Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

S.M.A.R.T HDD Virus [Solved]

Started by jacknm2 , Mar 31 2012 08:21 AM

  • This topic is locked This topic is locked

#1
jacknm2
Posted 31 March 2012 - 08:21 AM

jacknm2

    New Member

  • Member
  • Pip
  • 6 posts
Hi, im new to these forums.

Similar post to one already on here but that says not to follow the instructions as they are only for that specific member.

I have ran malwarebytes (free), TDSSKiller.exe, i no longer have the error messages or the fake S.M.A.R.T HDD.exe as i have managed to remove it from the system. BUT i still have "access denied" on many of my key folders (C:\Users\"username"\Application Data -/- (C:\Users\"username"\Documents and Settings etc...), been in safe mode several times, tried to clean up the registry but i've hit a dead end as i cannot access the folders to delete suspicious files.

I've also tried Unhide.exe and Rkill.exe with no results

Any help or advice would be greatly appreciated to solve this problem
  • 0

Advertisements

#2
Essexboy
Posted 31 March 2012 - 08:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets see what you have

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
jacknm2
Posted 31 March 2012 - 08:34 AM

jacknm2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi thanks for the quick response, Logs Requested:

OTL.Txt

OTL logfile created on: 31-3-12 3:27:31 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jack\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-M-yy

7.92 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 77.22% Memory free
15.84 Gb Paging File | 13.96 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 5.80 Gb Free Space | 10.38% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 298.09 Gb Total Space | 21.79 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1193.28 Gb Free Space | 64.05% Space Free | Partition Type: NTFS
Drive N: | 3.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-31 15:25:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
PRC - [2012-03-18 14:24:28 | 000,924,600 | -H-- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-02-13 09:06:56 | 003,481,408 | -H-- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011-12-07 22:15:41 | 000,189,248 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011-12-07 22:15:28 | 000,075,136 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011-12-05 13:34:56 | 000,247,728 | -H-- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011-12-05 13:34:56 | 000,092,592 | -H-- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011-04-30 00:32:54 | 000,013,592 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011-04-30 00:32:50 | 000,284,440 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011-03-24 05:37:18 | 000,493,384 | -H-- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
PRC - [2011-03-22 09:37:16 | 000,497,480 | -H-- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010-12-23 10:00:12 | 003,344,384 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
PRC - [2010-11-15 12:21:56 | 000,841,544 | -H-- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010-11-15 12:21:54 | 000,477,000 | -H-- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010-10-05 21:04:12 | 002,655,768 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010-10-05 21:04:08 | 000,325,656 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010-04-22 15:05:26 | 001,011,712 | -H-- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009-10-13 16:39:46 | 000,114,688 | -H-- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009-07-14 02:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009-06-17 16:13:06 | 000,068,136 | -H-- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2007-08-07 01:05:46 | 000,200,704 | -H-- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2007-07-18 00:32:55 | 000,460,048 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-19 10:42:26 | 008,527,520 | -H-- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012-03-18 14:24:28 | 001,969,080 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-02-12 00:05:08 | 000,492,544 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\239eac7d8086ace12a9d4ca0aa349256\IAStorUtil.ni.dll
MOD - [2012-02-12 00:05:08 | 000,014,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f6678aaee1dfa07180264a8cdfc526f8\IAStorCommon.ni.dll
MOD - [2012-02-12 00:02:29 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2012-02-12 00:02:15 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2012-02-12 00:02:11 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2012-02-12 00:02:03 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2012-02-12 00:02:00 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2012-02-12 00:01:58 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2012-02-12 00:01:58 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2012-02-12 00:01:54 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010-12-23 10:00:12 | 003,344,384 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
MOD - [2010-12-02 13:01:18 | 000,994,304 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2010-12-02 10:56:52 | 000,815,104 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
MOD - [2010-11-24 02:11:21 | 002,535,936 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2010-11-01 13:16:00 | 000,062,976 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2010-10-11 03:13:52 | 000,087,040 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_MouseDeviceManager.dll
MOD - [2010-09-20 07:19:01 | 000,062,976 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2010-09-20 07:18:57 | 000,085,504 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_ZoomControl.dll
MOD - [2010-09-20 07:18:54 | 000,054,272 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_ScrollbarControl.dll
MOD - [2010-09-20 07:18:50 | 000,117,760 | -H-- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_Wheel4D.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012-02-15 04:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-08-05 12:53:12 | 000,467,680 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011-08-05 12:53:12 | 000,306,400 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011-08-05 12:53:06 | 008,277,728 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010-04-06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-12-07 22:15:41 | 000,189,248 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011-12-07 22:15:28 | 000,075,136 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011-12-05 13:34:56 | 000,092,592 | -H-- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011-04-30 00:32:54 | 000,013,592 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011-03-24 05:37:18 | 000,493,384 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2011-03-22 09:37:16 | 000,497,480 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 12:21:54 | 000,477,000 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010-10-05 21:04:12 | 002,655,768 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010-10-05 21:04:08 | 000,325,656 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010-03-18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-10-13 16:39:46 | 000,114,688 | -H-- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009-06-17 16:13:06 | 000,068,136 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-05-15 08:29:18 | 000,087,288 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-03-14 20:11:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-03-07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-03-07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-03-07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-03-07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-03-07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-02-15 04:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-02-15 03:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-01-04 15:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011-12-05 20:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-11-01 17:48:51 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011-08-31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-08-30 01:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011-04-26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-03-07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011-03-07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011-01-13 12:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-01-10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010-10-14 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010-08-19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007-08-07 01:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012-03-31 14:46:48 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012-03-24 17:10:28 | 000,030,528 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012-01-01 18:24:45 | 000,025,640 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-02-24 18:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 D4 43 A9 5E 63 CC 01 [binary data]
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes,DefaultScope = {3F771796-BEE1-4350-8BA4-75B4AA9CC5CB}
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes\{3F771796-BEE1-4350-8BA4-75B4AA9CC5CB}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes\{8513E622-70A2-49bc-AFB2-E75B2451891F}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes\{92F776EF-16B6-468f-9B77-96F4A1F76CDC}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011-08-25 20:03:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011-08-25 20:03:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011-08-25 20:03:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-24 17:09:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-03-18 14:24:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-12-22 11:53:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2011-12-22 11:53:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012-01-12 19:20:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uz0tlz6p.default\extensions
[2012-01-15 00:28:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-03-24 17:09:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-03-18 14:24:28 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-10-06 13:49:54 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-11-13 13:36:25 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-371972060-1203410474-730646131-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-371972060-1203410474-730646131-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-371972060-1203410474-730646131-1000..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKU\S-1-5-21-371972060-1203410474-730646131-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E58802A9-7A9C-475D-8CFD-E022666C7DEB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-14 10:26:40 | 000,000,043 | R--- | M] () - N:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1f7ee31c-eda9-11e0-ae6a-00081bc03f59}\Shell - "" = AutoRun
O33 - MountPoints2\{1f7ee31c-eda9-11e0-ae6a-00081bc03f59}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{5fcc4f14-6e08-11e1-9126-50e54950cc7d}\Shell - "" = AutoRun
O33 - MountPoints2\{5fcc4f14-6e08-11e1-9126-50e54950cc7d}\Shell\AutoRun\command - "" = N:\setup.exe -- [2009-07-14 10:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a5920ff0-cf51-11e0-9df3-00081bc03f59}\Shell - "" = AutoRun
O33 - MountPoints2\{a5920ff0-cf51-11e0-9df3-00081bc03f59}\Shell\AutoRun\command - "" = Z:\Autorun.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\setup.exe -- [2009-07-14 10:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\dvdcheck.exe
O33 - MountPoints2\O\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\O\Shell\setup\command - "" = O:\setup.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-03-31 15:25:09 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2012-03-31 12:45:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-03-31 12:44:17 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jack\Desktop\TDSSKiller.exe
[2012-03-31 11:10:39 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\Malwarebytes
[2012-03-31 11:10:34 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-03-31 11:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-31 11:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-03-31 11:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-03-31 10:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012-03-31 09:52:19 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012-03-30 21:34:38 | 000,000,000 | -H-D | C] -- C:\Users\Jack\Documents\Command and Conquer 4
[2012-03-30 19:55:08 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Roaming\Command and Conquer 4
[2012-03-30 19:55:06 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\Electronic_Arts_Inc
[2012-03-30 17:31:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012-03-24 17:09:10 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-03-19 17:55:47 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2012-03-14 20:20:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\ATI
[2012-03-14 20:15:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\AMD AVT
[2012-03-14 20:15:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\AMD
[2012-03-14 20:15:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\AMD APP
[2012-03-14 20:15:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012-03-14 20:11:13 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-03-14 20:11:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012-03-09 20:56:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2012-03-09 20:44:05 | 000,000,000 | -H-D | C] -- C:\Users\Jack\AppData\Local\Focus Home Interactive
[2011-11-01 17:48:51 | 000,082,816 | -H-- | C] (VSO Software) -- C:\Users\Jack\AppData\Roaming\pcouffin.sys
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-31 15:25:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2012-03-31 14:53:40 | 000,772,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-03-31 14:53:40 | 000,655,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-03-31 14:53:40 | 000,118,998 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-03-31 14:51:49 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-31 14:51:49 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-31 14:46:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-31 14:46:43 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-31 13:32:52 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012-03-31 11:10:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-31 09:52:19 | 000,000,671 | -H-- | M] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012-03-26 14:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jack\Desktop\TDSSKiller.exe
[2012-03-24 17:10:28 | 000,030,528 | -H-- | M] () -- C:\Windows\GVTDrv64.sys
[2012-03-24 17:09:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysWow64\config.nt
[2012-03-23 14:44:00 | 000,000,193 | -H-- | M] () -- C:\Windows\WORDPAD.INI
[2012-03-14 20:11:13 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-03-07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-03-07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-03-07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012-03-07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-03-07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-03-07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-03-07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-03-07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-03-07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-31 11:10:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-31 09:52:19 | 000,000,671 | -H-- | C] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012-03-23 14:44:00 | 000,000,193 | -H-- | C] () -- C:\Windows\WORDPAD.INI
[2012-02-15 03:36:36 | 000,204,952 | -H-- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 03:36:36 | 000,157,144 | -H-- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-02-14 23:05:16 | 000,054,784 | -H-- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012-01-31 07:00:24 | 000,016,896 | -H-- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-01-03 20:17:16 | 000,036,892 | -H-- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011-12-07 22:15:29 | 000,189,248 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-12-07 22:15:28 | 000,075,136 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-12-07 19:50:46 | 002,580,552 | RH-- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011-11-14 18:45:38 | 000,772,214 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-11-01 17:50:37 | 000,001,173 | -H-- | C] () -- C:\Users\Jack\AppData\Roaming\vso_ts_preview.xml
[2011-11-01 17:48:51 | 000,099,384 | -H-- | C] () -- C:\Users\Jack\AppData\Roaming\inst.exe
[2011-11-01 17:48:51 | 000,007,859 | -H-- | C] () -- C:\Users\Jack\AppData\Roaming\pcouffin.cat
[2011-11-01 17:48:51 | 000,001,167 | -H-- | C] () -- C:\Users\Jack\AppData\Roaming\pcouffin.inf
[2011-10-30 15:23:26 | 000,000,317 | -H-- | C] () -- C:\Windows\SIERRA.INI
[2011-10-25 22:21:34 | 000,056,832 | -H-- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-10-21 16:13:52 | 000,000,952 | -H-- | C] () -- C:\Windows\STA2.ini
[2011-10-19 18:46:18 | 000,000,840 | -H-- | C] () -- C:\Windows\STBC.ini
[2011-10-16 18:25:50 | 000,000,698 | -H-- | C] () -- C:\Windows\EF2.INI
[2011-10-15 17:21:16 | 000,000,293 | -H-- | C] () -- C:\Windows\Sfc3ng.ini
[2011-10-05 11:24:20 | 000,197,120 | -H-- | C] () -- C:\Windows\patchw32.dll
[2011-10-03 20:07:56 | 000,000,228 | -H-- | C] () -- C:\Windows\SysWow64\swkotor.ini
[2011-09-18 21:00:14 | 000,024,576 | -H-- | C] () -- C:\Windows\UniFISH.exe
[2011-09-12 23:06:16 | 000,003,917 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-09-04 12:55:37 | 000,007,597 | -H-- | C] () -- C:\Users\Jack\AppData\Local\Resmon.ResmonCfg
[2011-08-31 20:51:16 | 000,216,000 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011-08-31 20:46:00 | 000,056,832 | -H-- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011-08-31 20:26:20 | 013,903,872 | -H-- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011-08-25 20:37:23 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2011-08-25 20:33:18 | 000,030,528 | -H-- | C] () -- C:\Windows\GVTDrv64.sys
[2011-08-25 20:07:00 | 000,008,192 | -H-- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011-08-25 20:03:55 | 000,963,116 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011-08-25 20:03:55 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011-08-25 20:01:57 | 000,000,010 | -H-- | C] () -- C:\Windows\GSetup.ini
[2011-04-09 18:55:28 | 000,179,261 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2012-01-05 18:20:57 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\2K Sports
[2011-10-05 14:02:48 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Atari
[2012-03-25 13:21:34 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\BitTorrent
[2012-03-19 18:13:52 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2012-03-30 19:24:57 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012-03-30 21:34:19 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Command and Conquer 4
[2012-03-23 14:38:33 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\DAEMON Tools Lite
[2011-10-05 11:24:20 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Leadertech
[2012-02-02 20:36:42 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\MotioninJoy
[2011-10-05 10:51:12 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Origin
[2011-12-23 21:46:13 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Petroglyph
[2011-08-25 20:02:41 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Splashtop
[2011-09-19 20:18:06 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Talkative IRC
[2011-10-30 22:48:07 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\The Creative Assembly
[2011-12-22 11:53:29 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\TomTom
[2012-01-01 02:01:17 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Ubisoft
[2011-12-27 00:49:57 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\Vso
[2011-09-18 20:19:12 | 000,000,000 | -H-D | M] -- C:\Users\Jack\AppData\Roaming\YoudaGames
[2012-02-06 21:02:54 | 000,032,624 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX10\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX11\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX12\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX13\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX15\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX6\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX7\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX8\procs\explorer.exe
[2011-01-16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Jack\AppData\Local\Temp\RarSFX9\procs\explorer.exe
[2009-08-03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009-10-31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009-10-31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009-08-03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX10\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX11\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX12\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX13\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX15\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX6\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX7\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX8\h\explorer.exe
[2005-08-16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Jack\AppData\Local\Temp\RarSFX9\h\explorer.exe
[2009-10-31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009-08-03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009-07-14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-10-31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009-08-03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012-01-31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009-07-14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009-07-14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX1\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX10\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX11\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX12\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX13\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX15\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX2\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX3\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX4\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX5\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX6\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX7\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX8\userinit.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX9\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012-01-31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009-10-28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX10\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX11\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX12\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX13\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX15\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX4\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX5\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX6\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX7\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX8\winlogon.exe
[2009-05-26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Jack\AppData\Local\Temp\RarSFX9\winlogon.exe
[2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009-10-28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >
[2009-07-14 06:01:14 | 000,001,282 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009-07-14 06:01:14 | 000,000,442 | -HS- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\1\desktop.ini
[2011-11-10 18:17:00 | 000,001,067 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\1\PokerStars.lnk
[2011-08-25 20:07:57 | 000,002,064 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\1\Program Updates.lnk
[2009-07-14 05:49:40 | 000,001,266 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\1\Windows Update.lnk

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >
[2011-08-25 20:57:26 | 000,001,841 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\avast! Free Antivirus.lnk
[2011-08-25 21:45:28 | 000,000,963 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\BitTorrent.lnk
[2012-03-14 20:11:28 | 000,001,950 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\DAEMON Tools Lite.lnk
[2009-07-14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\desktop.ini
[2011-11-27 21:30:05 | 000,001,918 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\DOSBox 0.74.lnk
[2012-02-10 13:11:49 | 000,001,076 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\DS3 Tool.lnk
[2011-08-25 20:07:41 | 000,002,012 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\ET6.lnk
[2011-08-25 20:49:16 | 000,001,134 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk
[2011-10-05 10:51:02 | 000,000,979 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Origin.lnk
[2011-09-01 20:17:52 | 000,001,815 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Play PKR Lite.lnk
[2011-09-01 20:17:52 | 000,000,935 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Play PKR.lnk
[2011-11-10 18:17:00 | 000,001,061 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\PokerStars.lnk
[2012-01-04 23:43:27 | 000,001,007 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\PowerISO.lnk
[2011-11-19 01:18:09 | 000,000,840 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Saints Row The Third.lnk
[2011-08-25 20:07:57 | 000,000,810 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\smart6.lnk
[2011-09-18 21:22:30 | 000,000,716 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Soulstorm.lnk
[2011-10-21 16:15:46 | 000,000,856 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Star Trek Armada II.lnk
[2011-12-23 21:02:01 | 000,001,051 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Star Wars Empire at War Forces of Corruption.lnk
[2011-12-10 23:49:49 | 000,001,213 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Sword of the Stars II Lords of Winter x64.lnk
[2011-12-10 23:49:49 | 000,001,213 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Sword of the Stars II Lords of Winter x86.lnk
[2011-09-28 20:00:54 | 000,000,819 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Sword of the Stars.lnk
[2012-03-31 10:12:45 | 000,001,139 | ---- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Trojan Killer.lnk
[2011-08-28 19:42:09 | 000,001,066 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\VLC media player.lnk
[2011-10-30 15:26:09 | 000,000,803 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Zeus & Poseidon.lnk
[2011-08-25 23:04:57 | 000,000,927 | -H-- | M] () -- C:\Users\Jack\AppData\Local\Temp\smtmp\4\Zune.lnk

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: JACK-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D UDF CD-ROM 0 B Healthy
Volume 1 Z DVD-ROM 0 B No Media
Volume 2 K DVD-ROM 0 B No Media
Volume 3 L DVD-ROM 0 B No Media
Volume 4 M DVD-ROM 0 B No Media
Volume 5 N T-V_Windows UDF DVD-ROM 3822 MB Healthy
Volume 6 C NTFS Partition 55 GB Healthy Boot
Volume 7 J Local Disk NTFS Partition 1863 GB Healthy System
Volume 8 E External Ha NTFS Partition 298 GB Healthy
Volume 9 F Removable 0 B No Media
Volume 10 G Removable 0 B No Media
Volume 11 H Removable 0 B No Media
Volume 12 I Removable 0 B No Media

< End of report >

Extras.Txt

OTL Extras logfile created on: 31-3-12 3:27:31 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jack\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-M-yy

7.92 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 77.22% Memory free
15.84 Gb Paging File | 13.96 Gb Available in Paging File | 88.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 5.80 Gb Free Space | 10.38% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 298.09 Gb Total Space | 21.79 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1193.28 Gb Free Space | 64.05% Space Free | Partition Type: NTFS
Drive N: | 3.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8D7B4772-05DF-C562-60F7-A89CD14BDE8B}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B70506BA-30D0-B14A-5B69-654FC823F48F}" = ATI AVIVO64 Codecs
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.STANDARD" = Microsoft Office Standard 2010
"WinRAR archiver" = WinRAR 4.10 beta 1 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{115FC236-41C5-40EC-BC21-0BD33E805C3F}_is1" = StarCraft II
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0512.1
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76A232AF-B7D6-41A4-B795-6B355E6D32B1}" = Tom Clancy's H.A.W.X. 2
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = Zeus & Poseidon
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{86C7336D-0E3A-4953-ADF4-F4B5E0096278}" = Command & Conquer 3 Tiberium Wars™ MOD SDK
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{A0595C97-DB17-429D-AB24-8594019B9A6C}" = Star Trek Legacy Patch v1.2
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C087BBE8-42C9-43C2-A72C-E2319D7822B3}" = Z95 for Windows XP 1.1
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CF937220-C6A5-438F-AB5C-8C7CD5F6DEA3}" = Star Trek Legacy Patch v1.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DF39232B-EF90-9DE2-DC06-353F5CDFF39A}" = HydraVision
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F428768A-BA63-43A5-86E9-7F0CFD174944}" = Command & Conquer 3 Tiberium Wars™ Worldbuilder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Bridge Commander" = Star Trek Bridge Commander
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cities XL 2012" = Cities XL 2012
"DAEMON Tools Lite" = DAEMON Tools Lite
"DoWar2R_is1" = DoWar2R
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0512.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"OpenAL" = OpenAL
"Origin" = Origin
"PKR" = PKR
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Saints Row The Third_is1" = Saints Row The Third
"Star Trek Armada II" = Star Trek Armada II
"Star Trek Elite Force II" = Star Trek Elite Force II
"Star Trek Starfleet Command III" = Star Trek Starfleet Command III
"Steam App 40100" = Supreme Commander 2
"Steam App 44320" = DiRT 3
"Sword of the Stars" = Sword of the Stars
"Sword of the Stars II Lords of Winter_is1" = Sword of the Stars II Lords of Winter
"Talkative IRC_is1" = Talkative IRC 0.4.4.16
"TomTom HOME" = TomTom HOME 2.8.3.2458
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.10 beta 1 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"Star Trek Legacy 1.3 unofficial patch" = Star Trek Legacy 1.3 unofficial patch

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

aswMBR.exe

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 15:31:42
-----------------------------
15:31:42.208 OS Version: Windows x64 6.1.7600
15:31:42.208 Number of processors: 4 586 0x2A07
15:31:42.209 ComputerName: JACK-PC UserName: Jack
15:31:42.361 Initialize success
15:31:42.383 AVAST engine defs: 12033100
15:31:46.422 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:31:46.424 Disk 0 Vendor: OCZ-SOLI 2.11 Size: 57241MB BusType: 3
15:31:46.426 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
15:31:46.429 Disk 1 Vendor: ST2000DL003-9VT166 CC32 Size: 1907729MB BusType: 3
15:31:46.431 Disk 0 MBR read successfully
15:31:46.433 Disk 0 MBR scan
15:31:46.436 Disk 0 Windows 7 default MBR code
15:31:46.439 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 57239 MB offset 2048
15:31:46.443 Disk 0 scanning C:\Windows\system32\drivers
15:31:47.429 Service scanning
15:31:50.319 Modules scanning
15:31:50.326 Disk 0 trace - called modules:
15:31:50.331 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:31:50.337 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d85060]
15:31:50.342 3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800751b050]
15:31:50.504 AVAST engine scan C:\Windows
15:31:50.715 AVAST engine scan C:\Windows\system32
15:32:18.945 AVAST engine scan C:\Windows\system32\drivers
15:32:20.281 AVAST engine scan C:\Users\Jack
15:33:43.209 AVAST engine scan C:\ProgramData
15:33:52.107 Scan finished successfully
15:33:59.397 Disk 0 MBR has been saved successfully to "C:\Users\Jack\Desktop\MBR.dat"
15:33:59.400 The log file has been saved successfully to "C:\Users\Jack\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 31 March 2012 - 08:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get the files and folders back next

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012-03-31 09:52:19 | 000,000,671 | -H-- | M] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
jacknm2
Posted 31 March 2012 - 09:20 AM

jacknm2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logs as requested :

RK1:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jack [Admin rights]
Mode: Scan -- Date: 03/31/2012 16:07:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 18 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-SOLID3 +++++
--- User ---
[MBR] 3edec4b2c7a310630aa7766d3690ed57
[BSP] 98d7d5064dc473dd90ea15402fa65e55 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57239 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] ce869af60cd2cb4f57a2b274247ed961
[BSP] 76ba5f7e54f9be0f92f7ebdce1b03bef : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Maxtor 3200 USB Device +++++
--- User ---
[MBR] 2cfd610ada0b010b9fcaf98a24bc7579
[BSP] 2b2dc0f13d399fc62a433fa9ae9684db : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RK2:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jack [Admin rights]
Mode: Remove -- Date: 03/31/2012 16:08:03

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 18 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg)
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-SOLID3 +++++
--- User ---
[MBR] 3edec4b2c7a310630aa7766d3690ed57
[BSP] 98d7d5064dc473dd90ea15402fa65e55 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57239 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DL003-9VT166 ATA Device +++++
--- User ---
[MBR] ce869af60cd2cb4f57a2b274247ed961
[BSP] 76ba5f7e54f9be0f92f7ebdce1b03bef : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Maxtor 3200 USB Device +++++
--- User ---
[MBR] 2cfd610ada0b010b9fcaf98a24bc7579
[BSP] 2b2dc0f13d399fc62a433fa9ae9684db : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RK3:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jack [Admin rights]
Mode: Shortcuts HJfix -- Date: 03/31/2012 16:12:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 50 / Fail 0
Quick launch: Success 19 / Fail 0
Programs: Success 10921 / Fail 0
Start menu: Success 469 / Fail 0
User folder: Success 5373 / Fail 0
My documents: Success 1336 / Fail 0
My favorites: Success 25 / Fail 0
My pictures: Success 15 / Fail 0
My music: Success 23 / Fail 0
My videos: Success 3 / Fail 0
Local drives: Success 207120 / Fail 0
Backup: [FOUND] Success 352 / Fail 0

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[K:] \Device\CdRom2 -- 0x5 --> Skipped
[L:] \Device\CdRom3 -- 0x5 --> Skipped
[M:] \Device\CdRom4 -- 0x5 --> Skipped
[N:] \Device\CdRom5 -- 0x5 --> Skipped
[O:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

OTL Report:

OTL logfile created on: 31-3-12 4:18:25 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jack\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-M-yy

7.92 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.69% Memory free
15.84 Gb Paging File | 14.13 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 5.48 Gb Free Space | 9.80% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 21.79 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1193.28 Gb Free Space | 64.05% Space Free | Partition Type: NTFS
Drive N: | 3.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-31 15:25:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
PRC - [2012-03-18 14:24:28 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-02-14 23:49:08 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2012-02-13 09:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011-12-07 22:15:41 | 000,189,248 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011-12-07 22:15:28 | 000,075,136 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011-12-05 13:34:56 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011-12-05 13:34:56 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011-04-30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011-04-30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011-03-24 05:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
PRC - [2011-03-22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010-12-23 10:00:12 | 003,344,384 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
PRC - [2010-11-15 12:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010-11-15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010-10-05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010-10-05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010-04-22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009-10-13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009-07-14 02:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009-06-17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2009-02-23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2007-08-07 01:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2007-07-18 00:32:55 | 000,460,048 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-18 14:24:28 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-02-12 00:05:08 | 000,492,544 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\239eac7d8086ace12a9d4ca0aa349256\IAStorUtil.ni.dll
MOD - [2012-02-12 00:05:08 | 000,014,336 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f6678aaee1dfa07180264a8cdfc526f8\IAStorCommon.ni.dll
MOD - [2012-02-12 00:02:29 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2012-02-12 00:02:15 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2012-02-12 00:02:11 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2012-02-12 00:02:03 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2012-02-12 00:02:00 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2012-02-12 00:01:58 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2012-02-12 00:01:58 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2012-02-12 00:01:54 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010-12-23 10:00:12 | 003,344,384 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
MOD - [2010-12-02 13:01:18 | 000,994,304 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2010-12-02 10:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
MOD - [2010-11-24 02:11:21 | 002,535,936 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2010-11-01 13:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2010-10-11 03:13:52 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_MouseDeviceManager.dll
MOD - [2010-09-20 07:19:01 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2010-09-20 07:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_ZoomControl.dll
MOD - [2010-09-20 07:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_ScrollbarControl.dll
MOD - [2010-09-20 07:18:50 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\dll\DLL_Wheel4D.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012-02-15 04:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-08-05 12:53:12 | 000,467,680 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011-08-05 12:53:12 | 000,306,400 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011-08-05 12:53:06 | 008,277,728 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010-04-06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011-12-07 22:15:41 | 000,189,248 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011-12-07 22:15:28 | 000,075,136 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011-12-05 13:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011-04-30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2011-03-24 05:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2011-03-22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010-10-05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010-10-05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010-03-18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-10-13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009-06-17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-05-15 08:29:18 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-03-14 20:11:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-03-07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-03-07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-03-07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-03-07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-03-07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-02-15 04:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-02-15 03:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-01-04 15:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011-12-05 20:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-11-01 17:48:51 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011-08-31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-08-30 01:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011-04-26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-03-07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011-03-07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011-01-13 12:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-01-10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010-10-14 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010-08-19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007-08-07 01:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012-03-31 16:14:56 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012-03-24 17:10:28 | 000,030,528 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012-01-01 18:24:45 | 000,025,640 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-02-24 18:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 D4 43 A9 5E 63 CC 01 [binary data]
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes,DefaultScope = {3F771796-BEE1-4350-8BA4-75B4AA9CC5CB}
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes\{3F771796-BEE1-4350-8BA4-75B4AA9CC5CB}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes\{8513E622-70A2-49bc-AFB2-E75B2451891F}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\..\SearchScopes\{92F776EF-16B6-468f-9B77-96F4A1F76CDC}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKU\S-1-5-21-371972060-1203410474-730646131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011-08-25 20:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011-08-25 20:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011-08-25 20:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-24 17:09:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-03-18 14:24:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-12-22 11:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2011-12-22 11:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012-01-12 19:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\uz0tlz6p.default\extensions
[2012-01-15 00:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-03-24 17:09:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-03-18 14:24:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-10-06 13:49:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-11-13 13:36:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-371972060-1203410474-730646131-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-371972060-1203410474-730646131-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-371972060-1203410474-730646131-1000..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKU\S-1-5-21-371972060-1203410474-730646131-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-371972060-1203410474-730646131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E58802A9-7A9C-475D-8CFD-E022666C7DEB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-14 10:26:40 | 000,000,043 | R--- | M] () - N:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1f7ee31c-eda9-11e0-ae6a-00081bc03f59}\Shell - "" = AutoRun
O33 - MountPoints2\{1f7ee31c-eda9-11e0-ae6a-00081bc03f59}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{5fcc4f14-6e08-11e1-9126-50e54950cc7d}\Shell - "" = AutoRun
O33 - MountPoints2\{5fcc4f14-6e08-11e1-9126-50e54950cc7d}\Shell\AutoRun\command - "" = N:\setup.exe -- [2009-07-14 10:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a5920ff0-cf51-11e0-9df3-00081bc03f59}\Shell - "" = AutoRun
O33 - MountPoints2\{a5920ff0-cf51-11e0-9df3-00081bc03f59}\Shell\AutoRun\command - "" = Z:\Autorun.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\setup.exe -- [2009-07-14 10:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\dvdcheck.exe
O33 - MountPoints2\O\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\O\Shell\setup\command - "" = O:\setup.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-31 16:13:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-03-31 16:07:37 | 000,000,000 | ---D | C] -- C:\Users\Jack\Desktop\RK_Quarantine
[2012-03-31 15:31:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012-03-31 15:25:09 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2012-03-31 12:45:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-03-31 12:44:17 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jack\Desktop\TDSSKiller.exe
[2012-03-31 11:10:39 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\Malwarebytes
[2012-03-31 11:10:34 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-03-31 11:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-31 11:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-03-31 11:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-03-31 10:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012-03-31 09:52:19 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012-03-30 21:34:38 | 000,000,000 | ---D | C] -- C:\Users\Jack\Documents\Command and Conquer 4
[2012-03-30 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\Command and Conquer 4
[2012-03-30 19:55:06 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\Electronic_Arts_Inc
[2012-03-30 17:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012-03-24 17:09:10 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-03-19 17:55:47 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2012-03-14 20:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012-03-14 20:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012-03-14 20:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012-03-14 20:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012-03-14 20:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012-03-14 20:11:13 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-03-14 20:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012-03-09 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2012-03-09 20:44:05 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\Focus Home Interactive
[2011-11-01 17:48:51 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jack\AppData\Roaming\pcouffin.sys
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-31 16:14:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-31 16:14:45 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-31 16:07:24 | 001,261,056 | ---- | M] () -- C:\Users\Jack\Desktop\RogueKiller.exe
[2012-03-31 15:33:59 | 000,000,512 | ---- | M] () -- C:\Users\Jack\Desktop\MBR.dat
[2012-03-31 15:31:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012-03-31 15:25:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Desktop\OTL.exe
[2012-03-31 14:53:40 | 000,772,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-03-31 14:53:40 | 000,655,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-03-31 14:53:40 | 000,118,998 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-03-31 14:51:49 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-31 14:51:49 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-31 13:32:52 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012-03-31 11:10:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-31 10:12:45 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012-03-26 14:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jack\Desktop\TDSSKiller.exe
[2012-03-24 17:10:28 | 000,030,528 | -H-- | M] () -- C:\Windows\GVTDrv64.sys
[2012-03-24 17:09:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysWow64\config.nt
[2012-03-23 14:44:00 | 000,000,193 | -H-- | M] () -- C:\Windows\WORDPAD.INI
[2012-03-14 20:15:13 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012-03-14 20:11:28 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012-03-14 20:11:13 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-03-07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-03-07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-03-07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012-03-07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-03-07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-03-07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-03-07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-03-07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-03-07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-31 16:08:16 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012-03-31 16:08:16 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2012-03-31 16:08:16 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012-03-31 16:08:16 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2012-03-31 16:08:16 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-03-31 16:08:16 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\Play PKR Lite.lnk
[2012-03-31 16:08:16 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012-03-31 16:08:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012-03-31 16:08:16 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012-03-31 16:08:16 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012-03-31 16:08:16 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012-03-31 16:08:16 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012-03-31 16:08:16 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Sword of the Stars II Lords of Winter x86.lnk
[2012-03-31 16:08:16 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Sword of the Stars II Lords of Winter x64.lnk
[2012-03-31 16:08:16 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012-03-31 16:08:16 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-03-31 16:08:16 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012-03-31 16:08:16 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-03-31 16:08:16 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2012-03-31 16:08:16 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-03-31 16:08:16 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012-03-31 16:08:16 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars Empire at War Forces of Corruption.lnk
[2012-03-31 16:08:16 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012-03-31 16:08:16 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012-03-31 16:08:16 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012-03-31 16:08:16 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Play PKR.lnk
[2012-03-31 16:08:16 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012-03-31 16:08:16 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Star Trek Armada II.lnk
[2012-03-31 16:08:16 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012-03-31 16:08:16 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Sword of the Stars.lnk
[2012-03-31 16:08:16 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\smart6.lnk
[2012-03-31 16:08:16 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Zeus & Poseidon.lnk
[2012-03-31 16:08:16 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Soulstorm.lnk
[2012-03-31 16:07:33 | 001,261,056 | ---- | C] () -- C:\Users\Jack\Desktop\RogueKiller.exe
[2012-03-31 15:33:59 | 000,000,512 | ---- | C] () -- C:\Users\Jack\Desktop\MBR.dat
[2012-03-31 11:10:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-23 14:44:00 | 000,000,193 | -H-- | C] () -- C:\Windows\WORDPAD.INI
[2012-02-15 03:36:36 | 000,204,952 | -H-- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 03:36:36 | 000,157,144 | -H-- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-02-14 23:05:16 | 000,054,784 | -H-- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012-01-31 07:00:24 | 000,016,896 | -H-- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-01-03 20:17:16 | 000,036,892 | -H-- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011-12-07 22:15:29 | 000,189,248 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-12-07 22:15:28 | 000,075,136 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-12-07 19:50:46 | 002,580,552 | RH-- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011-11-14 18:45:38 | 000,772,214 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-11-01 17:50:37 | 000,001,173 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\vso_ts_preview.xml
[2011-11-01 17:48:51 | 000,099,384 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\inst.exe
[2011-11-01 17:48:51 | 000,007,859 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\pcouffin.cat
[2011-11-01 17:48:51 | 000,001,167 | ---- | C] () -- C:\Users\Jack\AppData\Roaming\pcouffin.inf
[2011-10-30 15:23:26 | 000,000,317 | -H-- | C] () -- C:\Windows\SIERRA.INI
[2011-10-25 22:21:34 | 000,056,832 | -H-- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-10-21 16:13:52 | 000,000,952 | -H-- | C] () -- C:\Windows\STA2.ini
[2011-10-19 18:46:18 | 000,000,840 | -H-- | C] () -- C:\Windows\STBC.ini
[2011-10-16 18:25:50 | 000,000,698 | -H-- | C] () -- C:\Windows\EF2.INI
[2011-10-15 17:21:16 | 000,000,293 | -H-- | C] () -- C:\Windows\Sfc3ng.ini
[2011-10-05 11:24:20 | 000,197,120 | -H-- | C] () -- C:\Windows\patchw32.dll
[2011-10-03 20:07:56 | 000,000,228 | -H-- | C] () -- C:\Windows\SysWow64\swkotor.ini
[2011-09-18 21:00:14 | 000,024,576 | -H-- | C] () -- C:\Windows\UniFISH.exe
[2011-09-12 23:06:16 | 000,003,917 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-09-04 12:55:37 | 000,007,597 | ---- | C] () -- C:\Users\Jack\AppData\Local\Resmon.ResmonCfg
[2011-08-31 20:51:16 | 000,216,000 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011-08-31 20:46:00 | 000,056,832 | -H-- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011-08-31 20:26:20 | 013,903,872 | -H-- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011-08-25 20:37:23 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2011-08-25 20:33:18 | 000,030,528 | -H-- | C] () -- C:\Windows\GVTDrv64.sys
[2011-08-25 20:07:00 | 000,008,192 | -H-- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011-08-25 20:03:55 | 000,963,116 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011-08-25 20:03:55 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011-08-25 20:01:57 | 000,000,010 | -H-- | C] () -- C:\Windows\GSetup.ini
[2011-04-09 18:55:28 | 000,179,261 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2012-01-05 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\2K Sports
[2011-10-05 14:02:48 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Atari
[2012-03-25 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\BitTorrent
[2012-03-19 18:13:52 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2012-03-30 19:24:57 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012-03-30 21:34:19 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Command and Conquer 4
[2012-03-23 14:38:33 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\DAEMON Tools Lite
[2011-10-05 11:24:20 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Leadertech
[2012-02-02 20:36:42 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\MotioninJoy
[2011-10-05 10:51:12 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Origin
[2011-12-23 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Petroglyph
[2011-08-25 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Splashtop
[2011-09-19 20:18:06 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Talkative IRC
[2011-10-30 22:48:07 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\The Creative Assembly
[2011-12-22 11:53:29 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\TomTom
[2012-01-01 02:01:17 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Ubisoft
[2011-12-27 00:49:57 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Vso
[2011-09-18 20:19:12 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\YoudaGames
[2012-02-06 21:02:54 | 000,032,624 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Thanks again
  • 0

#6
Essexboy
Posted 31 March 2012 - 09:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Oops missed one - on completion of this run could you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012-03-31 09:52:19 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

    :Files
    ipconfig /flushdns /c

    :Commands
    [CREATERESTOREPOINT]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
jacknm2
Posted 31 March 2012 - 09:57 AM

jacknm2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Finished all of the above, Still unable to access Application data, my desktop Wallpaper and icons have returned, though my start bar just has solitare.... Same folders are still "Acess Denied"

MBAM Report:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.31.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Jack :: JACK-PC [administrator]

31-3-12 4:50:29 PM
mbam-log-2012-03-31 (16-50-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196658
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edit: Just as a query, should i not be able to access C:\Users\Jack|ApplicationData as it is a hidden file i ve shown through the organize button, I was pretty sure i could access it.

Edited by jacknm2, 31 March 2012 - 10:03 AM.

  • 0

#8
Essexboy
Posted 31 March 2012 - 10:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets run a repair on those next - once done let me know what is outstanding

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select the items as ticked and tick restart system when finished
[attachment=56954:Capture.JPG]
  • 0

#9
jacknm2
Posted 31 March 2012 - 10:28 AM

jacknm2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Still unable to access those folders, my start sidebar is still empty aside Calculator and Solitare.

But i have followed all instructions :)

Edited by jacknm2, 31 March 2012 - 10:29 AM.

  • 0

#10
Essexboy
Posted 31 March 2012 - 10:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets fix the permissions another way

Download the take ownership file from here

Once installed it will add a right click context menu "Take Ownership"
Right click the folders you are having problems with and click take ownership

For the start menu could you follow the steps on this page

Let me know how that goes :)
  • 0

#11
jacknm2
Posted 31 March 2012 - 10:57 AM

jacknm2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I seem to have access too everything once again, ive left my start bar at the moment because i use shortkeys for everything, i think to be on the safe side now i have full control im going to back up what i need and reformat, i have far too much junk on here any way.

Thanks a lot for help, life saver as i'd be lost without my computer :0
  • 0

#12
Essexboy
Posted 31 March 2012 - 11:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a problem, as you are going for a reformat I will not bother removing my tools


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
Essexboy
Posted 03 April 2012 - 02:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP