Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 rig infected MBR:Alureon-K [Rtk]

Started by Jpsgroi , Mar 10 2012 09:36 PM

  • Please log in to reply

#1
Jpsgroi
Posted 10 March 2012 - 09:36 PM

Jpsgroi

    Member

  • Member
  • PipPip
  • 11 posts
Hello all,

I have attached the results of two programs. I also did a scan with windows defender offline beta. That scan detected the virus but an error resulted when it came time for removal.


aswMBR will not load for me. TDSkiler either. A lot of the threads I came across suggested these programs but I can't get them to load running as administer.

Any help would be greatly appreciated. Thank you.

OTL logfile created on: 3/10/2012 9:23:51 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Jordan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.57 Gb Available Physical Memory | 69.64% Memory free
16.00 Gb Paging File | 13.27 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 372.73 Gb Free Space | 62.52% Space Free | Partition Type: NTFS

Computer Name: JORDOFILTH | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 21:22:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Downloads\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/27 23:46:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/09/30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011/09/29 17:34:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/08/08 14:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/08 09:28:52 | 000,429,040 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\ppgooglenaclpluginchrome.dll
MOD - [2012/03/08 09:28:51 | 003,772,912 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
MOD - [2012/03/08 09:27:26 | 000,122,880 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avutil-51.dll
MOD - [2012/03/08 09:27:24 | 000,220,672 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avformat-53.dll
MOD - [2012/03/08 09:27:23 | 001,747,456 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avcodec-53.dll
MOD - [2012/03/08 04:39:20 | 008,593,056 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
MOD - [2012/02/27 23:46:54 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/28 17:44:32 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/12/05 22:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/12/08 21:56:14 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/29 17:34:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/14 19:08:58 | 001,244,968 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 21:29:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/27 02:37:30 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/08/08 14:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 21:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 06:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/11/18 15:56:28 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/27 00:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/02/20 00:18:02 | 000,110,096 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2007/06/25 04:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2012/03/10 20:33:35 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...t&ltmplcache=2"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/08 23:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/27 23:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/06 00:20:36 | 000,000,000 | ---D | M]

[2011/04/12 22:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Extensions
[2011/08/25 21:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions
[2011/08/25 21:59:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/04/12 22:28:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/15 15:40:26 | 000,004,207 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\searchplugins\aim-search.xml
[2011/12/11 15:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/11 15:15:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/10 10:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/02/27 23:46:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2003/01/13 16:08:06 | 000,499,712 | ---- | M] (Morgan Multimedia) -- C:\Program Files (x86)\mozilla firefox\plugins\npjp2.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/27 23:46:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/27 23:46:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Morgan Multimedia JPEG2000 Netscape/Mozilla PlugIn (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/10 16:25:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Show all images in original quality - C:\Program Files (x86)\www.cproxy.com\originalAll.htm File not found
O8:64bit: - Extra context menu item: Show image in original quality - C:\Program Files (x86)\www.cproxy.com\original.htm File not found
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Show all images in original quality - C:\Program Files (x86)\www.cproxy.com\originalAll.htm File not found
O8 - Extra context menu item: Show image in original quality - C:\Program Files (x86)\www.cproxy.com\original.htm File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{333B5433-1B34-4B15-A73F-A9EABE84CC96}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/10 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/03/10 20:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/10 20:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/10 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/03/10 20:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/03/10 20:44:50 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Anti-Malware
[2012/03/10 20:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/03/10 20:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2012/03/10 20:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/10 17:16:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/10 17:11:20 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\Jordan\Contacts\Desktop\antizeroaccess.exe
[2012/03/10 16:11:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/10 15:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/10 15:20:31 | 000,000,000 | ---D | C] -- C:\Commy
[2012/03/10 15:13:15 | 004,432,490 | R--- | C] (Swearware) -- C:\Users\Jordan\Contacts\Desktop\Commy.exe
[2012/03/04 22:37:59 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Contacts\Desktop\skse_1_04_13
[2012/03/04 21:00:25 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOSS
[2012/03/04 21:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BOSS
[2012/03/04 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Nexus Mod Manager
[2012/03/04 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Black_Tree_Gaming
[2012/03/04 19:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/03/04 19:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012/03/01 00:35:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/28 19:33:26 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0
[2012/02/28 18:27:46 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Diablo III
[2012/02/28 17:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/02/27 23:58:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/27 23:57:52 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/27 23:57:52 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/27 23:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/27 23:53:22 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/27 23:53:20 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/27 23:53:19 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/27 23:53:18 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/27 23:53:10 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/27 23:52:49 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/27 23:52:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/27 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/02/27 23:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/02/23 23:52:14 | 000,000,000 | ---D | C] -- C:\found.007
[2012/02/22 20:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/02/22 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/02/22 20:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/02/22 20:11:07 | 000,000,000 | ---D | C] -- C:\AMD
[2012/02/15 00:10:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 00:10:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 00:10:09 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 00:10:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 00:10:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 00:10:08 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 00:10:08 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 00:10:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 00:10:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 00:10:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 00:10:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 00:02:36 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 00:02:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 00:02:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 00:02:11 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/10 21:02:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000UA.job
[2012/03/10 20:56:25 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/10 20:45:01 | 000,001,115 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/03/10 20:45:01 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/03/10 20:40:52 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:40:52 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:37:04 | 000,250,232 | ---- | M] () -- C:\Users\Jordan\Documents\cc_20120310_203651.reg
[2012/03/10 20:36:11 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/10 20:33:35 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/03/10 20:33:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 20:33:27 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 17:11:18 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\Jordan\Contacts\Desktop\antizeroaccess.exe
[2012/03/10 16:25:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/10 15:13:31 | 004,432,490 | R--- | M] (Swearware) -- C:\Users\Jordan\Contacts\Desktop\Commy.exe
[2012/03/09 22:02:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000Core.job
[2012/03/08 23:24:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/08 23:02:40 | 000,002,410 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\Google Chrome.lnk
[2012/03/06 23:51:43 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/06 19:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/06 03:01:36 | 000,743,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/06 03:01:36 | 000,626,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 03:01:36 | 000,107,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/04 22:53:59 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\FXAA Tool.lnk
[2012/03/04 22:42:00 | 000,001,774 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\skse_loader - Shortcut.lnk
[2012/02/28 19:33:26 | 000,001,080 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2012/02/28 19:33:26 | 000,001,062 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\Cake Poker 2.0.lnk
[2012/02/27 23:53:25 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/27 23:48:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/27 23:46:54 | 000,001,895 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/22 20:55:03 | 000,000,691 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\GetValue.vbs
[2012/02/22 20:55:03 | 000,000,035 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\SetValue.bat
[2012/02/15 23:37:19 | 000,416,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/10 20:56:25 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/10 20:45:01 | 000,001,115 | ---- | C] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/03/10 20:45:01 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/03/10 20:36:54 | 000,250,232 | ---- | C] () -- C:\Users\Jordan\Documents\cc_20120310_203651.reg
[2012/03/10 20:36:11 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/04 22:53:59 | 000,002,317 | ---- | C] () -- C:\Users\Public\Desktop\FXAA Tool.lnk
[2012/03/04 22:42:00 | 000,001,774 | ---- | C] () -- C:\Users\Jordan\Contacts\Desktop\skse_loader - Shortcut.lnk
[2012/03/04 19:17:35 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/02/28 19:33:26 | 000,001,080 | ---- | C] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2012/02/28 19:33:26 | 000,001,062 | ---- | C] () -- C:\Users\Jordan\Contacts\Desktop\Cake Poker 2.0.lnk
[2012/02/27 23:53:25 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/27 23:53:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/27 23:45:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 00:44:36 | 000,000,184 | ---- | C] () -- C:\ProgramData\~EUkpLarXQSJTe6r
[2012/01/24 00:44:35 | 000,000,296 | ---- | C] () -- C:\ProgramData\~EUkpLarXQSJTe6
[2012/01/24 00:44:28 | 000,000,344 | ---- | C] () -- C:\ProgramData\EUkpLarXQSJTe6
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/28 19:13:31 | 000,000,000 | ---- | C] () -- C:\Users\Jordan\AppData\Local\RIFTriftpatchlive.exe
[2011/06/16 18:47:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/14 15:16:29 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/12 21:58:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/07 22:15:02 | 000,027,528 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\UserTile.png
[2010/11/08 20:40:24 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >

ComboFix 12-03-10.02 - Jordan 03/10/2012 15:31:01.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.5955 [GMT -5:00]
Running from: c:\users\Jordan\Contacts\Desktop\Commy.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jordan\AppData\Roaming\Roaming
c:\users\Jordan\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\users\Jordan\Documents\~WRL0004.tmp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\odbcad32.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 21:11 . 2012-03-10 21:11 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-03-10 21:11 . 2012-03-10 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 21:11 . 2012-03-10 21:11 -------- d-----w- c:\users\Kerra\AppData\Local\temp
2012-03-09 23:29 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D973061F-A10C-42AF-BE0B-B6BFF463FA43}\mpengine.dll
2012-03-05 02:00 . 2012-03-05 02:00 -------- d-----w- c:\program files (x86)\Common Files\BOSS
2012-03-05 00:17 . 2012-03-05 00:17 -------- d-----w- c:\users\Jordan\AppData\Local\Black_Tree_Gaming
2012-03-05 00:17 . 2012-03-07 04:51 -------- d-----w- c:\program files\Nexus Mod Manager
2012-03-01 05:35 . 2012-03-01 05:35 -------- d-----w- c:\windows\PCHEALTH
2012-02-28 22:33 . 2012-02-28 23:27 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-02-28 22:31 . 2012-02-28 22:32 -------- d-----w- c:\programdata\Battle.net
2012-02-28 04:58 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-28 04:57 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-28 04:57 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-28 04:53 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 04:53 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-28 04:53 . 2010-06-28 21:33 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-28 04:53 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-28 04:53 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-28 04:52 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 04:52 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-28 04:52 . 2012-02-28 04:52 -------- d-----w- c:\programdata\Alwil Software
2012-02-28 04:52 . 2012-02-28 04:52 -------- d-----w- c:\program files\Alwil Software
2012-02-24 04:52 . 2012-02-24 04:52 -------- d-----w- C:\found.007
2012-02-23 01:15 . 2012-02-23 01:15 -------- d-----w- c:\programdata\ATI
2012-02-23 01:15 . 2012-02-23 01:15 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-23 01:11 . 2012-02-23 01:11 -------- d-----w- C:\AMD
2012-02-15 05:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 05:02 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 05:02 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 05:02 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 05:02 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:02 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 21:24 . 2008-12-21 02:35 24072 ----a-w- c:\windows\gdrv.sys
2012-02-23 14:18 . 2009-10-02 18:03 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 01:55 . 2010-02-22 07:10 691 ----a-w- c:\users\Jordan\AppData\Roaming\GetValue.vbs
2012-02-23 01:55 . 2010-02-22 07:10 35 ----a-w- c:\users\Jordan\AppData\Roaming\SetValue.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
R4 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-07-27 185640]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - avgntflt
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000Core.job
- c:\users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 04:52]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000UA.job
- c:\users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 04:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Show all images in original quality - c:\program files (x86)\www.cproxy.com\originalAll.htm
IE: Show image in original quality - c:\program files (x86)\www.cproxy.com\original.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
AddRemove-CPROXY_is1 - c:\program files (x86)\www.cproxy.com\unins000.exe
AddRemove-Garena - c:\program files (x86)\Garena\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
.
**************************************************************************
.
Completion time: 2012-03-10 16:46:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 21:46
.
Pre-Run: 368,341,934,080 bytes free
Post-Run: 369,107,546,112 bytes free
.
- - End Of File - - 63AEA38007B8C00E94EB22FA8E4C58EB

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 11 March 2012 - 02:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
Malwarebytes Anti-Malware so it doesn't interfere.


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Show all images in original quality - C:\Program Files (x86)\www.cproxy.com\originalAll.htm File not found
O8:64bit: - Extra context menu item: Show image in original quality - C:\Program Files (x86)\www.cproxy.com\original.htm File not found
O8 - Extra context menu item: Show all images in original quality - C:\Program Files (x86)\www.cproxy.com\originalAll.htm File not found
O8 - Extra context menu item: Show image in original quality - C:\Program Files (x86)\www.cproxy.com\original.htm File not found
9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
[2012/01/24 00:44:36 | 000,000,184 | ---- | C] () -- C:\ProgramData\~EUkpLarXQSJTe6r
[2012/01/24 00:44:35 | 000,000,296 | ---- | C] () -- C:\ProgramData\~EUkpLarXQSJTe6
[2012/01/24 00:44:28 | 000,000,344 | ---- | C] () -- C:\ProgramData\EUkpLarXQSJTe6


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config sptd start= disabled /c
c:\windows\System32\Drivers\sptd.sys

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Let's try Safe Mode with Networking:
Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (decline the Avast Engine if offered.)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
If it won't work, right click on aswMBR.exe and rename it to george.exe and try it again. Also right click on the file and select Properties and make sure it doesn't say the file is blocked.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
A text version of the log should be at C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt. If you can find it copy and paste it into a reply.

Also try TDSSKiller in Safe Mode:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply. If TDSSKiller won't run see if you can rename it to paul.exe and get it to run that way. Also right click on the file and select Properties and make sure it doesn't say the file is blocked.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
Jpsgroi
Posted 11 March 2012 - 08:20 PM

Jpsgroi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you for the quick reply sir. I will be doing this things tomorrow when I get out of work. Will post all you have told me to. One thing to note, I have tried to rename the two rootkit scan programs to something different but it didn't work.

Here is the log of the first time I ran the boot time scan w/ Avast when these problems started happening.

Also, it keeps telling me to do a disc check at startup even though I have ran this 2 or 3x since infection. Catalyst control center also won't work.


02/28/2012 23:51
Scan of all local drives

File C:\Program Files (x86)\Heroes of Newerth\game\resources0.s2z|>heroes\helldemon\sounds\voice\select_2.ogg Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Heroes of Newerth\game\textures.s2z|>00000003\world\terrain\textures\river2_n_rxgb.dds Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\main\iw_10.iwd|>images\~tractor_spc-r18g18b18&tracto~e7275db8.iwi Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 3\main\iw_16.iwd|>sound\shg\amb_streams\amb_dubai_oasis_elevator_smashed_rear.wav Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Steam\steamapps\common\serious sam hd the first encounter\Content\SeriousSamHD\All_135087.gro|>Content\SeriousSamHD\Levels\Z5_Other\Horus_Web.wld Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\146bb18-1bc10949|>c.class is infected by Java:Jade-A [Heur], Deleted
File C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\52961cdf-3cf4b0dd|>jarz\KAVS.class is infected by Java:Jade-A [Heur], Deleted
File C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2057c620-76f31084|>Update.class is infected by Java:CVE-2011-3544-AX [Expl], Deleted
File C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\57535e6-296082e1|>c.class is infected by Java:Jade-A [Heur], Deleted
File C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7d00cafa-57b5e6c6|>Photo.class is infected by Java:CVE-2011-3544-CP [Expl], Deleted
File C:\Users\Jordan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5ee2d53b-12cbe9b1|>b.class is infected by Java:Jade-A [Heur], Deleted
File C:\Users\Jordan\AppData\Roaming\acccore\caches\bart\1024\97F87B59785A4C0E4DC9DF92786C404C|>dblue12.gif Error 42125 {ZIP archive is corrupted.}
File C:\Windows\CheckSur\v1.0\windows6.1-servicing-x64-july15.cab|>servicing\packages\package_4_for_kb977336~31bf3856ad364e35~amd64~~6.1.2.0.cat Error 42127 {CAB archive is corrupted.}
File C:\Windows\Installer\2c70979.msp|>PATCH_CAB|>MSPUB.EXE Error 42127 {CAB archive is corrupted.}
File C:\Windows\Installer\2fb83dc.msp|>PCW_CAB_Silver|>coreDLL Error 42127 {CAB archive is corrupted.}
File C:\Windows\Installer\adf8ad4.msp|>PATCH_CAB|>OART.DLL Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\2fd818cb2c3e8521cd50c71ff969ae3b2f1104cc|>mpengine.dll._p Error 42127 {CAB archive is corrupted.}
Number of searched folders: 41561
Number of tested files: 1574107
Number of infected files: 6


CCC error:

C:\Windows\System32\oobe\unbcl.dll
[WARNING] The file could not be opened!
C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7600.16385_none_8e216ff5c6f34f3e\unbcl.dll
[WARNING] The file could not be opened!
C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\unbcl.dll
[WARNING] The file could not be opened!

Edited by Jpsgroi, 11 March 2012 - 08:29 PM.

  • 0

#4
Jpsgroi
Posted 12 March 2012 - 04:22 PM

Jpsgroi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Log 1 OTL


========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Show all images in original quality\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Show image in original quality\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Show all images in original quality\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Show image in original quality\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2059896078-595218416-2285818778-1001\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2059896078-595218416-2285818778-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\~EUkpLarXQSJTe6r moved successfully.
C:\ProgramData\~EUkpLarXQSJTe6 moved successfully.
C:\ProgramData\EUkpLarXQSJTe6 moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Jordan\Contacts\Desktop\cmd.bat deleted successfully.
C:\Users\Jordan\Contacts\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Jordan\Contacts\Desktop\cmd.bat deleted successfully.
C:\Users\Jordan\Contacts\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Jordan\Contacts\Desktop\cmd.bat deleted successfully.
C:\Users\Jordan\Contacts\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Jordan\Contacts\Desktop\cmd.bat deleted successfully.
C:\Users\Jordan\Contacts\Desktop\cmd.txt deleted successfully.
< sc config sptd start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Jordan\Contacts\Desktop\cmd.bat deleted successfully.
C:\Users\Jordan\Contacts\Desktop\cmd.txt deleted successfully.
File\Folder c:\windows\System32\Drivers\sptd.sys not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jordan
->Flash cache emptied: 1340719 bytes

User: Kerra
->Flash cache emptied: 1894812 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 3.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jordan
->Java cache emptied: 2837549 bytes

User: Kerra
->Java cache emptied: 32650750 bytes

User: postgres

User: Public

Total Java Files Cleaned = 34.00 mb


OTL by OldTimer - Version 3.2.36.2 log created on 03122012_175341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Log 2 OTL


OTL logfile created on: 3/12/2012 5:58:18 PM - Run 2
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Jordan\Contacts\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.60 Gb Available Physical Memory | 82.51% Memory free
16.00 Gb Paging File | 14.43 Gb Available in Paging File | 90.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 391.35 Gb Free Space | 65.64% Space Free | Partition Type: NTFS

Computer Name: JORDOFILTH | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 22:22:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Contacts\Desktop\OTL.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/09/29 18:34:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/09/19 08:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 04:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/08/08 15:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/08 10:28:52 | 000,429,040 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\ppgooglenaclpluginchrome.dll
MOD - [2012/03/08 10:28:51 | 003,772,912 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
MOD - [2012/03/08 10:27:26 | 000,122,880 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avutil-51.dll
MOD - [2012/03/08 10:27:24 | 000,220,672 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avformat-53.dll
MOD - [2012/03/08 10:27:23 | 001,747,456 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/12/05 23:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/08 22:56:14 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/29 18:34:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/14 20:08:58 | 001,244,968 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 22:29:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/27 03:37:30 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/19 04:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/08/08 15:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/06 20:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 20:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 20:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 20:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 20:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 20:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/12/05 23:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 22:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 13:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 07:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/11/18 16:56:28 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/02/20 01:18:02 | 000,110,096 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2007/06/25 05:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2012/03/12 17:55:47 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...t&ltmplcache=2"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/09 00:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/28 00:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/06 01:20:36 | 000,000,000 | ---D | M]

[2011/04/12 23:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Extensions
[2011/08/25 22:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions
[2011/08/25 22:59:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/04/12 23:28:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/15 16:40:26 | 000,004,207 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\searchplugins\aim-search.xml
[2011/12/11 16:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/11 16:15:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/10 11:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/02/28 00:46:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2003/01/13 17:08:06 | 000,499,712 | ---- | M] (Morgan Multimedia) -- C:\Program Files (x86)\mozilla firefox\plugins\npjp2.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/28 00:46:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/28 00:46:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Morgan Multimedia JPEG2000 Netscape/Mozilla PlugIn (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/10 17:25:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{333B5433-1B34-4B15-A73F-A9EABE84CC96}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Jordan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ImpulseNow.lnk - - File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Ad-Watch - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Aim - hkey= - key= - C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
MsConfig:64bit - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AmazonGSDownloaderTray - hkey= - key= - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
MsConfig:64bit - StartUpReg: CPN Notifier - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Windows\SysWOW64\qttask.exe (Apple Computer, Inc.)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro36 - Reg Error: Value error.
SafeBootNet:64bit: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.at3 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.CoreFLAC_ACM - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm ()
Drivers32: msacm.divxa32 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.imc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\imc32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\lameacm.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.pcdv - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm (Canopus Co., Ltd.)
Drivers32: msacm.qmpeg - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm (QDesign Corporation)
Drivers32: msacm.sl_anet - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.aas4 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.aasc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.advj - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)
Drivers32: vidc.advs - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Adaptec\dvc.dll (Adaptec)
Drivers32: vidc.aflc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.afli - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.ap41 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.asv1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll ()
Drivers32: vidc.asv2 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()
Drivers32: vidc.asvx - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()
Drivers32: vidc.avi1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.avi2 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.avrn - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)
Drivers32: vidc.bt20 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)
Drivers32: vidc.cdvc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Canopus\csccdvc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cram - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.cscd - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\iccvid.dll (Compression Technologies, Inc.)
Drivers32: vidc.davc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll (dicas)
Drivers32: vidc.dcap - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.dcmj - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.ddvc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Canopus\cscdvsd.dll (Canopus Co., Ltd.)
Drivers32: vidc.div3 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.div4 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.div5 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.div6 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.divx - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\DivX520.dll (DivXNetworks, Inc.)
Drivers32: vidc.dmb2 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.dv25 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.dvc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvcp - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)
Drivers32: vidc.dvcs - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvsd - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvx4 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\DivX4.dll (DivXNetworks, Inc.)
Drivers32: vidc.em2v - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\etxcodec.dll (Etymonix Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.frwa - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll (Darim Vision Co.)
Drivers32: vidc.frwd - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwt - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwu - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll (Darim Vision Co.)
Drivers32: vidc.gepj - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.glzw - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Gabest\glzw.dll (Gabest)
Drivers32: vidc.gpeg - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Gabest\gpeg.dll (Gabest)
Drivers32: vidc.gpjm - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.hfyu - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv (Intel Corporation)
Drivers32: vidc.i420 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)
Drivers32: vidc.ipdv - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.ir21 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()
Drivers32: vidc.iv30 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv31 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv33 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv34 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv35 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv36 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv37 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv38 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv39 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv40 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv41 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv42 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv43 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv44 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv45 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv46 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv47 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv48 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv49 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.lead - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\LEAD\lcodccmp.dll (LEAD Technologies, Inc.)
Drivers32: vidc.m261 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv (Microsoft Corporation)
Drivers32: vidc.m263 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)
Drivers32: vidc.miro - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.mjpa - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.mjpx - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mkvc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll ()
Drivers32: vidc.mmes - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mmjp - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mp41 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp42 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp43 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp4s - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp4v - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.mpg3 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.mpg4 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mrle - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msmc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.msvc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.mszh - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\avimszh.dll ()
Drivers32: vidc.mtx1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx2 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx3 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx4 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx5 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx6 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx7 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx8 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx9 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mwv1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll (Aware Inc.)
Drivers32: vidc.nt00 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll (NewTek, Inc)
Drivers32: vidc.pdvc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.pim1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.pimj - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll (Pegasus Imaging Corporation)
Drivers32: vidc.png1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll ()
Drivers32: vidc.pvw2 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll (Pegasus Imaging Corporation)
Drivers32: vidc.q1.0 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)
Drivers32: vidc.qpeg - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)
Drivers32: vidc.rmp4 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll ()
Drivers32: vidc.rt21 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()
Drivers32: vidc.rud0 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll (nico)
Drivers32: vidc.s422 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll ()
Drivers32: vidc.sjpg - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.sony - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)
Drivers32: vidc.t420 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vcr1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll (ATI Technologies, Inc.)
Drivers32: vidc.vcr2 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll (ATI Technologies, Inc.)
Drivers32: vidc.vifp - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\vfcodec.dll ()
Drivers32: vidc.vixl - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\MIRO\miroxl32.dll (Pinnacle Systems)
Drivers32: vidc.vp30 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)
Drivers32: vidc.vp31 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)
Drivers32: vidc.vp60 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)
Drivers32: vidc.vssv - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll (Vanguard Software Solutions, Inc.)
Drivers32: vidc.wmv3 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.wnv1 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll (Winnov)
Drivers32: vidc.wrpr - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\aviwrap.dll ()
Drivers32: vidc.xvid - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\XviD\xvidvfw.dll ()
Drivers32: vidc.y411 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.y41p - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)
Drivers32: vidc.yuy2 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\ATI\atiyuv12.dll ()
Drivers32: vidc.yvu9 - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Intel\iyvu9_32.dll ()
Drivers32: vidc.yvyu - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.zlib - C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\avizlib.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 17:53:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/11 02:59:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/11 02:58:35 | 000,000,000 | --SD | C] -- C:\Commy32037C
[2012/03/11 02:54:55 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/10 23:27:27 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Jordan\Contacts\Desktop\aswMBR.exe
[2012/03/10 22:22:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jordan\Contacts\Desktop\OTL.exe
[2012/03/10 21:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/03/10 21:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/10 21:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/10 21:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/03/10 21:44:50 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Anti-Malware
[2012/03/10 21:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/03/10 21:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2012/03/10 21:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/10 18:16:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/10 18:11:20 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\Jordan\Contacts\Desktop\antizeroaccess.exe
[2012/03/10 17:11:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/10 16:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/10 16:20:31 | 000,000,000 | ---D | C] -- C:\Commy
[2012/03/04 23:37:59 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Contacts\Desktop\skse_1_04_13
[2012/03/04 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOSS
[2012/03/04 22:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BOSS
[2012/03/04 20:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Nexus Mod Manager
[2012/03/04 20:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Black_Tree_Gaming
[2012/03/04 20:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/03/04 20:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012/03/01 01:35:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/28 20:33:26 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0
[2012/02/28 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Diablo III
[2012/02/28 18:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/02/28 00:58:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/28 00:57:52 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/28 00:57:52 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/28 00:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/28 00:53:22 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/28 00:53:20 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/28 00:53:19 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/28 00:53:18 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/28 00:53:10 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/28 00:52:49 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/28 00:52:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/28 00:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/02/28 00:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/02/24 00:52:14 | 000,000,000 | ---D | C] -- C:\found.007
[2012/02/22 21:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/02/22 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/02/22 21:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/02/22 21:11:07 | 000,000,000 | ---D | C] -- C:\AMD
[2012/02/15 01:10:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 01:10:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 01:10:09 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 01:10:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 01:10:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 01:10:08 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 01:10:08 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 01:10:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 01:10:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 01:10:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 01:10:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 01:02:36 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 01:02:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 01:02:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 01:02:11 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/12 18:03:34 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000UA.job
[2012/03/12 18:03:30 | 000,002,410 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\Google Chrome.lnk
[2012/03/12 18:02:54 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 18:02:54 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 18:02:45 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/12 18:02:45 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/12 18:02:45 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/12 17:55:47 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/03/12 17:55:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 17:55:40 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/11 22:26:02 | 000,416,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 23:42:13 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/03/10 23:27:27 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Jordan\Contacts\Desktop\aswMBR.exe
[2012/03/10 23:02:17 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000Core.job
[2012/03/10 22:22:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Contacts\Desktop\OTL.exe
[2012/03/10 21:56:25 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/10 21:37:04 | 000,250,232 | ---- | M] () -- C:\Users\Jordan\Documents\cc_20120310_203651.reg
[2012/03/10 21:36:11 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/10 18:11:18 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\Jordan\Contacts\Desktop\antizeroaccess.exe
[2012/03/10 17:25:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/09 00:24:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/06 20:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 20:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/06 20:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/06 20:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/06 20:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/06 20:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/06 20:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/06 20:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/06 20:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/04 23:53:59 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\FXAA Tool.lnk
[2012/03/04 23:42:00 | 000,001,774 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\skse_loader - Shortcut.lnk
[2012/02/28 20:33:26 | 000,001,080 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2012/02/28 20:33:26 | 000,001,062 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\Cake Poker 2.0.lnk
[2012/02/28 00:53:25 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/28 00:46:54 | 000,001,895 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/22 21:55:03 | 000,000,691 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\GetValue.vbs
[2012/02/22 21:55:03 | 000,000,035 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\SetValue.bat
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/10 21:56:25 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/10 21:36:54 | 000,250,232 | ---- | C] () -- C:\Users\Jordan\Documents\cc_20120310_203651.reg
[2012/03/10 21:36:11 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/04 23:53:59 | 000,002,317 | ---- | C] () -- C:\Users\Public\Desktop\FXAA Tool.lnk
[2012/03/04 23:42:00 | 000,001,774 | ---- | C] () -- C:\Users\Jordan\Contacts\Desktop\skse_loader - Shortcut.lnk
[2012/03/04 20:17:35 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/02/28 20:33:26 | 000,001,080 | ---- | C] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2012/02/28 20:33:26 | 000,001,062 | ---- | C] () -- C:\Users\Jordan\Contacts\Desktop\Cake Poker 2.0.lnk
[2012/02/28 00:53:25 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/28 00:53:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 22:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 22:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/28 20:13:31 | 000,000,000 | ---- | C] () -- C:\Users\Jordan\AppData\Local\RIFTriftpatchlive.exe
[2011/06/16 19:47:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/14 16:16:29 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/12 22:58:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/07 23:15:02 | 000,027,528 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\UserTile.png
[2010/11/08 21:40:24 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== Custom Scans ==========



========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD6400AAKS-75A7B0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 596.00GB
Starting Offset: 1048576
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/04/12 23:27:58 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\acccore
[2011/04/12 23:27:58 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Accelrys
[2011/04/12 23:28:02 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Adobe
[2011/08/31 00:01:21 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Advanced Combat Tracker
[2011/04/12 23:28:02 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\ATI
[2012/02/28 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Azureus
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2008/12/23 19:46:42 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DAEMON Tools
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DAEMON Tools Lite
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DAEMON Tools Pro
[2011/05/24 00:52:15 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\GARMIN
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\GetRightToGo
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\HEM Data
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Identities
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Individual Software
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\InstallShield
[2011/04/12 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Macromedia
[2011/04/12 23:28:18 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Malwarebytes
[2009/07/14 03:45:14 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Media Center Programs
[2011/04/13 13:52:35 | 000,000,000 | --SD | M] -- C:\Users\Jordan\AppData\Roaming\Microsoft
[2011/04/12 23:28:23 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Mozilla
[2011/09/29 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Origin
[2011/02/07 23:15:02 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\PeerNetworking
[2011/04/12 23:28:24 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\postgresql
[2011/04/13 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\RadarSync
[2011/04/12 23:28:24 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Real
[2011/09/06 21:51:50 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\RIFT
[2011/04/12 23:28:24 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\runic games
[2011/12/16 00:35:18 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Skype
[2011/04/12 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\skypePM
[2011/04/12 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\SSH
[2011/04/12 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Stardock
[2011/04/12 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\TeamViewer
[2011/08/09 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\U3
[2011/07/22 21:32:12 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Ventrilo
[2012/02/18 19:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\vlc
[2011/04/12 23:28:26 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Winamp
[2008/12/20 23:58:51 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\WinRAR


< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/28 00:46:53 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/28 00:46:53 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/28 00:46:53 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/28 00:46:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/28 00:46:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/28 00:46:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/08 10:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/08 10:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/08 10:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/03/08 10:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/28 00:46:53 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/28 00:46:53 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/28 00:46:53 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/28 00:46:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/28 00:46:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/28 00:46:54 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/03/08 10:28:54 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/03/08 10:28:54 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/03/08 10:28:54 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\JORDAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/03/08 10:28:54 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE"

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >
  • 0

#5
RKinner
Posted 12 March 2012 - 05:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.


I assume TDSSKiller and/or aswMBR will still not run?

Ron
  • 0

#6
Jpsgroi
Posted 12 March 2012 - 05:08 PM

Jpsgroi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Can't get tds killer or the other scanner to run despite changing the file names.

This error keeps popping up now in Avast:


URL: http://megatrast.in/...175429c0a7e08f3
Process: C:\Windows\explorer.exe
Infection: URL:Mal

& then windows shut down suddenly and I got a blue screen.


Problem signature
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Files that help describe the problem (some files may no longer be available)
031212-23984-01.dmp
sysdata.xml
WERInternalMetadata.xml

View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Extra information about the problem
BCCode: 24
BCP1: 00000000001904FB
BCP2: FFFFF8800A26F678
BCP3: FFFFF8800A26EED0
BCP4: FFFFF8800121E8AD
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
Bucket ID: X64_0x24_Ntfs!NtfsAcquireFcbWithPaging+12d
Server information: 61e3c130-7831-4cf0-9a16-c3a93d2748bf

Going to try and run the scans in safemode now. Thank you.
  • 0

#7
Jpsgroi
Posted 12 March 2012 - 05:10 PM

Jpsgroi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EP45-UD3L
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 156):
0x03011000 \SystemRoot\system32\ntoskrnl.exe
0x035FA000 \SystemRoot\system32\hal.dll
0x00BAB000 \SystemRoot\system32\kdcom.dll
0x00CB3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D02000 \SystemRoot\system32\PSHED.dll
0x00D16000 \SystemRoot\system32\CLFS.SYS
0x00E42000 \SystemRoot\system32\CI.dll
0x00F02000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00D74000 \SystemRoot\system32\drivers\ACPI.sys
0x00FB5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FBE000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FC8000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00FD5000 \SystemRoot\System32\drivers\partmgr.sys
0x00FEA000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E33000 \SystemRoot\system32\drivers\pciide.sys
0x00C5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01024000 \SystemRoot\system32\drivers\vmbus.sys
0x01060000 \SystemRoot\system32\drivers\winhv.sys
0x01074000 \SystemRoot\system32\drivers\atapi.sys
0x0107D000 \SystemRoot\system32\drivers\ataport.SYS
0x010A7000 \SystemRoot\system32\drivers\amdxata.sys
0x010B2000 \SystemRoot\system32\drivers\fltmgr.sys
0x010FE000 \SystemRoot\system32\drivers\fileinfo.sys
0x01229000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01112000 \SystemRoot\System32\Drivers\msrpc.sys
0x013CC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01170000 \SystemRoot\System32\Drivers\cng.sys
0x013E7000 \SystemRoot\System32\drivers\pcw.sys
0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014E7000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016CD000 \SystemRoot\System32\drivers\tcpip.sys
0x018D1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0191B000 \SystemRoot\system32\drivers\vmstorfl.sys
0x0192B000 \SystemRoot\system32\drivers\volsnap.sys
0x01977000 \SystemRoot\System32\Drivers\spldr.sys
0x0197F000 \SystemRoot\System32\drivers\rdyboost.sys
0x019B9000 \SystemRoot\System32\Drivers\mup.sys
0x019CB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019D4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03A40000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x03B0D000 \SystemRoot\System32\Drivers\Null.SYS
0x03B16000 \SystemRoot\System32\Drivers\Beep.SYS
0x03B1D000 \SystemRoot\System32\drivers\vga.sys
0x03B2B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03B50000 \SystemRoot\System32\drivers\watchdog.sys
0x03B60000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03B69000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03B72000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03B7B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03B86000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03B97000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03BB9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03BC6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03CE3000 \SystemRoot\system32\drivers\afd.sys
0x03D6C000 \SystemRoot\System32\Drivers\aswrdr2.sys
0x03D7C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03DC1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03DCC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03DD5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03C00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03C0F000 \SystemRoot\system32\DRIVERS\serial.sys
0x03C2C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03C47000 \SystemRoot\system32\drivers\termdd.sys
0x03C5B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CAC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03CB8000 \SystemRoot\system32\drivers\mssmbios.sys
0x03CC3000 \SystemRoot\System32\drivers\discache.sys
0x03E14000 \SystemRoot\system32\drivers\csc.sys
0x03E97000 \SystemRoot\System32\Drivers\dfsc.sys
0x03EB5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03EC6000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03F1E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F44000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03F5A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x048A8000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x040B0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x041A4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04000000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04024000 \SystemRoot\system32\drivers\usbuhci.sys
0x04031000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04087000 \SystemRoot\system32\drivers\usbehci.sys
0x05333000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04098000 \SystemRoot\system32\DRIVERS\fdc.sys
0x041EA000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0539A000 \SystemRoot\system32\DRIVERS\parport.sys
0x053B7000 \SystemRoot\system32\drivers\CompositeBus.sys
0x053C7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04824000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04830000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0485F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0487A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x053DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x040A5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03FAF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FBE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041F6000 \SystemRoot\system32\drivers\swenum.sys
0x0148B000 \SystemRoot\system32\drivers\ks.sys
0x03FCD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05654000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x056AE000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x056B9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x056CE000 \SystemRoot\system32\drivers\AtihdW76.sys
0x056E8000 \SystemRoot\system32\drivers\portcls.sys
0x05725000 \SystemRoot\system32\drivers\drmk.sys
0x05747000 \SystemRoot\system32\drivers\ksthunk.sys
0x06E6D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06FD7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06FE5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06FF1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06E00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06E13000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06E30000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06E32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06E40000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06E59000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0574D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0575B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x05768000 \SystemRoot\System32\drivers\Dxapi.sys
0x05774000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00710000 \SystemRoot\System32\cdd.dll
0x05782000 \SystemRoot\system32\drivers\luafv.sys
0x057A5000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x06E62000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x057DC000 \SystemRoot\system32\drivers\WudfPf.sys
0x05600000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05615000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05481000 \SystemRoot\system32\drivers\HTTP.sys
0x0554A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05568000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05580000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x055AD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07CE3000 \SystemRoot\system32\drivers\peauth.sys
0x07D89000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07D94000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07DC5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08C67000 \SystemRoot\System32\DRIVERS\srv.sys
0x08CFF000 \??\C:\Windows\gdrv.sys
0x08D79000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x778D0000 \Windows\System32\ntdll.dll
0x47E90000 \Windows\System32\smss.exe
0xFFBF0000 \Windows\System32\apisetschema.dll
0xFFD10000 \Windows\System32\autochk.exe

Processes (total 59):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
436 csrss.exe
512 csrss.exe
520 C:\Windows\System32\wininit.exe
556 C:\Windows\System32\winlogon.exe
612 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\atiesrxx.exe
984 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\audiodg.exe
1048 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1236 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1260 C:\Windows\System32\atieclxx.exe
1372 C:\Windows\System32\spoolsv.exe
1408 C:\Windows\System32\svchost.exe
1500 C:\Windows\System32\svchost.exe
1552 C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
1116 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
2076 C:\Windows\System32\dwm.exe
2108 C:\Windows\explorer.exe
2168 C:\Windows\SysWOW64\PnkBstrA.exe
2316 C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
2576 postgres.exe
2588 conhost.exe
2632 C:\Windows\System32\taskhost.exe
2756 postgres.exe
2928 postgres.exe
2936 postgres.exe
2944 postgres.exe
2952 postgres.exe
2020 C:\Windows\RAVCpl64.exe
2592 C:\Program Files\Windows Sidebar\sidebar.exe
708 C:\Windows\System32\SearchIndexer.exe
3104 C:\Windows\System32\svchost.exe
3268 C:\Program Files\Windows Media Player\wmpnetwk.exe
3552 WmiPrvSE.exe
3760 C:\Windows\System32\svchost.exe
4056 C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe
2032 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2732 C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe
4016 C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe
4164 C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe
4912 C:\Windows\System32\svchost.exe
1796 C:\Users\Jordan\AppData\Local\Google\Chrome\Application\chrome.exe
3828 WmiPrvSE.exe
1996 C:\Windows\System32\SearchProtocolHost.exe
4680 C:\Windows\System32\SearchFilterHost.exe
3792 C:\Users\Jordan\Contacts\Desktop\MBRCheck.exe
3336 C:\Windows\System32\conhost.exe
3532 C:\Windows\System32\dllhost.exe
3668 taskhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-75A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

I'm running the boot-time scan now. Trying to open those programs in safe mode was unsuccessful.

Boot scan result:

----------------------------------------
03/12/2012 19:29
Scan of all local drives

File C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 3\main\iw_16.iwd|>sound\shg\amb_streams\amb_dubai_oasis_elevator_smashed_rear.wav Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jordan\AppData\Roaming\acccore\caches\bart\1024\97F87B59785A4C0E4DC9DF92786C404C|>dblue12.gif Error 42125 {ZIP archive is corrupted.}
File C:\Users\Jordan\Downloads\11-2_vista64_win7_64_dd_ccc_ocl.exe|>$[31]\Packages\Apps\CCC2\Graphics-Previews-Common\ccc-graphics-previews-common.msi|>Data1.cab|>_B47C8A221EA04FFE8FCF4399E0482051 Error 42127 {CAB archive is corrupted.}
File C:\Users\Jordan\Downloads\11-2_vista64_win7_64_dd_ccc_ocl.exe|>$[31]\Packages\Apps\CCC2\Graphics-Previews-Common\ccc-graphics-previews-common.msi|>Data1.cab Error 42144 {OLE archive is corrupted.}
File C:\Users\Jordan\Downloads\EmsisoftAntiMalwareSetup.exe|>{app}\Signatures\t3sigs.vdb Error 42145 {Installer archive is corrupted.}
File C:\Windows\CheckSur\v1.0\windows6.1-servicing-x64-july15.cab|>servicing\packages\package_4_for_kb977336~31bf3856ad364e35~amd64~~6.1.2.0.cat Error 42127 {CAB archive is corrupted.}
File C:\Windows\Installer\2fb83dc.msp|>PCW_CAB_Silver|>coreDLL Error 42127 {CAB archive is corrupted.}
File C:\Windows\Installer\54e16a1.msp|>PATCH_CAB|>OUTLLIBR.DLL_1033 Error 42127 {CAB archive is corrupted.}
File C:\Windows\Installer\54e1914.msp|>PATCH_CAB|>NLSMODEL.DLL_1033 Error 42127 {CAB archive is corrupted.}
File C:\Windows\Installer\54e1914.msp|>PATCH_CAB Error 42144 {OLE archive is corrupted.}
File C:\Windows\Installer\adf8ad4.msp|>PATCH_CAB|>OART.DLL Error 42127 {CAB archive is corrupted.}
File C:\Windows\SoftwareDistribution\Download\2fd818cb2c3e8521cd50c71ff969ae3b2f1104cc|>mpengine.dll._p Error 42127 {CAB archive is corrupted.}
Number of searched folders: 40832
Number of tested files: 1481946
Number of infected files: 0

Edited by Jpsgroi, 12 March 2012 - 07:19 PM.

  • 0

#8
RKinner
Posted 12 March 2012 - 07:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Don't know what the link is but it upsets my Avast so can't see it. If it is supposed to be a screen shot please save it as a jpg and attach it to a post.
http://graphicssoft....nscreenshot.htm

BCC 24 indicates a problem in ntfs.sys. Possibly caused by drive corruption which might explain the problems with WDO, TDSSKiller and aswMBR. You have a Western Digital drive:
WDC WD6400AAKS

Try downloading their test program:

http://support.wdc.c...6&sid=3&lang=en

See if you can get it to run then do an Extended Test. This will take many hours.

Unless they have recently fixed it the CD version doesn't work.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

sigverif

Then press the Start button in the new window. Does it give you any files with newish dates?

I do see a strange file in your logs:

C:\Users\Jordan\AppData\Local\RIFTriftpatchlive.exe

Can you submit it to http://www.virustotal.com ?
  • 0

#9
Jpsgroi
Posted 12 March 2012 - 10:28 PM

Jpsgroi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\windows]
atiogl.xml 10/10/2011 2:6.0 Signed c7132104.cat Microsoft Windows Hardware Compatibility Publisher
gdrv.sys 3/13/2012 None Signed N/A


In the log this is only file that is for 2012.


Here is the VEW log


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/03/2012 12:25:07 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/03/2012 4:02:45 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



I am running the HD tests overnight.

Thank you very much, hope this can get fixed!
  • 0

#10
RKinner
Posted 13 March 2012 - 01:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Also submit C:\Windows\gdrv.sys to http://www.virustotal.com and see what they have to say about the file. If it doesn't say 0/43 or so then copy and paste the report.

Supposedly it comes from Gigabyte but I wonder why it has such a new date on it.
  • 0

Advertisements

#11
Jpsgroi
Posted 13 March 2012 - 04:27 PM

Jpsgroi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi - both files were 0/43. The extensive hard drive test ran successfully. I have done everything you mentioned thus far. The virus keeps popping up from somewhere, Avast keeps deleting it over and over.

Still can't get WDO, TDSSKiller and aswMBR to run. Why won't they work in safe mode? :(

Edited by Jpsgroi, 13 March 2012 - 04:28 PM.

  • 0

#12
RKinner
Posted 13 March 2012 - 05:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Make sure you have uninstalled Malwarebytes' Anti-Malware (If it's installed it will cause the system to crash when we try to use the next program).

Pause your anti-virus while downloading or running TheKiller.

We need to disable malware processes on your system first so we are going to try TheKiller.
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Once you have run TheKiller once then try running your aswMBR and TDSSKiller again.
  • 0

#13
Jpsgroi
Posted 13 March 2012 - 05:54 PM

Jpsgroi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Unsuccessful after running TheKiller. Changed the file names as well. I have Windows 7 Ultimate edition. I upgraded from Vista with it. Not sure if these details are important.

Edited by Jpsgroi, 13 March 2012 - 05:57 PM.

  • 0

#14
RKinner
Posted 13 March 2012 - 06:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Does anything happen when you try to run the programs?

Have you tried creating a new user with admin rights and booting to the new user and downloading and trying the two programs?
  • 0

#15
Jpsgroi
Posted 13 March 2012 - 06:48 PM

Jpsgroi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I got the scan to work. It is in progress now. Looks like I have a 1mb partition w/ the virus on it. Will edit this post with log results soon.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 20:41:30
-----------------------------
20:41:30.197 OS Version: Windows x64 6.1.7601 Service Pack 1
20:41:30.197 Number of processors: 2 586 0x170A
20:41:30.197 ComputerName: JORDOFILTH UserName: Zilla
20:41:37.947 Initialize success
20:41:41.431 AVAST engine defs: 12031301
20:42:07.072 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:42:07.087 Disk 0 Vendor: WDC_WD6400AAKS-75A7B0 01.03B01 Size: 610479MB BusType: 3
20:42:07.166 Disk 0 MBR read successfully
20:42:07.166 Disk 0 MBR scan
20:42:07.166 Disk 0 Windows 7 default MBR code
20:42:07.166 Disk 0 MBR hidden
20:42:07.181 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 610477 MB offset 2048
20:42:07.244 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 1250258944
20:42:07.244 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]
20:42:07.353 Disk 0 scanning C:\Windows\system32\drivers
20:42:33.433 Service scanning
20:42:50.105 Modules scanning
20:42:51.308 AVAST engine scan C:\Windows
20:42:54.386 AVAST engine scan C:\Windows\system32
20:44:46.277 AVAST engine scan C:\Windows\system32\drivers
20:44:52.792 AVAST engine scan C:\Users\Zilla
20:45:10.027 AVAST engine scan C:\ProgramData
20:49:16.839 Scan finished successfully
20:52:42.824 Disk 0 MBR has been saved successfully to "C:\Users\Zilla\Desktop\MBR.dat"
20:52:42.824 The log file has been saved successfully to "C:\Users\Zilla\Desktop\aswMBRlog.txt"




TDS still does not work.

Edited by Jpsgroi, 13 March 2012 - 06:55 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP