I have attached the results of two programs. I also did a scan with windows defender offline beta. That scan detected the virus but an error resulted when it came time for removal.
aswMBR will not load for me. TDSkiler either. A lot of the threads I came across suggested these programs but I can't get them to load running as administer.
Any help would be greatly appreciated. Thank you.
OTL logfile created on: 3/10/2012 9:23:51 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Jordan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 5.57 Gb Available Physical Memory | 69.64% Memory free
16.00 Gb Paging File | 13.27 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 372.73 Gb Free Space | 62.52% Space Free | Partition Type: NTFS
Computer Name: JORDOFILTH | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/03/10 21:22:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Downloads\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/27 23:46:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/09/30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011/09/29 17:34:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/08/08 14:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
========== Modules (No Company Name) ==========
MOD - [2012/03/08 09:28:52 | 000,429,040 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\ppgooglenaclpluginchrome.dll
MOD - [2012/03/08 09:28:51 | 003,772,912 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
MOD - [2012/03/08 09:27:26 | 000,122,880 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avutil-51.dll
MOD - [2012/03/08 09:27:24 | 000,220,672 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avformat-53.dll
MOD - [2012/03/08 09:27:23 | 001,747,456 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\avcodec-53.dll
MOD - [2012/03/08 04:39:20 | 008,593,056 | ---- | M] () -- C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
MOD - [2012/02/27 23:46:54 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/28 17:44:32 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/12/05 22:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/12/08 21:56:14 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/29 17:34:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/14 19:08:58 | 001,244,968 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 21:29:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/27 02:37:30 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/08/08 14:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 21:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 06:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/11/18 15:56:28 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/27 00:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/02/20 00:18:02 | 000,110,096 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2007/06/25 04:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2012/03/10 20:33:35 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...t<mplcache=2"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/08 23:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/27 23:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/06 00:20:36 | 000,000,000 | ---D | M]
[2011/04/12 22:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Extensions
[2011/08/25 21:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions
[2011/08/25 21:59:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/04/12 22:28:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/15 15:40:26 | 000,004,207 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\searchplugins\aim-search.xml
[2011/12/11 15:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/11 15:15:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/10 10:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/02/27 23:46:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2003/01/13 16:08:06 | 000,499,712 | ---- | M] (Morgan Multimedia) -- C:\Program Files (x86)\mozilla firefox\plugins\npjp2.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/27 23:46:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/27 23:46:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jordan\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Morgan Multimedia JPEG2000 Netscape/Mozilla PlugIn (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 6.5.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jordan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/03/10 16:25:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Show all images in original quality - C:\Program Files (x86)\www.cproxy.com\originalAll.htm File not found
O8:64bit: - Extra context menu item: Show image in original quality - C:\Program Files (x86)\www.cproxy.com\original.htm File not found
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Show all images in original quality - C:\Program Files (x86)\www.cproxy.com\originalAll.htm File not found
O8 - Extra context menu item: Show image in original quality - C:\Program Files (x86)\www.cproxy.com\original.htm File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{333B5433-1B34-4B15-A73F-A9EABE84CC96}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/10 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/10 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/03/10 20:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/10 20:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/10 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/03/10 20:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/03/10 20:44:50 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Anti-Malware
[2012/03/10 20:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/03/10 20:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2012/03/10 20:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/10 17:16:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/10 17:11:20 | 000,187,464 | ---- | C] (Webroot) -- C:\Users\Jordan\Contacts\Desktop\antizeroaccess.exe
[2012/03/10 16:11:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/10 15:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/10 15:20:31 | 000,000,000 | ---D | C] -- C:\Commy
[2012/03/10 15:13:15 | 004,432,490 | R--- | C] (Swearware) -- C:\Users\Jordan\Contacts\Desktop\Commy.exe
[2012/03/04 22:37:59 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Contacts\Desktop\skse_1_04_13
[2012/03/04 21:00:25 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOSS
[2012/03/04 21:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BOSS
[2012/03/04 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Nexus Mod Manager
[2012/03/04 19:17:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Black_Tree_Gaming
[2012/03/04 19:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/03/04 19:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012/03/01 00:35:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/02/28 19:33:26 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0
[2012/02/28 18:27:46 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\Diablo III
[2012/02/28 17:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/02/27 23:58:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/27 23:57:52 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/27 23:57:52 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/27 23:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/27 23:53:22 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/27 23:53:20 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/27 23:53:19 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/02/27 23:53:18 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/27 23:53:10 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/27 23:52:49 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/27 23:52:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/27 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/02/27 23:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/02/23 23:52:14 | 000,000,000 | ---D | C] -- C:\found.007
[2012/02/22 20:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/02/22 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/02/22 20:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/02/22 20:11:07 | 000,000,000 | ---D | C] -- C:\AMD
[2012/02/15 00:10:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 00:10:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 00:10:09 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 00:10:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 00:10:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 00:10:08 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/15 00:10:08 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 00:10:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 00:10:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 00:10:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 00:10:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 00:02:36 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 00:02:26 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 00:02:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 00:02:11 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/10 21:02:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000UA.job
[2012/03/10 20:56:25 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/10 20:45:01 | 000,001,115 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/03/10 20:45:01 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/03/10 20:40:52 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:40:52 | 000,010,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:37:04 | 000,250,232 | ---- | M] () -- C:\Users\Jordan\Documents\cc_20120310_203651.reg
[2012/03/10 20:36:11 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/10 20:33:35 | 000,024,072 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/03/10 20:33:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 20:33:27 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 17:11:18 | 000,187,464 | ---- | M] (Webroot) -- C:\Users\Jordan\Contacts\Desktop\antizeroaccess.exe
[2012/03/10 16:25:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/10 15:13:31 | 004,432,490 | R--- | M] (Swearware) -- C:\Users\Jordan\Contacts\Desktop\Commy.exe
[2012/03/09 22:02:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000Core.job
[2012/03/08 23:24:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/08 23:02:40 | 000,002,410 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\Google Chrome.lnk
[2012/03/06 23:51:43 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/06 19:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/06 03:01:36 | 000,743,982 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/06 03:01:36 | 000,626,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 03:01:36 | 000,107,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/04 22:53:59 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\FXAA Tool.lnk
[2012/03/04 22:42:00 | 000,001,774 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\skse_loader - Shortcut.lnk
[2012/02/28 19:33:26 | 000,001,080 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2012/02/28 19:33:26 | 000,001,062 | ---- | M] () -- C:\Users\Jordan\Contacts\Desktop\Cake Poker 2.0.lnk
[2012/02/27 23:53:25 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/27 23:48:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/27 23:46:54 | 000,001,895 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/22 20:55:03 | 000,000,691 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\GetValue.vbs
[2012/02/22 20:55:03 | 000,000,035 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\SetValue.bat
[2012/02/15 23:37:19 | 000,416,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/10 20:56:25 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/10 20:45:01 | 000,001,115 | ---- | C] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/03/10 20:45:01 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/03/10 20:36:54 | 000,250,232 | ---- | C] () -- C:\Users\Jordan\Documents\cc_20120310_203651.reg
[2012/03/10 20:36:11 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/04 22:53:59 | 000,002,317 | ---- | C] () -- C:\Users\Public\Desktop\FXAA Tool.lnk
[2012/03/04 22:42:00 | 000,001,774 | ---- | C] () -- C:\Users\Jordan\Contacts\Desktop\skse_loader - Shortcut.lnk
[2012/03/04 19:17:35 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/02/28 19:33:26 | 000,001,080 | ---- | C] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2012/02/28 19:33:26 | 000,001,062 | ---- | C] () -- C:\Users\Jordan\Contacts\Desktop\Cake Poker 2.0.lnk
[2012/02/27 23:53:25 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/27 23:53:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/27 23:45:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 00:44:36 | 000,000,184 | ---- | C] () -- C:\ProgramData\~EUkpLarXQSJTe6r
[2012/01/24 00:44:35 | 000,000,296 | ---- | C] () -- C:\ProgramData\~EUkpLarXQSJTe6
[2012/01/24 00:44:28 | 000,000,344 | ---- | C] () -- C:\ProgramData\EUkpLarXQSJTe6
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/28 19:13:31 | 000,000,000 | ---- | C] () -- C:\Users\Jordan\AppData\Local\RIFTriftpatchlive.exe
[2011/06/16 18:47:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/14 15:16:29 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/12 21:58:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/07 22:15:02 | 000,027,528 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\UserTile.png
[2010/11/08 20:40:24 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID
< End of report >
ComboFix 12-03-10.02 - Jordan 03/10/2012 15:31:01.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.5955 [GMT -5:00]
Running from: c:\users\Jordan\Contacts\Desktop\Commy.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jordan\AppData\Roaming\Roaming
c:\users\Jordan\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\users\Jordan\Documents\~WRL0004.tmp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\odbcad32.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 21:11 . 2012-03-10 21:11 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-03-10 21:11 . 2012-03-10 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 21:11 . 2012-03-10 21:11 -------- d-----w- c:\users\Kerra\AppData\Local\temp
2012-03-09 23:29 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D973061F-A10C-42AF-BE0B-B6BFF463FA43}\mpengine.dll
2012-03-05 02:00 . 2012-03-05 02:00 -------- d-----w- c:\program files (x86)\Common Files\BOSS
2012-03-05 00:17 . 2012-03-05 00:17 -------- d-----w- c:\users\Jordan\AppData\Local\Black_Tree_Gaming
2012-03-05 00:17 . 2012-03-07 04:51 -------- d-----w- c:\program files\Nexus Mod Manager
2012-03-01 05:35 . 2012-03-01 05:35 -------- d-----w- c:\windows\PCHEALTH
2012-02-28 22:33 . 2012-02-28 23:27 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-02-28 22:31 . 2012-02-28 22:32 -------- d-----w- c:\programdata\Battle.net
2012-02-28 04:58 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-28 04:57 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-28 04:57 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-28 04:53 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 04:53 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-28 04:53 . 2010-06-28 21:33 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-28 04:53 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-28 04:53 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-28 04:52 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 04:52 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-28 04:52 . 2012-02-28 04:52 -------- d-----w- c:\programdata\Alwil Software
2012-02-28 04:52 . 2012-02-28 04:52 -------- d-----w- c:\program files\Alwil Software
2012-02-24 04:52 . 2012-02-24 04:52 -------- d-----w- C:\found.007
2012-02-23 01:15 . 2012-02-23 01:15 -------- d-----w- c:\programdata\ATI
2012-02-23 01:15 . 2012-02-23 01:15 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-23 01:11 . 2012-02-23 01:11 -------- d-----w- C:\AMD
2012-02-15 05:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 05:02 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 05:02 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 05:02 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 05:02 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:02 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 21:24 . 2008-12-21 02:35 24072 ----a-w- c:\windows\gdrv.sys
2012-02-23 14:18 . 2009-10-02 18:03 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 01:55 . 2010-02-22 07:10 691 ----a-w- c:\users\Jordan\AppData\Roaming\GetValue.vbs
2012-02-23 01:55 . 2010-02-22 07:10 35 ----a-w- c:\users\Jordan\AppData\Roaming\SetValue.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
R4 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-07-27 185640]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - avgntflt
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000Core.job
- c:\users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 04:52]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2059896078-595218416-2285818778-1000UA.job
- c:\users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 04:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Show all images in original quality - c:\program files (x86)\www.cproxy.com\originalAll.htm
IE: Show image in original quality - c:\program files (x86)\www.cproxy.com\original.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\uz3om6gd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
AddRemove-CPROXY_is1 - c:\program files (x86)\www.cproxy.com\unins000.exe
AddRemove-Garena - c:\program files (x86)\Garena\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
.
**************************************************************************
.
Completion time: 2012-03-10 16:46:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 21:46
.
Pre-Run: 368,341,934,080 bytes free
Post-Run: 369,107,546,112 bytes free
.
- - End Of File - - 63AEA38007B8C00E94EB22FA8E4C58EB