Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please help remove jan.Win32.Generic!BT

Started by remixlp , Apr 27 2012 09:58 AM

  • This topic is locked This topic is locked

#1
remixlp
Posted 27 April 2012 - 09:58 AM

remixlp

    New Member

  • Member
  • Pip
  • 2 posts
I'm having a hard time removing this virus as it comes back everytime the computer is restarted. trojan win32.generic!BT
Any help would be much appreciated. I keep seeing these files keep getting infected ( C:\Windows\assembly\GAC_32\desktop.ini) and (C:\Windows\assembly\temp\U\800000032.$)
below is the attachment for otl

OTL logfile created on: 4/27/2012 8:42:30 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Zero\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.93 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 38.55% Memory free
9.85 Gb Paging File | 6.75 Gb Available in Paging File | 68.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 174.66 Gb Total Space | 72.05 Gb Free Space | 41.25% Space Free | Partition Type: NTFS
Drive D: | 502.49 Gb Total Space | 274.62 Gb Free Space | 54.65% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 120.86 Gb Free Space | 12.97% Space Free | Partition Type: NTFS

Computer Name: ZERO-PC | User Name: Zero | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 08:27:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zero\Desktop\OTL.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/09 10:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/11/05 05:16:42 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/22 10:00:56 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/10/21 02:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2010/08/11 09:46:34 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/07/19 13:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010/07/19 13:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010/06/24 17:50:50 | 006,806,144 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/06/08 23:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/05/03 14:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/03/24 14:53:12 | 000,899,072 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/31 00:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/26 08:03:30 | 000,076,288 | ---- | M] () -- c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Ad-Aware Antivirus\sp.DLL
MOD - [2012/02/25 15:27:56 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll
MOD - [2012/02/25 15:27:46 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/25 14:04:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/25 14:04:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/25 14:04:19 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/25 14:04:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/25 14:04:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/25 14:03:58 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/25 14:03:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/25 14:03:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/25 14:03:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/25 14:03:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2011/10/14 01:10:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/11 09:46:34 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010/06/08 14:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2010/02/23 05:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 05:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010/02/23 05:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 05:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 05:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/22 12:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/03/11 21:13:54 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/08/06 15:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 18:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\array_utility_service4,0,1,3.dll -- (hpzius12)
SRV:64bit: - [2007/08/03 02:24:54 | 000,125,496 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2012/04/26 08:03:30 | 000,076,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Ad-Aware Antivirus\sp.DLL -- (SPService)
SRV - [2012/04/13 15:35:31 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/22 17:53:47 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/09 21:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 10:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/11/05 05:16:42 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/01/01 01:44:13 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/01/01 01:44:08 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 05:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/07/03 13:27:59 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/25 20:27:33 | 000,318,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/06/22 18:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/07 19:33:13 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/28 18:05:58 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010/05/12 23:00:21 | 000,190,464 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)
DRV:64bit: - [2010/03/04 20:19:45 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/14 22:23:19 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/14 22:23:13 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/14 22:23:09 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/14 01:03:49 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/17 16:11:59 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/06 15:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 02:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/06 23:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/05/23 07:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/08/02 21:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2011/06/18 19:54:54 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Zero\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Zero\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Zero\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Late Night = C:\Users\Zero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Gmail = C:\Users\Zero\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBRC.exe (Sunbelt Software)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files (x86)\EeePC\ACPI\AsAcpiSvr.exe File not found
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files (x86)\EeePC\ACPI\AsEPCMon.exe File not found
O4 - HKLM..\Run: [AsusTray] C:\Program Files (x86)\EeePC\ACPI\AsTray.exe File not found
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" File not found
O4 - HKLM..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" File not found
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1714E8BD-E0D7-427E-8971-8B9878657D76}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CD75CAE-5776-429D-A3F2-FDD28E017A34}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02abcc4a-6e05-11e0-b181-bcaec53b03d1}\Shell - "" = AutoRun
O33 - MountPoints2\{02abcc4a-6e05-11e0-b181-bcaec53b03d1}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{1a230211-f026-11e0-86fe-bcaec53b03d1}\Shell - "" = AutoRun
O33 - MountPoints2\{1a230211-f026-11e0-86fe-bcaec53b03d1}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{4271dcfd-5281-11e0-9a30-bcaec53b03d1}\Shell - "" = AutoRun
O33 - MountPoints2\{4271dcfd-5281-11e0-9a30-bcaec53b03d1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{77751720-ee66-11e0-a82e-bcaec53b03d1}\Shell - "" = AutoRun
O33 - MountPoints2\{77751720-ee66-11e0-a82e-bcaec53b03d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{77751730-ee66-11e0-a82e-bcaec53b03d1}\Shell - "" = AutoRun
O33 - MountPoints2\{77751730-ee66-11e0-a82e-bcaec53b03d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b0c89b72-ef4d-11e0-ab68-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{b0c89b72-ef4d-11e0-ab68-001e101f859f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b0c89bbb-ef4d-11e0-ab68-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{b0c89bbb-ef4d-11e0-ab68-001e101f859f}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{bae5303e-0963-11e1-80a3-bcaec53b03d1}\Shell - "" = AutoRun
O33 - MountPoints2\{bae5303e-0963-11e1-80a3-bcaec53b03d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bae53056-0963-11e1-80a3-bcaec53b03d1}\Shell - "" = AutoRun
O33 - MountPoints2\{bae53056-0963-11e1-80a3-bcaec53b03d1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Engine\Definitions)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 08:31:50 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Zero\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/27 08:27:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Zero\Desktop\OTL.exe
[2012/04/26 17:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hunted The Demons Forge
[2012/04/26 16:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rage
[2012/04/26 16:49:43 | 000,000,000 | ---D | C] -- C:\Users\Zero\Desktop\New folder
[2012/04/24 22:27:45 | 000,000,000 | ---D | C] -- C:\Users\Zero\Desktop\Need For Speed The Run Limited Edition v1.0 (2011 MULTI2 Lossless RePack by R.G. Catalyst)
[2012/04/24 21:28:44 | 000,000,000 | ---D | C] -- C:\Users\Zero\Documents\Remedy
[2012/04/24 21:23:57 | 000,000,000 | ---D | C] -- C:\Users\Zero\AppData\Local\BigHugeEngine
[2012/04/24 12:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 Assassins of Kings Enhanced Edition
[2012/04/21 11:37:10 | 000,000,000 | ---D | C] -- C:\Users\Zero\AppData\Local\adaware
[2012/04/21 11:37:04 | 000,045,904 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\sbbd.exe
[2012/04/21 11:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/04/21 11:37:01 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/04/21 11:36:59 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/04/21 11:36:43 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/04/21 11:36:43 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/04/21 11:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/04/21 11:36:11 | 000,000,000 | ---D | C] -- C:\Users\Zero\AppData\Local\adawarebp
[2012/04/21 11:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/04/21 11:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/04/21 11:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/04/21 11:35:45 | 000,000,000 | ---D | C] -- C:\Users\Zero\AppData\Roaming\Ad-Aware Antivirus
[2012/04/20 23:30:19 | 000,000,000 | ---D | C] -- C:\Users\Zero\Documents\WB Games
[2012/04/20 20:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame
[2012/04/20 19:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Batman.Arkham City.v 1.03 + 13 DLC
[2012/04/20 19:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2012/04/20 19:36:48 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/04/20 19:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alan Wake
[2012/04/19 19:04:15 | 007,976,448 | ---- | C] (i-Funbox.com) -- C:\Users\Zero\Desktop\iFunBox.exe
[2012/04/19 13:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/04/18 17:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syndicate
[2012/04/18 16:58:14 | 000,000,000 | ---D | C] -- C:\Users\Zero\Desktop\Mass_Effect_3_v1.1.5427.4_Plus_13_Trainer-RazorDOX
[2012/04/13 15:35:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/07 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Zero\AppData\Roaming\DarknessII
[2012/04/02 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/02 15:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/02 15:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/28 16:39:41 | 000,000,000 | ---D | C] -- C:\Users\Zero\Desktop\I
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zero\AppData\Local\*.tmp files -> C:\Users\Zero\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/27 08:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/27 08:31:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Zero\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/27 08:27:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zero\Desktop\OTL.exe
[2012/04/27 08:24:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 04:37:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 04:37:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 04:08:52 | 000,744,818 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/27 04:08:52 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/27 04:08:52 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 20:22:19 | 000,000,763 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed. The Run.lnk
[2012/04/26 19:24:39 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 16:59:49 | 000,000,508 | ---- | M] () -- C:\Users\Public\Desktop\Rage.lnk
[2012/04/24 21:49:35 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Syndicate.lnk
[2012/04/24 12:26:32 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\The Witcher 2 Assassins of Kings Enhanced Edition.lnk
[2012/04/24 11:23:16 | 000,002,202 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/04/24 11:22:48 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/04/24 11:22:46 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/04/24 11:19:47 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/24 11:19:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/24 11:19:42 | 3967,176,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/24 05:05:38 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/04/24 05:05:34 | 000,001,682 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/04/23 14:08:21 | 000,001,668 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/04/23 14:06:52 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/21 12:27:48 | 000,000,581 | ---- | M] () -- C:\Users\Public\Desktop\L.A. Noire.lnk
[2012/04/21 11:33:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/20 20:31:54 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Batman.Arkham City.v 1.03 + 13 DLC.lnk
[2012/04/20 19:54:03 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row. The Third.lnk
[2012/04/20 19:31:35 | 000,000,553 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/04/14 15:21:29 | 000,035,716 | ---- | M] () -- C:\Users\Zero\Desktop\Performance_and_Quality_ENB_Core-14646.zip
[2012/04/14 15:15:01 | 002,097,202 | ---- | M] () -- C:\Users\Zero\Desktop\SkyBoost_r3-6058.zip
[2012/04/02 15:26:33 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zero\AppData\Local\*.tmp files -> C:\Users\Zero\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/26 20:22:19 | 000,000,763 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed. The Run.lnk
[2012/04/26 16:59:49 | 000,000,508 | ---- | C] () -- C:\Users\Public\Desktop\Rage.lnk
[2012/04/24 21:49:35 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Syndicate.lnk
[2012/04/24 12:26:32 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\The Witcher 2 Assassins of Kings Enhanced Edition.lnk
[2012/04/24 05:05:38 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/04/24 05:05:34 | 000,001,682 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/04/23 14:07:40 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/23 14:07:27 | 000,000,104 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/04/21 12:27:48 | 000,000,581 | ---- | C] () -- C:\Users\Public\Desktop\L.A. Noire.lnk
[2012/04/21 11:46:51 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/20 20:31:54 | 000,002,348 | ---- | C] () -- C:\Users\Public\Desktop\Batman.Arkham City.v 1.03 + 13 DLC.lnk
[2012/04/20 19:54:03 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row. The Third.lnk
[2012/04/20 19:31:35 | 000,000,553 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/04/14 15:21:29 | 000,035,716 | ---- | C] () -- C:\Users\Zero\Desktop\Performance_and_Quality_ENB_Core-14646.zip
[2012/04/14 15:14:57 | 002,097,202 | ---- | C] () -- C:\Users\Zero\Desktop\SkyBoost_r3-6058.zip
[2012/04/04 13:17:09 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 19:17:30 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2012/03/26 13:39:15 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/03/26 13:39:15 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/03/26 13:39:15 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/02/09 10:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/28 08:15:16 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI
[2011/10/28 02:52:50 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/28 02:52:48 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/23 19:38:15 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/23 19:38:15 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/29 10:07:21 | 000,748,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/26 20:13:23 | 000,109,784 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/25 07:51:24 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2011/03/25 07:51:24 | 000,012,208 | ---- | C] () -- C:\Windows\AsTrayLang.ini
[2011/03/25 07:36:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/09 19:57:39 | 000,007,609 | ---- | C] () -- C:\Users\Zero\AppData\Local\Resmon.ResmonCfg
[2011/03/08 11:12:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/01/01 01:44:18 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/01/01 01:44:18 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/01/01 01:44:18 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/01/01 01:44:17 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/01/01 01:44:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/01/01 01:22:46 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/05/12 22:59:59 | 000,015,190 | ---- | C] () -- C:\Windows\S6000Twn.ini

========== LOP Check ==========

[2011/06/18 20:46:18 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\.BitTornado
[2012/04/27 03:25:13 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Ad-Aware Antivirus
[2011/08/27 20:06:11 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Asus WebStorage
[2011/03/24 15:26:43 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Azureus
[2011/08/27 05:03:14 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Bioshock
[2012/02/07 05:10:53 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Bioshock2
[2011/07/03 13:29:02 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\DAEMON Tools Lite
[2012/04/24 21:30:10 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\DarknessII
[2011/07/04 16:52:06 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Day 1 Studios
[2011/08/27 20:05:37 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\EeeStorageUploader
[2011/03/24 15:40:28 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Nuance
[2011/11/05 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Origin
[2012/03/26 13:46:45 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\PowerUp Software
[2011/07/03 21:37:48 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\PunkBuster
[2011/07/04 10:24:28 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\SoftGrid Client
[2011/05/29 10:08:17 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\TP
[2011/03/12 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\Zero\AppData\Roaming\Zeon
[2012/04/24 11:19:47 | 000,000,942 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/03/15 15:11:41 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >

Edited by remixlp, 27 April 2012 - 10:51 AM.

  • 0

Advertisements

#2
remixlp
Posted 27 April 2012 - 11:52 AM

remixlp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Please close this this threat. I was able to get rid of the trojan by reading some of the other threads.
  • 0

#3
Dakeyras
Posted 27 April 2012 - 06:09 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Thank you for the courtesy of informing us. :)

--------------

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP