[Crag_Hack]

Hello ETFoster. Is your OTL Lop Section still bloated with all the random folders? We are going to try to remove the nastiest part of the infection that you have before we do anything else. Please do the following:

• Download aswMBR.exe ( 1870KB ) to your desktop.
• Double click the aswMBR.exe to run it
• It will ask you if you want to download the latest Avast! virus definitions, answer no
  
  
  
• Click the Scan button to start scan
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
aswMBR log

[Advertisements]

Ok here are the aswMBR logs. I didn't see an LOP section in the most recent OTL log I did with your custom scans. If you want I can do another OTL quickscan.


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 15:31:57
-----------------------------
15:31:57.577 OS Version: Windows x64 6.1.7601 Service Pack 1
15:31:57.577 Number of processors: 8 586 0x1E05
15:31:57.578 ComputerName: USER-PC UserName: User
15:32:05.273 Initialize success
15:32:05.815 AVAST engine defs: 12030401
15:32:23.057 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:32:23.063 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
15:32:23.087 Disk 0 MBR read successfully
15:32:23.093 Disk 0 MBR scan
15:32:23.101 Disk 0 Windows 7 default MBR code
15:32:23.109 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
15:32:23.131 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 590476 MB offset 40965750
15:32:23.151 Disk 0 scanning C:\Windows\system32\drivers
15:32:33.149 Service scanning
15:32:59.425 Modules scanning
15:32:59.444 Disk 0 trace - called modules:
15:32:59.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:32:59.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f2790]
15:32:59.853 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> [0xfffffa80063bd800]
15:32:59.865 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c4050]
15:33:01.425 AVAST engine scan C:\Windows
15:33:05.278 AVAST engine scan C:\Windows\system32
15:34:42.593 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
15:34:45.005 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
15:36:06.053 AVAST engine scan C:\Windows\system32\drivers
15:36:19.644 AVAST engine scan C:\Users\User
15:38:42.429 File: C:\Users\User\AppData\Local\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
15:41:36.226 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
15:41:36.254 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 15:42:38
-----------------------------
15:42:38.529 OS Version: Windows x64 6.1.7601 Service Pack 1
15:42:38.529 Number of processors: 8 586 0x1E05
15:42:38.530 ComputerName: USER-PC UserName: User
15:42:40.078 Initialize success
15:42:40.194 AVAST engine defs: 12030401
15:42:44.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:42:44.335 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
15:42:44.446 Disk 0 MBR read successfully
15:42:44.450 Disk 0 MBR scan
15:42:44.454 Disk 0 Windows 7 default MBR code
15:42:44.463 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
15:42:44.484 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 590476 MB offset 40965750
15:42:44.538 Disk 0 scanning C:\Windows\system32\drivers
15:42:56.195 Service scanning
15:43:24.933 Modules scanning
15:43:24.951 Disk 0 trace - called modules:
15:43:24.995 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:43:25.002 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f2790]
15:43:25.337 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> [0xfffffa80063bd800]
15:43:25.344 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c4050]
15:43:38.706 AVAST engine scan C:\Windows
15:43:43.136 AVAST engine scan C:\Windows\system32
15:45:22.081 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
15:45:24.482 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
15:46:46.814 AVAST engine scan C:\Windows\system32\drivers
15:46:59.516 AVAST engine scan C:\Users\User
15:49:19.062 File: C:\Users\User\AppData\Local\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
16:14:52.709 AVAST engine scan C:\ProgramData
16:19:39.319 Scan finished successfully
16:24:37.975 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:24:37.998 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

[ETFoster]

Ok here are the aswMBR logs. I didn't see an LOP section in the most recent OTL log I did with your custom scans. If you want I can do another OTL quickscan.


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 15:31:57
-----------------------------
15:31:57.577 OS Version: Windows x64 6.1.7601 Service Pack 1
15:31:57.577 Number of processors: 8 586 0x1E05
15:31:57.578 ComputerName: USER-PC UserName: User
15:32:05.273 Initialize success
15:32:05.815 AVAST engine defs: 12030401
15:32:23.057 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:32:23.063 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
15:32:23.087 Disk 0 MBR read successfully
15:32:23.093 Disk 0 MBR scan
15:32:23.101 Disk 0 Windows 7 default MBR code
15:32:23.109 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
15:32:23.131 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 590476 MB offset 40965750
15:32:23.151 Disk 0 scanning C:\Windows\system32\drivers
15:32:33.149 Service scanning
15:32:59.425 Modules scanning
15:32:59.444 Disk 0 trace - called modules:
15:32:59.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:32:59.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f2790]
15:32:59.853 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> [0xfffffa80063bd800]
15:32:59.865 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c4050]
15:33:01.425 AVAST engine scan C:\Windows
15:33:05.278 AVAST engine scan C:\Windows\system32
15:34:42.593 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
15:34:45.005 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
15:36:06.053 AVAST engine scan C:\Windows\system32\drivers
15:36:19.644 AVAST engine scan C:\Users\User
15:38:42.429 File: C:\Users\User\AppData\Local\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
15:41:36.226 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
15:41:36.254 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 15:42:38
-----------------------------
15:42:38.529 OS Version: Windows x64 6.1.7601 Service Pack 1
15:42:38.529 Number of processors: 8 586 0x1E05
15:42:38.530 ComputerName: USER-PC UserName: User
15:42:40.078 Initialize success
15:42:40.194 AVAST engine defs: 12030401
15:42:44.330 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:42:44.335 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
15:42:44.446 Disk 0 MBR read successfully
15:42:44.450 Disk 0 MBR scan
15:42:44.454 Disk 0 Windows 7 default MBR code
15:42:44.463 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
15:42:44.484 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 590476 MB offset 40965750
15:42:44.538 Disk 0 scanning C:\Windows\system32\drivers
15:42:56.195 Service scanning
15:43:24.933 Modules scanning
15:43:24.951 Disk 0 trace - called modules:
15:43:24.995 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:43:25.002 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f2790]
15:43:25.337 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> [0xfffffa80063bd800]
15:43:25.344 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c4050]
15:43:38.706 AVAST engine scan C:\Windows
15:43:43.136 AVAST engine scan C:\Windows\system32
15:45:22.081 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
15:45:24.482 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
15:46:46.814 AVAST engine scan C:\Windows\system32\drivers
15:46:59.516 AVAST engine scan C:\Users\User
15:49:19.062 File: C:\Users\User\AppData\Local\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
16:14:52.709 AVAST engine scan C:\ProgramData
16:19:39.319 Scan finished successfully
16:24:37.975 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:24:37.998 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

[Crag_Hack]

Hello ETFoster. We will now use aswMBR to fix your main infection. First we will scan and fix followed by a reboot and then another scan. Then we will run an OTL scan.

Step 1

• Double click the aswMBR.exe to run it
• It will ask you if you want to download the latest Avast! virus definitions, answer no
  
  
  
• Click the Scan button to start scan
• On completion of the scan click the Fix button
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply
• Reboot

Step 2

• Double click the aswMBR.exe to run it
• It will ask you if you want to download the latest Avast! virus definitions, answer no
  
  
  
• Click the Scan button to start scan
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 3

Open OTL and click the Quick Scan button. Post the log it produces in your next reply as well.

Things to see in your next post:
both aswMBR logs
OTL quick scan log

[ETFoster]

aswMBR only allows the "fixMBR" button, not the "Fix", that one is inactive., is that what you mean? I clicked it and a warning came up saying my partition could mess up or something so I thought I'd ask first

[ETFoster]

I did the fix and windows wouldn't boot giving me the same %hs error again. I restored to before a point in which windows installed updates again during the cleanup process so I temporarily disabled windows update installation until I get this virus out. I've been looking for fixes on the internet for months but today I found a couple more similar fixes on these forums: (http://www.techspot....opic168511.html) and (http://www.techspot....opic168402.html). It seems combofix and kasperskey are used. I wouldn't do any fixes without tech guiding me though so I figured I'd just mention it as something I found.

Here is the log from after the fix in aswMBR, before I tried to reboot.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 18:48:06
-----------------------------
18:48:06.752 OS Version: Windows x64 6.1.7601 Service Pack 1
18:48:06.752 Number of processors: 8 586 0x1E05
18:48:06.754 ComputerName: USER-PC UserName: User
18:48:16.751 Initialize success
18:48:17.596 AVAST engine defs: 12030401
18:48:20.162 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:48:20.165 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
18:48:20.255 Disk 0 MBR read successfully
18:48:20.259 Disk 0 MBR scan
18:48:20.278 Disk 0 Windows 7 default MBR code
18:48:20.283 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
18:48:20.322 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 590476 MB offset 40965750
18:48:20.398 Disk 0 scanning C:\Windows\system32\drivers
18:48:54.880 Service scanning
18:49:20.057 Modules scanning
18:49:20.076 Disk 0 trace - called modules:
18:49:20.151 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:49:20.163 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f2790]
18:49:20.545 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> [0xfffffa80063bd800]
18:49:20.557 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c4050]
18:49:22.198 AVAST engine scan C:\Windows
18:50:08.263 AVAST engine scan C:\Windows\system32
18:56:08.474 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:56:15.634 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
19:00:06.022 AVAST engine scan C:\Windows\system32\drivers
19:01:10.086 AVAST engine scan C:\Users\User
19:05:01.931 File: C:\Users\User\AppData\Local\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
19:33:05.318 AVAST engine scan C:\ProgramData
19:39:07.324 Scan finished successfully
19:53:27.976 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
19:53:27.986 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR2.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 18:48:06
-----------------------------
18:48:06.752 OS Version: Windows x64 6.1.7601 Service Pack 1
18:48:06.752 Number of processors: 8 586 0x1E05
18:48:06.754 ComputerName: USER-PC UserName: User
18:48:16.751 Initialize success
18:48:17.596 AVAST engine defs: 12030401
18:48:20.162 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:48:20.165 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
18:48:20.255 Disk 0 MBR read successfully
18:48:20.259 Disk 0 MBR scan
18:48:20.278 Disk 0 Windows 7 default MBR code
18:48:20.283 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
18:48:20.322 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 590476 MB offset 40965750
18:48:20.398 Disk 0 scanning C:\Windows\system32\drivers
18:48:54.880 Service scanning
18:49:20.057 Modules scanning
18:49:20.076 Disk 0 trace - called modules:
18:49:20.151 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:49:20.163 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f2790]
18:49:20.545 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> [0xfffffa80063bd800]
18:49:20.557 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063c4050]
18:49:22.198 AVAST engine scan C:\Windows
18:50:08.263 AVAST engine scan C:\Windows\system32
18:56:08.474 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:56:15.634 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
19:00:06.022 AVAST engine scan C:\Windows\system32\drivers
19:01:10.086 AVAST engine scan C:\Users\User
19:05:01.931 File: C:\Users\User\AppData\Local\TempDIR\BetterInstaller.exe **INFECTED** Win32:Ezula-AGE [Adw]
19:33:05.318 AVAST engine scan C:\ProgramData
19:39:07.324 Scan finished successfully
19:53:27.976 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
19:53:27.986 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR2.txt"
23:22:09.346 Verifying
23:22:19.413 Disk 0 Windows 601 MBR fixed successfully
23:22:31.062 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
23:22:31.070 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR2.txt"

[Crag_Hack]

Hi ETFoster. You are correct about Combofix being able to fix this infection. aswMBR looks like it wasn't able to in this circumstance. Anyways the next step is to run Combofix. Please do the following:

Download and Install Combofix - you can temporarily connect to the Internet for this procedure

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks - if the update succeeds combofix will restart - if not it will continue with the current copy
  
  
  
  
  
  
  
• Answer yes to install the Recovery Console if it asks and yes to scan for malware afterwards if prompted
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Crag_Hack]

Forgot to mention one thing: please take note of anything Combofix says during the course of it's run especially if related to the infection and relay to me. Not the end of the world if you miss this step but it can help.

[ETFoster]

I ran it and here are the logs, svchost is going crazy using like half of my memory, that was used by the infection a lot. I also have my computer disconnected from the internet except to give you the logs, I was fearing it may be re-downloading a virus or something. I disabled avast but it said it was still working, I'm sure I disabled it.
UPDATE: Avast just detected consrv.dll in svchost.exe, and "pc app" is on my desktop. Poo. Probably should have used a usb to give you the logs because I gave it a chance to redownload.
UPDATE2: Avast is keeping it in check so far, no redirects or anything. I have read on other forums and they fixed it using Kasperskey or Custom Combofix code, Just like before tho I'm not confident enough to do any of that myself. Combofix did get rid of consrv.dll but not the dropper, wherever that is haha.

ComboFix 12-03-04.02 - User 03/05/2012 13:45:42.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.4203 [GMT -6:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\User\AppData\Local\TempDIR
c:\users\User\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\160348186.exe
c:\windows\160361352.exe
c:\windows\669244.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 19:54 . 2012-03-05 19:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-05 19:54 . 2012-03-05 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 05:46 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F2CAD16-507A-48A6-B119-1A4E3ACBF790}\mpengine.dll
2012-03-04 03:48 . 2012-03-05 07:37 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-03 15:22 . 2012-03-03 15:22 -------- d-----w- C:\_OTL
2012-02-28 00:57 . 2012-02-28 00:57 -------- d-----w- c:\program files\ATI Technologies
2012-02-28 00:56 . 2012-03-04 05:03 -------- d-----w- C:\AMD
2012-02-27 21:34 . 2012-03-04 05:06 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-02-27 21:29 . 2012-02-27 21:43 -------- d-----w- c:\programdata\EA Logs
2012-02-27 20:20 . 2012-02-27 20:48 -------- d-----w- c:\users\User\AppData\Roaming\Origin
2012-02-27 20:20 . 2012-02-27 20:20 -------- d-----w- c:\users\User\AppData\Local\Origin
2012-02-27 20:18 . 2012-02-27 20:18 -------- d-----w- c:\program files (x86)\Origin Games
2012-02-27 20:14 . 2012-02-27 20:22 -------- d-----w- c:\program files (x86)\Origin
2012-02-23 04:56 . 2012-02-23 04:56 -------- d-----w- c:\program files (x86)\Remedy Entertainment
2012-02-21 00:08 . 2012-03-04 05:03 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-02-20 23:29 . 2012-02-20 23:29 -------- d-----w- c:\program files (x86)\Battlefield3
2012-02-16 20:09 . 2012-03-05 07:37 -------- d-----w- c:\program files (x86)\Steam
2012-02-15 16:21 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 16:21 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 16:21 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 16:21 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 16:21 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 16:21 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 16:21 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 16:21 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-11 00:55 . 2012-02-11 00:55 -------- d-----w- C:\found.000
2012-02-05 18:56 . 2012-02-14 01:03 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 21:10 . 2010-11-07 00:31 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-27 21:10 . 2010-11-07 00:31 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-23 10:43 . 2011-03-06 05:51 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-01-29 11:10 . 2011-11-11 21:53 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 18:52 . 2012-01-04 18:52 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-10 21:24 . 2011-11-10 23:27 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-4-23 12862]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
2010-04-26 16:37 1597440 ----a-w- c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-09-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-06 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-10-08 19952]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-12-09 2996272]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-10-01 3066528]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 16:04]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-19 16:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF28178.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF28178.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aic78xx
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mercury.hend...endrix.edu/OWA/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.14.1.1 10.14.1.2
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3m7wbqsg.default\
FF - prefs.js: browser.startup.homepage - hxxps://mercury.hendrix.edu/owa/auth/logon.aspx?replaceCurrent=1&reason=2&url=https%3a%2f%2fmercury.hendrix.edu%2fOWA%2f
FF - prefs.js: network.proxy.ftp - 207.36.231.28
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 207.36.231.28
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 207.36.231.28
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 207.36.231.28
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,38,12,68,40,25,
2b,77,e4,db,02,e0,8b,7a,e8,bc,10,3a,e3
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,38,12,e0,75,45,
f5,dd,cf,62,02,ef,41,0b,5b,ad,66,49,ae
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d8,c9,03,c8,f0,7e,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Completion time: 2012-03-05 14:15:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 20:15
ComboFix2.txt 2011-12-10 23:11
.
Pre-Run: 208,215,130,112 bytes free
Post-Run: 208,161,325,056 bytes free
.
- - End Of File - - 1134E4153180831A8B29FD17038B74C0

Edited by ETFoster, 06 March 2012 - 02:09 PM.

[Crag_Hack]

Hi Etfoster. I finished analyzing your ComboFix log. It looks clean. We will now run a fix with OTL and a scan with OTL and then a scan with aswMBR. I have a question for you - Windows automatic update notifications are disabled. Are you aware of this? Also did you set up the proxies in firefox? There are free malicious proxies out there that monitor all sent data and can extract your logins/passwords from the data. If you are not absolutely positive the proxies are trustworthy I'd recommend removing them. Please do the following:

Step 1

• Download aswMBR.exe ( 1870KB ) to your desktop.
• Double click the aswMBR.exe to run it
• It will ask you if you want to download the latest Avast! virus definitions, answer no
  
  
  
• Click the Scan button to start scan
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 2

• Double click OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Download the following file  scan.txt   687KB   97 downloads to your Desktop. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Then attach the produced log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)

Step 3

• Open OTL again
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  C:\Windows\SysNative\acovcnt.exe /md5

• click the Quick Scan button. Post the log it produces in your next reply as well. If the log is huge with the LOP section just attach it.

Things to see in your next post:
aswMBR log
attached OTL Fix log (it will be in C:\_OTL\MovedFiles with a filename beginning with the date)
OTL quick scan log

[ETFoster]

Here are the logs. I purposefully disabled automatic updates until I get this fixed because when my computer updates I get the %hs error screen. Thats why I said the virus won't let me update, because it won't let me boot windows after cuz of a missing file. I only used proxies for a few minutes with firefox one time to practice using them. I don't have any in place now. Also, svchost.exe is still active and using up my memory.
Update: Avast just detected consrv.dll again.





OTL logfile created on: 3/7/2012 6:35:36 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 65.06% Memory free
11.85 Gb Paging File | 9.47 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.64 Gb Total Space | 192.41 Gb Free Space | 33.37% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 18:00:48 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/02/27 15:23:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/27 15:10:33 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/02/27 15:10:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/09 07:24:55 | 002,996,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/01 09:05:55 | 001,286,960 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/10/01 09:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/09/06 14:40:10 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/06/24 18:50:50 | 006,806,144 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/05/17 10:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/05/03 15:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/05/03 15:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/31 09:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/29 17:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/27 15:23:07 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/23 22:16:06 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/22 21:19:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/22 21:18:26 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/22 21:18:11 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/22 21:18:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/22 21:18:01 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/22 21:17:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/22 21:17:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/22 21:17:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/22 21:17:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/22 15:59:56 | 000,071,680 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko10\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011/10/17 15:50:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/10/01 05:33:21 | 002,539,440 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\ProductResources.dll
MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/02/23 14:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 14:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 14:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 14:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009/11/02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/03/26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/07 16:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 16:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/12/17 03:18:07 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/07 17:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/06 15:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\pavreport.dll -- (aic78xx)
SRV - [2012/02/27 15:10:33 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/02/27 15:10:18 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/09 07:24:55 | 002,996,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/01 09:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/09/22 12:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/09/06 14:36:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/09/06 14:36:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/04 12:52:22 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/28 11:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 11:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 11:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 11:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 11:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 11:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/03 04:01:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/10/03 04:01:00 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/06/23 20:05:31 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/06/17 13:49:12 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/06/17 13:49:10 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/05/16 18:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 18:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 18:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/03/04 21:19:45 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/17 03:52:59 | 006,177,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/18 04:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/06 15:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/06 15:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 04:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/02 10:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/10/07 18:33:10 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2011/03/18 10:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/05/05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mercury.hend...endrix.edu/OWA/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mercury.hend...ndrix.edu/OWA/"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:1.0.0.12
FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.1.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: flvripper@harsha:1.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: "58.246.200.114"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "58.246.200.114"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "58.246.200.114"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "207.36.231.28"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "207.36.231.28"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "207.36.231.28"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "207.36.231.28"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/30 18:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/03 23:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 10:36:42 | 000,000,000 | ---D | M]

[2010/12/03 19:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/12/03 19:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/03 23:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions
[2012/01/27 12:24:59 | 000,000,000 | ---D | M] (Screenshot Pimp) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{056d0610-e44d-11df-bccf-0800200c9a66}
[2012/01/31 19:16:17 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/01/30 10:17:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/30 10:17:10 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2012/01/04 11:57:13 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\screencaptureelite@plugin
[2012/03/03 23:06:32 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\3m7wbqsg.default\extensions\[email protected]
[2012/02/15 18:03:18 | 000,002,418 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3m7wbqsg.default\searchplugins\s-amazon-byskipity.xml
[2012/01/29 20:20:44 | 000,002,281 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3m7wbqsg.default\searchplugins\s-amazon.xml
[2012/01/29 20:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/11 10:36:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\{62B958B4-9962-4FC2-9983-01A9A42D6F2D}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3M7WBQSG.DEFAULT\EXTENSIONS\[email protected]
[2012/02/27 15:23:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/27 15:23:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/27 15:23:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012/03/07 18:17:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.14.1.1 10.14.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C955B5C-3A61-4740-AAB6-F5A918D4C247}: DhcpNameServer = 10.14.1.1 10.14.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA7F630-95C0-4461-BBFD-0F5CB0221D31}: DhcpNameServer = 10.14.1.1 10.14.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5FC1BD8-A104-4674-840C-0743DDB249FA}: DhcpNameServer = 10.14.1.1 10.14.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0356013-A75E-4D49-8003-544CF90B3A9E}: DhcpNameServer = 10.14.1.1 10.14.1.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 17:08:24 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2012/03/05 13:57:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/05 13:43:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/05 13:43:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/05 13:43:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/05 13:43:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/05 10:08:19 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/03/03 21:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/03/03 09:22:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/27 21:49:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/27 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Battlefield 3
[2012/02/27 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/02/27 18:56:26 | 000,000,000 | ---D | C] -- C:\AMD
[2012/02/27 15:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/02/27 15:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/02/27 15:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/02/27 14:20:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Origin
[2012/02/27 14:20:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Origin
[2012/02/27 14:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/02/27 14:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/02/27 14:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/02/27 12:37:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Battlefield 3
[2012/02/22 23:19:45 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Remedy
[2012/02/22 23:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012/02/22 22:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remedy Entertainment
[2012/02/20 18:08:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/02/20 17:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlefield3
[2012/02/16 18:11:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/02/16 14:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/02/16 14:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/02/10 18:55:31 | 000,000,000 | ---D | C] -- C:\found.000
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 18:36:41 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 18:36:41 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 18:29:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 18:27:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 18:27:51 | 477,532,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 18:17:57 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/07 17:59:15 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2012/03/07 17:46:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/07 17:08:34 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2012/03/05 17:28:13 | 000,462,406 | ---- | M] () -- C:\Users\User\Documents\Mini_Soul_Scope-190315.pdf
[2012/03/05 10:08:24 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/03/04 23:19:12 | 000,049,842 | ---- | M] () -- C:\Users\User\Desktop\www.geekstogo.com screen capture 2012-3-4-23-19-11.png
[2012/03/04 21:03:45 | 000,007,598 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2012/03/04 16:12:27 | 001,454,552 | ---- | M] () -- C:\Users\User\Documents\resource curse in africa.pdf
[2012/03/04 16:10:43 | 000,197,602 | ---- | M] () -- C:\Users\User\Documents\neocolonialism and neoliberalism in south africa and zambia.pdf
[2012/03/04 16:05:59 | 000,030,523 | ---- | M] () -- C:\Users\User\Documents\projectcensored.org-19_American_Companies_Exploit_the_Congo.pdf
[2012/03/04 15:48:04 | 000,185,032 | ---- | M] () -- C:\Users\User\Documents\_data_Revista_No_70_ColombiaInternacional70-03-Analisis-Basedau_Wegenast.pdf
[2012/03/04 15:47:51 | 000,108,866 | ---- | M] () -- C:\Users\User\Documents\ENVIRONMENTAL INJUSTICE AND HUMAN RIGHTS ABUSE.pdf
[2012/03/04 15:47:07 | 000,112,622 | ---- | M] () -- C:\Users\User\Documents\impact of globilization on african continents.pdf
[2012/03/04 12:18:30 | 004,256,620 | ---- | M] () -- C:\Users\User\Documents\somalia.pdf
[2012/02/29 17:12:53 | 010,122,625 | ---- | M] () -- C:\Users\User\Documents\southern-exposure-catalog-2012-web.pdf
[2012/02/27 15:23:14 | 000,002,050 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/27 15:11:04 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/02/27 15:10:33 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/27 15:10:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/27 14:22:24 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/02/23 04:43:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/02/22 23:13:10 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/02/22 21:09:55 | 004,988,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/18 17:26:30 | 000,104,107 | ---- | M] () -- C:\Users\User\Documents\Grad_School_Guide_update_ 2008.pdf
[2012/02/18 13:07:21 | 000,747,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/18 13:07:21 | 000,639,768 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/18 13:07:21 | 000,111,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 22:35:53 | 000,000,132 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/16 18:11:59 | 000,000,219 | ---- | M] () -- C:\Users\User\Desktop\Team Fortress 2.url
[2012/02/16 14:09:21 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/14 22:23:21 | 000,726,047 | ---- | M] () -- C:\Users\User\Documents\Day12Poverty1.pdf
[2012/02/09 16:06:09 | 000,959,385 | ---- | M] () -- C:\Users\User\Documents\Day7PovertyOnlineVersion.pdf
[2012/02/09 16:05:52 | 000,780,459 | ---- | M] () -- C:\Users\User\Documents\Day8PovertyOnline.pdf
[2012/02/09 16:05:16 | 000,893,329 | ---- | M] () -- C:\Users\User\Documents\DAY9POVERTY.pdf
[2012/02/09 16:04:32 | 001,202,523 | ---- | M] () -- C:\Users\User\Documents\DayFivePoverty2Online.pdf
[2012/02/09 16:04:20 | 000,459,285 | ---- | M] () -- C:\Users\User\Documents\DayFourPovertyOnline2.pdf
[2012/02/09 16:04:07 | 000,930,098 | ---- | M] () -- C:\Users\User\Documents\DayOnePovertyOnline.pdf
[2012/02/09 16:03:50 | 000,517,094 | ---- | M] () -- C:\Users\User\Documents\Day6PovertyOnline.pdf
[2012/02/09 16:03:33 | 000,645,983 | ---- | M] () -- C:\Users\User\Documents\DayThreePoverty1Online.pdf
[2012/02/09 16:03:15 | 000,497,362 | ---- | M] () -- C:\Users\User\Documents\DayTwoPovertyOnlineVersion.pdf
[2012/02/09 16:03:01 | 000,758,829 | ---- | M] () -- C:\Users\User\Documents\Day10Poverty-Exam1Overview.pdf
[2012/02/07 16:05:41 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 17:28:13 | 000,462,406 | ---- | C] () -- C:\Users\User\Documents\Mini_Soul_Scope-190315.pdf
[2012/03/05 13:43:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/05 13:43:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/05 13:43:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/05 13:43:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/05 13:43:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/04 23:19:12 | 000,049,842 | ---- | C] () -- C:\Users\User\Desktop\www.geekstogo.com screen capture 2012-3-4-23-19-11.png
[2012/03/04 16:12:27 | 001,454,552 | ---- | C] () -- C:\Users\User\Documents\resource curse in africa.pdf
[2012/03/04 16:10:43 | 000,197,602 | ---- | C] () -- C:\Users\User\Documents\neocolonialism and neoliberalism in south africa and zambia.pdf
[2012/03/04 16:05:48 | 000,030,523 | ---- | C] () -- C:\Users\User\Documents\projectcensored.org-19_American_Companies_Exploit_the_Congo.pdf
[2012/03/04 15:48:03 | 000,185,032 | ---- | C] () -- C:\Users\User\Documents\_data_Revista_No_70_ColombiaInternacional70-03-Analisis-Basedau_Wegenast.pdf
[2012/03/04 15:47:51 | 000,108,866 | ---- | C] () -- C:\Users\User\Documents\ENVIRONMENTAL INJUSTICE AND HUMAN RIGHTS ABUSE.pdf
[2012/03/04 15:47:07 | 000,112,622 | ---- | C] () -- C:\Users\User\Documents\impact of globilization on african continents.pdf
[2012/03/04 15:41:36 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2012/03/04 12:18:30 | 004,256,620 | ---- | C] () -- C:\Users\User\Documents\somalia.pdf
[2012/02/29 17:12:53 | 010,122,625 | ---- | C] () -- C:\Users\User\Documents\southern-exposure-catalog-2012-web.pdf
[2012/02/27 15:11:04 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/02/27 14:19:26 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/02/22 23:13:10 | 000,002,157 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/02/18 17:26:30 | 000,104,107 | ---- | C] () -- C:\Users\User\Documents\Grad_School_Guide_update_ 2008.pdf
[2012/02/16 18:11:57 | 000,000,219 | ---- | C] () -- C:\Users\User\Desktop\Team Fortress 2.url
[2012/02/16 14:09:21 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/14 22:23:21 | 000,726,047 | ---- | C] () -- C:\Users\User\Documents\Day12Poverty1.pdf
[2012/02/09 16:06:08 | 000,959,385 | ---- | C] () -- C:\Users\User\Documents\Day7PovertyOnlineVersion.pdf
[2012/02/09 16:05:52 | 000,780,459 | ---- | C] () -- C:\Users\User\Documents\Day8PovertyOnline.pdf
[2012/02/09 16:05:16 | 000,893,329 | ---- | C] () -- C:\Users\User\Documents\DAY9POVERTY.pdf
[2012/02/09 16:04:32 | 001,202,523 | ---- | C] () -- C:\Users\User\Documents\DayFivePoverty2Online.pdf
[2012/02/09 16:04:20 | 000,459,285 | ---- | C] () -- C:\Users\User\Documents\DayFourPovertyOnline2.pdf
[2012/02/09 16:04:07 | 000,930,098 | ---- | C] () -- C:\Users\User\Documents\DayOnePovertyOnline.pdf
[2012/02/09 16:03:50 | 000,517,094 | ---- | C] () -- C:\Users\User\Documents\Day6PovertyOnline.pdf
[2012/02/09 16:03:33 | 000,645,983 | ---- | C] () -- C:\Users\User\Documents\DayThreePoverty1Online.pdf
[2012/02/09 16:03:14 | 000,497,362 | ---- | C] () -- C:\Users\User\Documents\DayTwoPovertyOnlineVersion.pdf
[2012/02/09 16:03:01 | 000,758,829 | ---- | C] () -- C:\Users\User\Documents\Day10Poverty-Exam1Overview.pdf
[2012/02/04 09:45:29 | 000,000,112 | ---- | C] () -- C:\ProgramData\p6N6d7.dat
[2012/01/20 19:22:52 | 000,005,632 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 13:19:09 | 000,000,272 | ---- | C] () -- C:\Users\User\AppData\Roaming\.backup.dm
[2011/10/12 17:49:22 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{058E71F9-096C-4F24-86D8-07CBF60D2085}
[2011/09/20 17:49:58 | 000,000,395 | ---- | C] () -- C:\Windows\Sniffy.ini
[2011/09/05 20:33:58 | 000,007,598 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/05/11 16:44:42 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{2FD53952-2E4E-4235-AA61-1F91CD0FB239}
[2011/04/24 18:25:04 | 000,000,132 | ---- | C] () -- C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/09 22:21:45 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/06 18:31:53 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/06 18:31:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/06 18:31:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/11/03 18:02:24 | 000,196,828 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/03 03:17:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/02 08:12:08 | 000,000,070 | ---- | C] () -- C:\Windows\sbwin.ini
[2010/10/02 08:02:03 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/10/01 05:34:00 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/09/06 14:36:30 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/09/06 14:36:30 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/09/06 14:36:30 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010/09/06 14:36:30 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010/09/06 14:28:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/08/09 22:54:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2012/02/22 23:31:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
[2012/02/20 17:25:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2010/12/13 13:41:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2011/10/01 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FrostWire
[2012/02/27 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2011/11/10 17:09:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OtzPNcuDoF
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PunkBuster
[2011/11/10 15:38:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\rCCCIrONP
[2011/11/10 15:38:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\rCCwIrOtx
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RIFT
[2011/11/10 17:35:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RoonnaHs7EL
[2011/06/23 20:35:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Rovio
[2012/01/04 16:05:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\runic games
[2011/01/05 23:58:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/23 13:19:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
[2010/12/03 21:46:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2011/11/11 10:35:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2011/11/03 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wing IDE 4
[2012/02/16 11:37:53 | 000,032,686 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\Windows\SysNative\acovcnt.exe /md5 >
[2012/02/23 04:43:49 | 000,045,056 | ---- | M] () MD5=6BCAF46E2B7FA9ACE92B4D39F3037C5C -- C:\Windows\SysNative\acovcnt.exe

< End of report >



OTL Extras logfile created on: 3/7/2012 6:35:36 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 65.06% Memory free
11.85 Gb Paging File | 9.47 Gb Available in Paging File | 79.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.64 Gb Total Space | 192.41 Gb Free Space | 33.37% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26B0A622-1314-70B4-2971-DA74D58F2DDB}" = ccc-utility64
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{34b2530c-6349-4292-9dc3-60bda4aed93d}" = Python 3.2.1 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = PageRage 1.10.01
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D87D65E0-B704-9861-F836-5A310B41F153}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F634E9C2-5D00-3A4B-5AB0-148C431BBDD5}" = ATI AVIVO64 Codecs
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"M-WIN-G 7.0.0 1148361_is1" = Wolfram Mathematica 7 for Students (M-WIN-G 7.0.0 1148361)
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0512FBC8-37F5-11E1-630E-0E4BF115179A}" = CCC Help Norwegian
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{07C4EA80-2F1F-B150-4CCC-0AD2E4F8FBAB}" = CCC Help Hungarian
"{07EC03E1-2831-C147-CAA7-7A900EE9FD8D}" = CCC Help Dutch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D052F88-18D4-FC0A-BF33-318C4FDFF6FD}" = Catalyst Control Center Graphics Light
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E356931-3A8D-77D4-4D08-2FB6A1C01361}" = CCC Help Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{27F1C968-61B0-43DA-B400-AD0843681703}" = Fort Zombie
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{33A9D3F0-C131-5CCF-3630-13FDAE4931E8}" = ccc-core-static
"{33D31A9E-7D50-1B38-7D5E-FB41C89A805A}" = CCC Help Turkish
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{420897E0-9294-C91D-194A-C3D53B768AB7}" = Catalyst Control Center Core Implementation
"{42B7C244-607F-4BF4-AEDC-D689F9722418}" = Minutor
"{43E49F45-70FB-31D8-2C9A-4C80A0694F28}" = CCC Help Finnish
"{4997619D-FA9C-1987-ADD9-292E7623A7AB}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5E7B9D7C-0245-A5AF-9A7F-C2A74F8A4251}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{641BFAC0-2527-FEF8-DA90-52F42A9C82AB}" = CCC Help Portuguese
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65CE0B7D-F67E-EE9C-A10F-85ECBDC7FF01}" = Catalyst Control Center Graphics Full New
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6EB8E500-1A08-5104-C0F4-B131C23BAC57}" = CCC Help Italian
"{70376A8D-C6E7-4A61-9E30-42AD268CD45D}_is1" = MagicCamera 7.2.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C3B44A6-CA80-67A8-BD61-72AC2E367760}" = CCC Help Russian
"{8385135C-A857-2F59-5226-03AF656DA9A5}" = Catalyst Control Center Localization All
"{856520DF-4018-0EAD-B02F-C506C0C52F02}" = CCC Help Swedish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90D9AF4D-8BA2-D322-E2B6-316CC4EEDEB9}" = CCC Help English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B408981-8298-20FE-58E5-59113B371947}" = CCC Help Japanese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB3F20E-EAE9-FE53-DC08-71BC5E5F18E3}" = Catalyst Control Center Graphics Previews Vista
"{9E3234AD-F86D-7ABE-EC5B-A1BDDC770FFE}" = CCC Help Danish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A57039DB-8A82-0DA3-CFBD-888E88A50816}" = CCC Help Korean
"{A5981835-5A34-E723-BBB1-3A4556F93B14}" = CCC Help Greek
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D0699A-714A-7AF0-7887-A880440CF1EE}" = CCC Help German
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B72E80DB-DF9B-DE1E-8899-CC74B6B9456A}" = Catalyst Control Center InstallProxy
"{BB1FCCCB-CF8E-87FE-B989-37041A118F29}" = CCC Help Chinese Traditional
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C260343B-6282-42A2-939F-1FF7E503F608}" = Wolfram Notebook Indexer 2.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C94ADF6E-B9F0-1221-AD6F-25D547EA0726}" = Catalyst Control Center Graphics Previews Common
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D221681D-9B40-2078-0119-4FD158DC571B}" = Catalyst Control Center Graphics Full Existing
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E4C16219-48E5-B6BC-637B-F16412CE5DE5}" = CCC Help Spanish
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE83CCB4-1DDF-153A-3E73-242A687D8C58}" = CCC Help Polish
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F81722A1-2B1A-383B-1775-26BE96E14E4E}" = CCC Help Czech
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alan Wake_is1" = Alan Wake
"Asus_G73_Screensaver" = Asus_G73_Screensaver
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX Setup
"FlashGet" = FlashGet 1.9.6.1073
"Google Chrome" = Google Chrome
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Runic Games Torchlight" = Torchlight
"SpeedFan" = SpeedFan (remove only)
"Steam App 440" = Team Fortress 2
"VLC media player" = VLC media player 1.1.4
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Webroot Software" = Webroot Software
"WinDjView" = WinDjView 1.0.3
"Wing IDE 4.0_is1" = Wing IDE 4.0.3-1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by ETFoster, 07 March 2012 - 07:42 PM.

[ETFoster]

Here is the OTL fix log attached

Attached Files

•  03072012_180200.log   930KB   86 downloads

[ETFoster]

I'm sorry I pasted an older aswMBR log, here are the new logs.
Update:I also thought I should mention, windows firewall and security center are back online.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-07 17:08:45
-----------------------------
17:08:45.549 OS Version: Windows x64 6.1.7601 Service Pack 1
17:08:45.550 Number of processors: 8 586 0x1E05
17:08:45.552 ComputerName: USER-PC UserName: User
17:08:48.293 Initialize success
17:08:48.515 AVAST engine defs: 12030700
17:09:20.528 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:09:20.533 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
17:09:20.551 Disk 0 MBR read successfully
17:09:20.560 Disk 0 MBR scan
17:09:20.567 Disk 0 Windows 7 default MBR code
17:09:20.574 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
17:09:20.596 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 590476 MB offset 40965750
17:09:20.614 Disk 0 scanning C:\Windows\system32\drivers
17:09:29.936 Service scanning
17:09:58.481 Modules scanning
17:09:58.499 Disk 0 trace - called modules:
17:09:58.558 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
17:09:58.571 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ee790]
17:09:58.920 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80054b4800]
17:09:58.931 5 ACPI.sys[fffff88000f827a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063b3050]
17:10:01.928 AVAST engine scan C:\Windows
17:10:06.948 AVAST engine scan C:\Windows\system32
17:13:08.460 AVAST engine scan C:\Windows\system32\drivers
17:13:22.360 AVAST engine scan C:\Users\User
17:42:20.388 AVAST engine scan C:\ProgramData
17:46:35.003 Scan finished successfully
17:59:15.591 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
17:59:15.598 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR3.txt"

Edited by ETFoster, 07 March 2012 - 07:49 PM.

[Crag_Hack]

Are you still having any symptoms? If so what are they?

[ETFoster]

Avast still detects consrv.dll. I haven't tried to update windows but I expect windows to not be able to boot after an update. Performance issues are the same as before, just slower and lag in programs.

[Crag_Hack]

If Avast picks up consrv.dll can you read the details in the avast dialog box - specifically if it tells the folder consrv.dll is located it. This would help thanks.