6C332D-D11D-4FF5-A369-851644D1D524}
2012-01-23 21:47:56 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8788440E-94B4-4F63-BFE4-EF87CF948ADF}
2012-01-23 04:06:43 -------- d--h--w- C:\Program Files (x86)\MSECache
2012-01-23 01:50:21 -------- d--h--w- C:\Users\Brandon\AppData\Local\{6C32E0BC-E133-496C-87FC-62F248B3E3C2}
2012-01-22 01:13:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{628F6A7D-7ED4-4FCC-B850-3A26654BD941}
2012-01-22 01:13:15 -------- d--h--w- C:\Users\Brandon\AppData\Local\{32E9B7E5-A634-49B6-893A-E7A02067E941}
2012-01-19 21:25:40 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0CD6C223-9268-42A2-918F-067EC558EDF4}
2012-01-19 21:17:48 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1CBEA906-0C0F-4AB1-8B6C-C1231D119253}
2012-01-19 20:29:57 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8C1BAA04-D64E-4925-AD84-B08299401721}
2012-01-18 17:44:29 -------- d--h--w- C:\Users\Brandon\AppData\Local\{721C9A30-D672-4C27-BC83-6881E56AAA3D}
2012-01-18 17:44:17 -------- d--h--w- C:\Users\Brandon\AppData\Local\{447FB3D1-7A61-4573-8173-ACE9E98B07DC}
2012-01-17 15:27:56 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{073D1B73-1554-47FD-8235-A630DA92A708}\mpengine.dll
2012-01-16 17:12:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{2BFE7CAD-A966-4628-87A1-2233718ED820}
2012-01-16 17:12:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{46962A32-3EE6-4052-8C64-7ABAF823B0CB}
2012-01-15 18:05:53 -------- d--h--w- C:\Users\Brandon\AppData\Local\{38395472-272E-4EF4-A2E7-BDEF7248B0D3}
2012-01-15 18:05:41 -------- d--h--w- C:\Users\Brandon\AppData\Local\{47569852-F945-44F5-9809-BC07FDB21AC1}
2012-01-14 19:05:05 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0E223F7E-E53D-42C9-99AF-74A41AEFAD90}
2012-01-14 19:04:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{7733EB6E-E734-4041-8046-A2175CC047E2}
2012-01-14 04:47:11 -------- d--h--w- C:\Users\Brandon\AppData\Local\{927A6DDA-146A-4414-99F6-AA2590EF037E}
2012-01-14 04:47:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{7F3AF032-C3F9-44F0-952B-D352ADF39308}
2012-01-13 02:58:31 -------- d-----w- C:\Windows\System32\appmgmt
2012-01-13 01:56:03 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4379FBE5-CD32-41B8-BC05-CB2C5C549DB4}
2012-01-13 01:55:53 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FDD190EF-FD64-4FC1-A68D-AF44928DC418}
2012-01-12 13:02:06 -------- d--h--w- C:\Users\Brandon\AppData\Local\{A8DB0BC1-5577-431B-8AD9-808921D9145D}
2012-01-12 13:01:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FC3A868F-3393-408C-A256-C7F671AAE3CC}
2012-01-11 21:42:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4B8EFD74-9C68-49C3-9492-6018F132CDE1}
2012-01-11 21:42:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F7B403EE-A17F-48BD-91F1-4020AC0C6BCC}
2012-01-11 05:09:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 05:09:24 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 05:09:24 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 05:09:24 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 05:09:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 05:09:22 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 05:09:20 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 05:09:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 05:04:39 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C909F0D7-77C8-4C16-8C1F-008077A82BBD}
2012-01-11 05:04:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FDEEAD43-8F28-449D-B6A4-28488353BBF8}
2012-01-09 08:10:01 626688 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-09 08:10:01 548864 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-09 08:10:01 479232 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-09 08:10:01 43992 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-09 07:13:17 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FF5AE1F8-5C11-48B4-B2D6-24BDFE050EC4}
2012-01-09 07:13:04 -------- d--h--w- C:\Users\Brandon\AppData\Local\{6FD583B2-488B-4CEE-8FCB-B16C5412E21A}
2012-01-08 01:01:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{2B19C9C4-AC88-4550-939C-6EE7986DA6F1}
2012-01-08 01:01:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8DDF2DA5-120E-4F6B-9A47-03BBDE57D899}
2012-01-06 23:47:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C1AC0144-FB29-4D93-8BAE-571EB2020CEC}
2012-01-06 23:47:43 -------- d--h--w- C:\Users\Brandon\AppData\Local\{E3E3B080-002F-4F1E-910D-0FAE80DBCF23}
2012-01-05 23:06:50 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8FDA20A3-EB9E-4E71-AF26-792F5C621314}
2012-01-05 23:06:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{A84B1332-E094-417E-BBB4-A62D4DD0CB97}
2012-01-04 20:02:16 -------- d--h--w- C:\Users\Brandon\AppData\Local\{CE0C63B0-C87E-4061-A89B-B3AF35AC49F0}
2012-01-04 20:02:05 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F3AF0FC6-C962-4FFD-9D32-A3433B217F29}
2012-01-04 00:05:58 -------- d--h--w- C:\Users\Brandon\AppData\Local\{B1B03262-B741-4A85-9F51-D0CACFF54217}
2012-01-04 00:05:47 -------- d--h--w- C:\Users\Brandon\AppData\Local\{9B7879EE-6CBC-4CEE-A8E0-08E59D4A0DFE}
2012-01-02 18:50:18 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C1DE8E51-2AB0-4767-B961-7C184C8D8DFE}
2012-01-02 18:50:08 -------- d--h--w- C:\Users\Brandon\AppData\Local\{165FB7F3-502B-493F-AD63-3CD2F82D52E4}
.
==================== Find3M ====================
.
2011-12-27 12:36:36 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-12-13 12:18:55 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-12 19:18:20 24576 ----a-w- C:\Windows\System32\drivers\FlyUsb.sys
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:24:40.31 ===============
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Brandon at 21:22:17 on 2012-01-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1700 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Linksys\WUSBF54G\NICServ.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [TeamSpeak Update] rundll32
uRun: [DirectxBackupUpdate] rundll32.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9B694718-5AF3-4500-9782-0C27AD84625B} : DhcpNameServer = 75.75.75.75 75.75.76.76
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [edsHFBJujJjU.exe] C:\ProgramData\edsHFBJujJjU.exe
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADAAMQAwADQANQA2ADQALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0ARgA5AE0ANwBBACsANQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQA"&"prod=90"&"ver=9.0.872
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\b1sw9j6q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111009&q=
FF - prefs.js: network.proxy.ftp - :
FF - prefs.js: network.proxy.http - :
FF - prefs.js: network.proxy.socks - :
FF - prefs.js: network.proxy.ssl - :
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Brandon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.BabylonToolbar_i.hardId - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15368
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:27:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=
FF - user.js: extensions.funmoods_i.id - 5016928c000000000000e0cb4e602de6
FF - user.js: extensions.funmoods_i.instlDay - 15368
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.1
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.12:32:00
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ironto
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-01 05:10:31 20480 ----a-w- C:\Windows\svchost.exe
2012-02-01 05:10:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-01 04:56:43 -------- d-----w- C:\brandon.exe
2012-02-01 00:52:27 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2012-02-01 00:52:23 -------- d-----w- C:\ProgramData\!SASCORE
2012-02-01 00:52:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-01 00:41:35 98816 ----a-w- C:\Windows\sed.exe
2012-02-01 00:41:35 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-01 00:41:35 256000 ----a-w- C:\Windows\PEV.exe
2012-02-01 00:41:35 208896 ----a-w- C:\Windows\MBR.exe
2012-01-31 23:46:59 -------- d--h--w- C:\Users\Brandon\AppData\Local\{DA4275D3-B039-4672-B880-AFB446A14C11}
2012-01-31 07:35:30 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4842FCAB-1BC9-4409-BA8F-77EDAC36714A}
2012-01-31 07:35:15 -------- d--h--w- C:\Users\Brandon\AppData\Local\{EE36309C-E0AA-4AA9-81D3-361F5177EB4E}
2012-01-31 03:00:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\C156.tmp
2012-01-31 03:00:51 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\C155.tmp
2012-01-30 18:11:29 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8769003B-DAD0-401E-8BAC-89DBE2854A26}
2012-01-30 18:11:18 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0C3D7A37-6B0F-4B94-BBA7-449C2006CC21}
2012-01-30 05:10:49 -------- d--h--w- C:\Users\Brandon\AppData\Local\{50F709DB-4B70-4337-BB46-65C13CCD16C7}
2012-01-30 05:10:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0018BE5D-2BBD-446D-8532-AA2604855499}
2012-01-29 18:57:32 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1E2A4E38-8EE1-42F6-BC8F-5D2227880425}
2012-01-29 10:38:25 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2012-01-29 10:38:25 497664 ---ha-w- C:\Windows\SysWow64\ac3filter.acm
2012-01-29 10:38:25 -------- d--h--w- C:\Program Files (x86)\AC3Filter
2012-01-29 10:27:54 -------- d--h--w- C:\Users\Brandon\AppData\Local\Babylon
2012-01-29 10:27:51 -------- d--h--w- C:\Users\Brandon\AppData\Roaming\Babylon
2012-01-29 10:27:51 -------- d--h--w- C:\ProgramData\Babylon
2012-01-28 19:43:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8F1B09DB-C544-4DAB-9AC5-DBACC89213C0}
2012-01-28 19:43:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{33C38EED-E54D-476A-B139-DE8FE97BD3CF}
2012-01-28 06:32:34 -------- d--h--w- C:\Users\Brandon\AppData\Local\{74996DF4-2246-4828-8C71-97565216E6CE}
2012-01-28 06:32:24 -------- d--h--w- C:\Users\Brandon\AppData\Local\{95E64F5F-BA57-45CF-9386-A67785AB0AC2}
2012-01-26 19:21:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F804A697-0A39-440D-922E-911A751F18AD}
2012-01-26 19:20:49 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0EBB4DAE-82FF-49A7-B62B-C94F5F97C79B}
2012-01-26 05:38:10 -------- d--h--w- C:\Users\Brandon\AppData\Local\{85EA41E8-9EE0-46F7-84FB-E39E3ECB86D6}
2012-01-26 05:38:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{87AF457A-D773-4E6E-8725-AC8D87F7CFE4}
2012-01-25 23:21:20 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4DFC288E-9A5B-4E00-AFDA-2AC25EB542E9}
2012-01-25 07:55:30 -------- d--h--w- C:\Users\Brandon\riotsGamesLogs
2012-01-24 23:57:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{34FBCC93-4804-45E5-9129-77B5E2AD8059}
2012-01-24 23:57:03 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1AB38624-AFFE-481C-9C65-83E86A36521F}
2012-01-23 21:48:06 -------- d--h--w- C:\Users\Brandon\AppData\Local\{BE6C332D-D11D-4FF5-A369-851644D1D524}
2012-01-23 21:47:56 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8788440E-94B4-4F63-BFE4-EF87CF948ADF}
2012-01-23 04:06:43 -------- d--h--w- C:\Program Files (x86)\MSECache
2012-01-23 01:50:21 -------- d--h--w- C:\Users\Brandon\AppData\Local\{6C32E0BC-E133-496C-87FC-62F248B3E3C2}
2012-01-22 01:13:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{628F6A7D-7ED4-4FCC-B850-3A26654BD941}
2012-01-22 01:13:15 -------- d--h--w- C:\Users\Brandon\AppData\Local\{32E9B7E5-A634-49B6-893A-E7A02067E941}
2012-01-19 21:25:40 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0CD6C223-9268-42A2-918F-067EC558EDF4}
2012-01-19 21:17:48 -------- d--h--w- C:\Users\Brandon\AppData\Local\{1CBEA906-0C0F-4AB1-8B6C-C1231D119253}
2012-01-19 20:29:57 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8C1BAA04-D64E-4925-AD84-B08299401721}
2012-01-18 17:44:29 -------- d--h--w- C:\Users\Brandon\AppData\Local\{721C9A30-D672-4C27-BC83-6881E56AAA3D}
2012-01-18 17:44:17 -------- d--h--w- C:\Users\Brandon\AppData\Local\{447FB3D1-7A61-4573-8173-ACE9E98B07DC}
2012-01-17 15:27:56 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{073D1B73-1554-47FD-8235-A630DA92A708}\mpengine.dll
2012-01-16 17:12:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{2BFE7CAD-A966-4628-87A1-2233718ED820}
2012-01-16 17:12:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{46962A32-3EE6-4052-8C64-7ABAF823B0CB}
2012-01-15 18:05:53 -------- d--h--w- C:\Users\Brandon\AppData\Local\{38395472-272E-4EF4-A2E7-BDEF7248B0D3}
2012-01-15 18:05:41 -------- d--h--w- C:\Users\Brandon\AppData\Local\{47569852-F945-44F5-9809-BC07FDB21AC1}
2012-01-14 19:05:05 -------- d--h--w- C:\Users\Brandon\AppData\Local\{0E223F7E-E53D-42C9-99AF-74A41AEFAD90}
2012-01-14 19:04:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{7733EB6E-E734-4041-8046-A2175CC047E2}
2012-01-14 04:47:11 -------- d--h--w- C:\Users\Brandon\AppData\Local\{927A6DDA-146A-4414-99F6-AA2590EF037E}
2012-01-14 04:47:00 -------- d--h--w- C:\Users\Brandon\AppData\Local\{7F3AF032-C3F9-44F0-952B-D352ADF39308}
2012-01-13 02:58:31 -------- d-----w- C:\Windows\System32\appmgmt
2012-01-13 01:56:03 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4379FBE5-CD32-41B8-BC05-CB2C5C549DB4}
2012-01-13 01:55:53 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FDD190EF-FD64-4FC1-A68D-AF44928DC418}
2012-01-12 13:02:06 -------- d--h--w- C:\Users\Brandon\AppData\Local\{A8DB0BC1-5577-431B-8AD9-808921D9145D}
2012-01-12 13:01:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FC3A868F-3393-408C-A256-C7F671AAE3CC}
2012-01-11 21:42:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{4B8EFD74-9C68-49C3-9492-6018F132CDE1}
2012-01-11 21:42:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F7B403EE-A17F-48BD-91F1-4020AC0C6BCC}
2012-01-11 05:09:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 05:09:24 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 05:09:24 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 05:09:24 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 05:09:22 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 05:09:22 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 05:09:20 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 05:09:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 05:04:39 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C909F0D7-77C8-4C16-8C1F-008077A82BBD}
2012-01-11 05:04:28 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FDEEAD43-8F28-449D-B6A4-28488353BBF8}
2012-01-09 08:10:01 626688 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-09 08:10:01 548864 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-09 08:10:01 479232 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-09 08:10:01 43992 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-09 07:13:17 -------- d--h--w- C:\Users\Brandon\AppData\Local\{FF5AE1F8-5C11-48B4-B2D6-24BDFE050EC4}
2012-01-09 07:13:04 -------- d--h--w- C:\Users\Brandon\AppData\Local\{6FD583B2-488B-4CEE-8FCB-B16C5412E21A}
2012-01-08 01:01:25 -------- d--h--w- C:\Users\Brandon\AppData\Local\{2B19C9C4-AC88-4550-939C-6EE7986DA6F1}
2012-01-08 01:01:14 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8DDF2DA5-120E-4F6B-9A47-03BBDE57D899}
2012-01-06 23:47:55 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C1AC0144-FB29-4D93-8BAE-571EB2020CEC}
2012-01-06 23:47:43 -------- d--h--w- C:\Users\Brandon\AppData\Local\{E3E3B080-002F-4F1E-910D-0FAE80DBCF23}
2012-01-05 23:06:50 -------- d--h--w- C:\Users\Brandon\AppData\Local\{8FDA20A3-EB9E-4E71-AF26-792F5C621314}
2012-01-05 23:06:38 -------- d--h--w- C:\Users\Brandon\AppData\Local\{A84B1332-E094-417E-BBB4-A62D4DD0CB97}
2012-01-04 20:02:16 -------- d--h--w- C:\Users\Brandon\AppData\Local\{CE0C63B0-C87E-4061-A89B-B3AF35AC49F0}
2012-01-04 20:02:05 -------- d--h--w- C:\Users\Brandon\AppData\Local\{F3AF0FC6-C962-4FFD-9D32-A3433B217F29}
2012-01-04 00:05:58 -------- d--h--w- C:\Users\Brandon\AppData\Local\{B1B03262-B741-4A85-9F51-D0CACFF54217}
2012-01-04 00:05:47 -------- d--h--w- C:\Users\Brandon\AppData\Local\{9B7879EE-6CBC-4CEE-A8E0-08E59D4A0DFE}
2012-01-02 18:50:18 -------- d--h--w- C:\Users\Brandon\AppData\Local\{C1DE8E51-2AB0-4767-B961-7C184C8D8DFE}
2012-01-02 18:50:08 -------- d--h--w- C:\Users\Brandon\AppData\Local\{165FB7F3-502B-493F-AD63-3CD2F82D52E4}
.
==================== Find3M ====================
.
2011-12-27 12:36:36 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-12-13 12:18:55 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-12 19:18:20 24576 ----a-w- C:\Windows\System32\drivers\FlyUsb.sys
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:24:40.31 ===============