Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help removing TR/ATRAPS.Gen & TR/ATRAPS.Gen2 [Closed]

Started by zxiomoixz , Jun 25 2012 03:47 PM

  • This topic is locked This topic is locked

#1
zxiomoixz
Posted 25 June 2012 - 03:47 PM

zxiomoixz

    New Member

  • Member
  • Pip
  • 6 posts
Hello there everyone, I am running Windows 7 Professional 64bit registered version of Windows with SP1 and all the latest updates. I seem to have acquired these trojans from being stupid and trusting the source of a game I downloaded. (Bad idea..won't happen again!) As soon as I double-clicked the setup.exe for the game, a Windows error popped up saying it could not be run, and then Avira popped up saying it found two trojans. You can imagine how upset I was.

Anyways I ran a full scan using Avira and it was not able to quarantine or delete the trojans. I then downloaded Malwarebyte's Antimalware and ran a full scan and it didn't find anything at all.

I just scanned with Avira again and now it says it only sees the TR/ATRAPS.Gen2 trojan so I don't know what's going on.

Here is a report from Avira yesterday when it saw both of them.

Begin scan in 'C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000000.@'
C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000000.@
[DETECTION] Is the TR/ATRAPS.Gen Trojan
Begin scan in 'C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000064.@'
C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000064.@
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan



Here's my OTL log. Thank you in advance to anyone who responds, I greatly appreciate your time and consideration. :)



OTL logfile created on: 6/25/2012 5:30:35 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Trey\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 78.89% Memory free
8.00 Gb Paging File | 6.05 Gb Available in Paging File | 75.64% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 40.61 Gb Free Space | 68.23% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 78.76 Gb Free Space | 8.46% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 4.40 Gb Free Space | 0.24% Space Free | Partition Type: NTFS

Computer Name: TREY-PC | User Name: Trey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 17:30:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:48:51 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/05/27 15:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2009/05/27 15:08:36 | 000,315,392 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2008/07/31 14:14:00 | 002,296,360 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool ATI\TBPANEL.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 04:19:58 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 04:19:58 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2006/10/04 15:25:42 | 000,651,334 | ---- | M] () -- C:\Program Files (x86)\EXPERTool ATI\ATICLOCKLIB.DLL
MOD - [1998/10/31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool ATI\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/03 14:49:44 | 002,627,920 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/27 15:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/24 20:52:26 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 02:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 E7 97 2C 58 52 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Trey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Dark Skin for Youtube\u2122 = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm\1.2.5_0\
CHR - Extension: YouTube = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Auto HD For YouTube = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\2.5.5_0\
CHR - Extension: Gmail = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/24 21:21:54 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [asdras] C:\Users\Trey\AppData\Roaming\asdras.dll (Duplex Secure Ltd.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gainward] C:\Program Files (x86)\EXPERTool ATI\TBPanel.exe (Gainward Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6ED81BF-485D-44AA-B5B2-0151448EB7F0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2099ad4e-be62-11e1-8333-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2099ad4e-be62-11e1-8333-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 17:30:23 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
[2012/06/25 17:16:52 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\GetRightToGo
[2012/06/25 00:44:41 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Malwarebytes
[2012/06/25 00:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 00:43:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/06/25 00:43:49 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/25 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/25 00:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 22:11:46 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Adobe
[2012/06/24 22:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/06/24 21:36:29 | 000,118,272 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Trey\AppData\Roaming\asdras.dll
[2012/06/24 21:34:54 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\vlc
[2012/06/24 21:28:43 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\AccurateRip
[2012/06/24 21:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
[2012/06/24 21:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2012/06/24 21:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/06/24 21:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2012/06/24 21:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/24 21:23:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/06/24 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/06/24 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/06/24 21:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/06/24 21:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/06/24 21:11:47 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\deluge
[2012/06/24 21:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXPERTool ATI
[2012/06/24 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EXPERTool ATI
[2012/06/24 21:07:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/06/24 21:07:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/06/24 21:01:48 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Apple Computer
[2012/06/24 21:01:48 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Apple Computer
[2012/06/24 21:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/06/24 21:01:22 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Apple
[2012/06/24 21:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/24 21:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/24 21:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/24 21:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/06/24 21:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/24 21:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/06/24 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Mozilla
[2012/06/24 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Mozilla
[2012/06/24 20:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/06/24 20:52:26 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/06/24 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\DAEMON Tools Lite
[2012/06/24 20:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/06/24 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/24 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/06/24 20:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/06/24 20:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
[2012/06/24 20:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i-Funbox DevTeam
[2012/06/24 20:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tor Browser
[2012/06/24 20:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/06/24 20:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/06/24 20:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/06/24 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/06/24 20:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/06/24 20:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/06/24 20:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
[2012/06/24 20:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluge
[2012/06/24 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\AMD
[2012/06/24 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\ATI
[2012/06/24 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\ATI
[2012/06/24 20:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/06/24 20:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/06/24 20:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/24 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/06/24 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/06/24 20:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/24 20:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/06/24 20:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/06/24 20:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/06/24 20:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/06/24 20:27:44 | 000,000,000 | ---D | C] -- C:\AMD
[2012/06/24 20:12:56 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Avira
[2012/06/24 20:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/24 20:10:39 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/24 20:10:39 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/24 20:10:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/24 20:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/24 20:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/24 19:58:00 | 000,044,624 | ---- | C] (Diskeeper Corporation) -- C:\Windows\SysNative\drivers\DKRtWrt.sys
[2012/06/24 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/06/24 19:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diskeeper Corporation
[2012/06/24 19:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Diskeeper Corporation
[2012/06/24 19:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation
[2012/06/24 19:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Diskeeper Corporation
[2012/06/24 19:35:14 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\WinRAR
[2012/06/24 19:35:14 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/24 19:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/24 19:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/06/24 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/24 19:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/06/24 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Macromedia
[2012/06/24 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Adobe
[2012/06/24 19:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/06/24 18:53:53 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/06/24 18:53:37 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/06/24 18:52:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/06/24 18:44:22 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Google
[2012/06/24 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/24 18:31:06 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Deployment
[2012/06/24 18:31:06 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Apps
[2012/06/24 18:23:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/06/24 18:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/06/24 18:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberPower PowerPanel Personal Edition
[2012/06/24 18:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
[2012/06/24 18:17:57 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/06/24 18:13:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/06/24 18:13:13 | 000,000,000 | R--D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/24 18:13:13 | 000,000,000 | R--D | C] -- C:\Users\Trey\Searches
[2012/06/24 18:13:13 | 000,000,000 | R--D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/24 18:13:13 | 000,000,000 | -H-D | C] -- C:\Users\Trey\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/24 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Identities
[2012/06/24 18:13:05 | 000,000,000 | R--D | C] -- C:\Users\Trey\Contacts
[2012/06/24 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\VirtualStore
[2012/06/24 18:13:02 | 000,000,000 | --SD | C] -- C:\Users\Trey\AppData\Roaming\Microsoft
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Videos
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Saved Games
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Pictures
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Music
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Links
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Favorites
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Downloads
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Documents
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Desktop
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\AppData\Local\Temporary Internet Files
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Templates
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Start Menu
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\SendTo
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Recent
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\PrintHood
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\NetHood
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Documents\My Videos
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Documents\My Pictures
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Documents\My Music
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\My Documents
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Local Settings
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\AppData\Local\History
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Cookies
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Application Data
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\AppData\Local\Application Data
[2012/06/24 18:13:02 | 000,000,000 | -H-D | C] -- C:\Users\Trey\AppData
[2012/06/24 18:13:02 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Temp
[2012/06/24 18:13:02 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Microsoft
[2012/06/24 18:13:02 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Media Center Programs
[2012/06/24 18:12:57 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/06/25 17:30:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
[2012/06/25 17:20:42 | 000,001,205 | ---- | M] () -- C:\Users\Trey\Desktop\FixNCR.reg
[2012/06/25 17:16:42 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 17:16:42 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 17:14:19 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 17:14:19 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 17:14:19 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 17:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 08:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000UA.job
[2012/06/25 00:43:52 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/06/24 22:39:12 | 000,001,651 | ---- | M] () -- C:\Users\Trey\AppData\Local\recently-used.xbel
[2012/06/24 22:11:43 | 004,824,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/24 21:33:19 | 000,003,334 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.dat
[2012/06/24 21:33:11 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.bmp
[2012/06/24 21:32:42 | 000,001,265 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat
[2012/06/24 21:32:30 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.bmp
[2012/06/24 21:32:09 | 000,003,627 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.dat
[2012/06/24 21:32:01 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.bmp
[2012/06/24 21:31:57 | 000,485,240 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/06/24 21:29:51 | 000,005,477 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012/06/24 21:29:44 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.bmp
[2012/06/24 21:28:42 | 000,013,082 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/06/24 21:28:40 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2012/06/24 21:28:40 | 000,017,950 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/06/24 21:28:25 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2012/06/24 21:10:13 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/06/24 21:10:13 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/06/24 21:08:45 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/06/24 21:07:54 | 000,000,961 | ---- | M] () -- C:\Users\Trey\Desktop\EXPERTool ATI.lnk
[2012/06/24 21:01:46 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/24 20:52:36 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/06/24 20:52:26 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/06/24 20:45:51 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
[2012/06/24 20:44:28 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/06/24 20:30:40 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Deluge.lnk
[2012/06/24 18:39:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/06/24 18:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000Core.job
[2012/06/24 18:23:10 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/06/24 18:22:01 | 000,030,662 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/06/22 00:48:48 | 000,118,272 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Trey\AppData\Roaming\asdras.dll
[2012/06/09 13:21:56 | 000,178,688 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll

========== Files Created - No Company Name ==========

[2012/06/25 17:20:47 | 000,001,205 | ---- | C] () -- C:\Users\Trey\Desktop\FixNCR.reg
[2012/06/25 17:10:21 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000064.@
[2012/06/25 17:09:54 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000000.@
[2012/06/25 00:43:52 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/06/25 00:06:59 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000032.@
[2012/06/24 22:39:12 | 000,001,651 | ---- | C] () -- C:\Users\Trey\AppData\Local\recently-used.xbel
[2012/06/24 22:11:41 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\L\00000004.@
[2012/06/24 21:37:11 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\00000008.@
[2012/06/24 21:37:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\00000004.@
[2012/06/24 21:37:10 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\000000cb.@
[2012/06/24 21:33:19 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.bmp
[2012/06/24 21:33:19 | 000,003,334 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.dat
[2012/06/24 21:32:42 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.bmp
[2012/06/24 21:32:42 | 000,001,265 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat
[2012/06/24 21:32:09 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.bmp
[2012/06/24 21:32:09 | 000,003,627 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.dat
[2012/06/24 21:29:51 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.bmp
[2012/06/24 21:29:51 | 000,005,477 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012/06/24 21:28:42 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2012/06/24 21:28:42 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/06/24 21:28:40 | 000,485,240 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/06/24 21:28:40 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2012/06/24 21:28:40 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/06/24 21:23:27 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/06/24 21:10:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/24 21:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/06/24 21:07:54 | 000,000,961 | ---- | C] () -- C:\Users\Trey\Desktop\EXPERTool ATI.lnk
[2012/06/24 21:01:46 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/24 21:01:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/24 20:52:36 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/06/24 20:45:51 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\iFunbox.lnk
[2012/06/24 20:44:28 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/06/24 20:44:28 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/06/24 20:44:01 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/24 20:30:40 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Deluge.lnk
[2012/06/24 19:09:02 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\@
[2012/06/24 18:54:02 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/06/24 18:53:53 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/06/24 18:53:40 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012/06/24 18:53:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/06/24 18:53:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/06/24 18:53:39 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/06/24 18:39:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/06/24 18:31:14 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000UA.job
[2012/06/24 18:31:13 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000Core.job
[2012/06/24 18:21:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/06/24 18:21:45 | 000,030,662 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/24 18:13:02 | 000,000,290 | ---- | C] () -- C:\Users\Trey\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/24 18:13:02 | 000,000,272 | ---- | C] () -- C:\Users\Trey\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/06/24 21:36:19 | 000,000,000 | ---D | M] -- C:\Users\Trey\AppData\Roaming\DAEMON Tools Lite
[2012/06/25 08:41:06 | 000,000,000 | ---D | M] -- C:\Users\Trey\AppData\Roaming\deluge
[2012/06/25 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Trey\AppData\Roaming\GetRightToGo
[2009/07/14 01:08:49 | 000,002,868 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 25 June 2012 - 03:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there this should correct most of the problems, then we will tackle the remainder

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
zxiomoixz
Posted 25 June 2012 - 06:37 PM

zxiomoixz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My OTL log after the fixes and reboot were completed: (the next reply will have the Combofix log)


OTL logfile created on: 6/25/2012 8:30:15 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Trey\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 81.65% Memory free
8.00 Gb Paging File | 6.29 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 40.31 Gb Free Space | 67.72% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 78.83 Gb Free Space | 8.46% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 4.40 Gb Free Space | 0.24% Space Free | Partition Type: NTFS

Computer Name: TREY-PC | User Name: Trey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 17:30:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/05/27 15:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2009/05/27 15:08:36 | 000,315,392 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2008/07/31 14:14:00 | 002,296,360 | ---- | M] (Gainward Co.) -- C:\Program Files (x86)\EXPERTool ATI\TBPANEL.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2010/11/20 04:19:58 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 04:19:58 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2006/10/04 15:25:42 | 000,651,334 | ---- | M] () -- C:\Program Files (x86)\EXPERTool ATI\ATICLOCKLIB.DLL
MOD - [1998/10/31 10:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\EXPERTool ATI\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/03 14:49:44 | 002,627,920 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/27 15:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/24 20:52:26 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 02:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 E7 97 2C 58 52 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trey\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Trey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Dark Skin for Youtube\u2122 = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm\1.2.5_0\
CHR - Extension: YouTube = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Auto HD For YouTube = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\2.5.5_0\
CHR - Extension: Gmail = C:\Users\Trey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/25 17:59:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [asdras] C:\Users\Trey\AppData\Roaming\asdras.dll (Duplex Secure Ltd.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gainward] C:\Program Files (x86)\EXPERTool ATI\TBPanel.exe (Gainward Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6ED81BF-485D-44AA-B5B2-0151448EB7F0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2099ad4e-be62-11e1-8333-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2099ad4e-be62-11e1-8333-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 20:30:32 | 004,568,282 | ---- | C] (Swearware) -- C:\Users\Trey\Desktop\ComboFix.exe
[2012/06/25 17:59:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/25 17:59:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/25 17:52:21 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\TuneUp Software
[2012/06/25 17:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/06/25 17:51:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/25 17:30:23 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
[2012/06/25 17:16:52 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\GetRightToGo
[2012/06/25 00:44:41 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Malwarebytes
[2012/06/25 00:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 00:43:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/06/25 00:43:49 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/25 00:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/25 00:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 22:11:46 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Adobe
[2012/06/24 22:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/06/24 21:36:29 | 000,118,272 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Trey\AppData\Roaming\asdras.dll
[2012/06/24 21:34:54 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\vlc
[2012/06/24 21:28:43 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\AccurateRip
[2012/06/24 21:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
[2012/06/24 21:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2012/06/24 21:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/06/24 21:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2012/06/24 21:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/24 21:23:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/06/24 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/06/24 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/06/24 21:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/06/24 21:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/06/24 21:11:47 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\deluge
[2012/06/24 21:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXPERTool ATI
[2012/06/24 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EXPERTool ATI
[2012/06/24 21:07:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/06/24 21:07:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/06/24 21:01:48 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Apple Computer
[2012/06/24 21:01:48 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Apple Computer
[2012/06/24 21:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/24 21:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/06/24 21:01:22 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Apple
[2012/06/24 21:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/24 21:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/24 21:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/24 21:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/06/24 21:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/24 21:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/06/24 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Mozilla
[2012/06/24 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Mozilla
[2012/06/24 20:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/06/24 20:52:26 | 000,560,184 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/06/24 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\DAEMON Tools Lite
[2012/06/24 20:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/06/24 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/24 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/06/24 20:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/06/24 20:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
[2012/06/24 20:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i-Funbox DevTeam
[2012/06/24 20:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tor Browser
[2012/06/24 20:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/06/24 20:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/06/24 20:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/06/24 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/06/24 20:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/06/24 20:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/06/24 20:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
[2012/06/24 20:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluge
[2012/06/24 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\AMD
[2012/06/24 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\ATI
[2012/06/24 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\ATI
[2012/06/24 20:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/06/24 20:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/06/24 20:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/06/24 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/06/24 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/06/24 20:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/24 20:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/06/24 20:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/06/24 20:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/06/24 20:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/06/24 20:27:44 | 000,000,000 | ---D | C] -- C:\AMD
[2012/06/24 20:12:56 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Avira
[2012/06/24 20:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/24 20:10:39 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/24 20:10:39 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/24 20:10:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/24 20:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/24 20:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/24 19:58:00 | 000,044,624 | ---- | C] (Diskeeper Corporation) -- C:\Windows\SysNative\drivers\DKRtWrt.sys
[2012/06/24 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/06/24 19:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diskeeper Corporation
[2012/06/24 19:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Diskeeper Corporation
[2012/06/24 19:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation
[2012/06/24 19:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Diskeeper Corporation
[2012/06/24 19:35:14 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\WinRAR
[2012/06/24 19:35:14 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/24 19:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/24 19:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/06/24 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/24 19:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/06/24 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Macromedia
[2012/06/24 19:10:04 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Adobe
[2012/06/24 19:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/06/24 18:53:53 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/06/24 18:53:37 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/06/24 18:52:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/06/24 18:44:22 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Google
[2012/06/24 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/24 18:31:06 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Deployment
[2012/06/24 18:31:06 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Apps
[2012/06/24 18:23:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/06/24 18:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/06/24 18:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberPower PowerPanel Personal Edition
[2012/06/24 18:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
[2012/06/24 18:17:57 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/06/24 18:13:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/06/24 18:13:13 | 000,000,000 | R--D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/24 18:13:13 | 000,000,000 | R--D | C] -- C:\Users\Trey\Searches
[2012/06/24 18:13:13 | 000,000,000 | R--D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/24 18:13:13 | 000,000,000 | -H-D | C] -- C:\Users\Trey\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/24 18:13:07 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Identities
[2012/06/24 18:13:05 | 000,000,000 | R--D | C] -- C:\Users\Trey\Contacts
[2012/06/24 18:13:03 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\VirtualStore
[2012/06/24 18:13:02 | 000,000,000 | --SD | C] -- C:\Users\Trey\AppData\Roaming\Microsoft
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Videos
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Saved Games
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Pictures
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Music
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Links
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Favorites
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Downloads
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Documents
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\Desktop
[2012/06/24 18:13:02 | 000,000,000 | R--D | C] -- C:\Users\Trey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\AppData\Local\Temporary Internet Files
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Templates
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Start Menu
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\SendTo
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Recent
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\PrintHood
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\NetHood
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Documents\My Videos
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Documents\My Pictures
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Documents\My Music
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\My Documents
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Local Settings
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\AppData\Local\History
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Cookies
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\Application Data
[2012/06/24 18:13:02 | 000,000,000 | -HSD | C] -- C:\Users\Trey\AppData\Local\Application Data
[2012/06/24 18:13:02 | 000,000,000 | -H-D | C] -- C:\Users\Trey\AppData
[2012/06/24 18:13:02 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Temp
[2012/06/24 18:13:02 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Local\Microsoft
[2012/06/24 18:13:02 | 000,000,000 | ---D | C] -- C:\Users\Trey\AppData\Roaming\Media Center Programs
[2012/06/24 18:12:57 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/06/25 20:30:31 | 004,568,282 | ---- | M] (Swearware) -- C:\Users\Trey\Desktop\ComboFix.exe
[2012/06/25 19:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000UA.job
[2012/06/25 18:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000Core.job
[2012/06/25 18:08:11 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 18:08:11 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 18:05:48 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 18:05:48 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 18:05:48 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 18:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 17:59:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/25 17:59:26 | 000,000,055 | ---- | M] () -- C:\Users\Trey\Desktop\cmd.bat
[2012/06/25 17:50:20 | 000,001,651 | ---- | M] () -- C:\Users\Trey\AppData\Local\recently-used.xbel
[2012/06/25 17:30:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Trey\Desktop\OTL.exe
[2012/06/25 17:20:42 | 000,001,205 | ---- | M] () -- C:\Users\Trey\Desktop\FixNCR.reg
[2012/06/25 00:43:52 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/06/24 22:11:43 | 004,824,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/24 21:33:19 | 000,003,334 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.dat
[2012/06/24 21:33:11 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.bmp
[2012/06/24 21:32:42 | 000,001,265 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat
[2012/06/24 21:32:30 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.bmp
[2012/06/24 21:32:09 | 000,003,627 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.dat
[2012/06/24 21:32:01 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.bmp
[2012/06/24 21:31:57 | 000,485,240 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/06/24 21:29:51 | 000,005,477 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012/06/24 21:29:44 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.bmp
[2012/06/24 21:28:42 | 000,013,082 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/06/24 21:28:40 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2012/06/24 21:28:40 | 000,017,950 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/06/24 21:28:25 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2012/06/24 21:10:13 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/06/24 21:10:13 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/06/24 21:08:45 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/06/24 21:07:54 | 000,000,961 | ---- | M] () -- C:\Users\Trey\Desktop\EXPERTool ATI.lnk
[2012/06/24 21:01:46 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/24 20:52:36 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/06/24 20:52:26 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012/06/24 20:45:51 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
[2012/06/24 20:44:28 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/06/24 20:30:40 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Deluge.lnk
[2012/06/24 18:39:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/06/24 18:23:10 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012/06/24 18:22:01 | 000,030,662 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012/06/22 00:48:48 | 000,118,272 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Trey\AppData\Roaming\asdras.dll
[2012/06/09 13:21:56 | 000,178,688 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll

========== Files Created - No Company Name ==========

[2012/06/25 17:59:26 | 000,000,055 | ---- | C] () -- C:\Users\Trey\Desktop\cmd.bat
[2012/06/25 17:50:20 | 000,001,651 | ---- | C] () -- C:\Users\Trey\AppData\Local\recently-used.xbel
[2012/06/25 17:39:20 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000032.@
[2012/06/25 17:20:47 | 000,001,205 | ---- | C] () -- C:\Users\Trey\Desktop\FixNCR.reg
[2012/06/25 17:10:21 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000064.@
[2012/06/25 17:09:54 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000000.@
[2012/06/25 00:43:52 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/06/24 22:11:41 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\L\00000004.@
[2012/06/24 21:37:11 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\00000008.@
[2012/06/24 21:37:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\00000004.@
[2012/06/24 21:37:10 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\000000cb.@
[2012/06/24 21:33:19 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.bmp
[2012/06/24 21:33:19 | 000,003,334 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.dat
[2012/06/24 21:32:42 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.bmp
[2012/06/24 21:32:42 | 000,001,265 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4b Audio book Encoder.dat
[2012/06/24 21:32:09 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.bmp
[2012/06/24 21:32:09 | 000,003,627 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.dat
[2012/06/24 21:29:51 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.bmp
[2012/06/24 21:29:51 | 000,005,477 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012/06/24 21:28:42 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2012/06/24 21:28:42 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/06/24 21:28:40 | 000,485,240 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/06/24 21:28:40 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2012/06/24 21:28:40 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/06/24 21:23:27 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/06/24 21:10:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/24 21:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/06/24 21:07:54 | 000,000,961 | ---- | C] () -- C:\Users\Trey\Desktop\EXPERTool ATI.lnk
[2012/06/24 21:01:46 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/24 21:01:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/24 20:52:36 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/06/24 20:45:51 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\iFunbox.lnk
[2012/06/24 20:44:28 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/06/24 20:44:28 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/06/24 20:44:01 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/24 20:30:40 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Deluge.lnk
[2012/06/24 19:09:02 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\@
[2012/06/24 18:54:02 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/06/24 18:53:53 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/06/24 18:53:40 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012/06/24 18:53:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/06/24 18:53:39 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/06/24 18:53:39 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/06/24 18:39:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/06/24 18:31:14 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000UA.job
[2012/06/24 18:31:13 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000Core.job
[2012/06/24 18:21:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/06/24 18:21:45 | 000,030,662 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/24 18:13:02 | 000,000,290 | ---- | C] () -- C:\Users\Trey\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/24 18:13:02 | 000,000,272 | ---- | C] () -- C:\Users\Trey\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/06/24 21:36:19 | 000,000,000 | ---D | M] -- C:\Users\Trey\AppData\Roaming\DAEMON Tools Lite
[2012/06/25 17:50:34 | 000,000,000 | ---D | M] -- C:\Users\Trey\AppData\Roaming\deluge
[2012/06/25 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Trey\AppData\Roaming\GetRightToGo
[2012/06/25 17:52:21 | 000,000,000 | ---D | M] -- C:\Users\Trey\AppData\Roaming\TuneUp Software
[2009/07/14 01:08:49 | 000,003,118 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#4
zxiomoixz
Posted 25 June 2012 - 06:58 PM

zxiomoixz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My ComboFix log: (followed by my aswMBR.exe log)


ComboFix 12-06-25.04 - Trey 06/25/2012 20:45:38.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.7092 [GMT -4:00]
Running from: c:\users\Trey\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Trey\AppData\Roaming\asdras.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\@
c:\windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\L\00000004.@
c:\windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\00000004.@
c:\windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\00000008.@
c:\windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\000000cb.@
c:\windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000000.@
c:\windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000032.@
c:\windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 00:47 . 2012-06-26 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 00:38 . 2012-06-26 00:38 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-25 21:59 . 2012-06-25 21:59 -------- d-----w- C:\_OTL
2012-06-25 21:51 . 2012-06-25 21:59 -------- d-----w- c:\programdata\TuneUp Software
2012-06-25 21:51 . 2012-06-25 21:51 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-25 04:43 . 2012-06-25 04:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 04:43 . 2012-06-25 04:43 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 04:43 . 2010-04-29 19:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-06-25 04:43 . 2010-04-29 19:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 02:04 . 2012-06-24 22:12 -------- d-----w- c:\windows\Panther
2012-06-25 01:28 . 2012-06-25 01:31 485240 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-06-25 01:28 . 2012-06-25 01:28 -------- d-----w- c:\program files (x86)\Illustrate
2012-06-25 01:23 . 2012-06-25 01:25 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-25 01:23 . 2012-06-25 01:23 -------- d-----w- c:\windows\SysWow64\Macromed
2012-06-25 01:23 . 2012-06-25 01:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-25 01:20 . 2012-06-25 01:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-25 01:08 . 2012-06-25 01:08 0 ----a-w- c:\windows\ativpsrm.bin
2012-06-25 01:07 . 2012-06-25 01:07 -------- d-----w- c:\program files (x86)\EXPERTool ATI
2012-06-25 01:07 . 2005-09-21 09:32 8704 ----a-w- c:\windows\SysWow64\drivers\TBPanelx64.sys
2012-06-25 01:07 . 2002-07-27 22:01 5306 ----a-w- c:\windows\SysWow64\drivers\TBPanel.sys
2012-06-25 00:52 . 2012-06-25 00:52 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-25 00:52 . 2012-06-25 00:52 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-06-25 00:51 . 2012-06-25 00:51 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-25 00:50 . 2012-06-25 01:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-06-25 00:45 . 2012-06-25 00:45 -------- d-----w- c:\program files (x86)\i-Funbox DevTeam
2012-06-25 00:45 . 2012-06-09 08:29 -------- d-----w- c:\program files (x86)\Tor Browser
2012-06-25 00:44 . 2012-06-25 00:44 -------- d-----w- c:\program files (x86)\ImgBurn
2012-06-25 00:44 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll
2012-06-25 00:43 . 2012-06-25 00:44 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-06-25 00:37 . 2012-06-25 00:48 -------- d-----w- c:\program files\Core Temp
2012-06-25 00:30 . 2012-06-25 00:30 -------- d-----w- c:\program files (x86)\Deluge
2012-06-25 00:30 . 2012-06-25 00:30 -------- d-----w- c:\programdata\ATI
2012-06-25 00:30 . 2012-06-25 00:30 -------- d-----w- c:\program files (x86)\AMD AVT
2012-06-25 00:30 . 2012-06-25 00:30 -------- d-----w- c:\program files (x86)\AMD APP
2012-06-25 00:30 . 2012-06-25 00:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-06-25 00:30 . 2012-06-25 00:30 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-06-25 00:30 . 2012-06-25 00:30 -------- d-----w- c:\programdata\AMD
2012-06-25 00:30 . 2010-02-18 13:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-06-25 00:29 . 2012-06-25 00:29 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-06-25 00:29 . 2012-06-25 00:29 -------- d-----w- c:\program files\ATI
2012-06-25 00:28 . 2012-06-25 00:30 -------- d-----w- c:\program files\ATI Technologies
2012-06-25 00:27 . 2012-06-25 00:27 -------- d-----w- C:\AMD
2012-06-25 00:10 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 00:10 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-25 00:10 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-25 00:10 . 2012-06-25 00:10 -------- d-----w- c:\programdata\Avira
2012-06-25 00:10 . 2012-06-25 00:10 -------- d-----w- c:\program files (x86)\Avira
2012-06-24 23:58 . 2012-06-25 01:01 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-24 23:58 . 2011-02-14 06:04 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2012-06-24 23:57 . 2012-06-24 23:57 -------- d-----w- c:\programdata\Diskeeper Corporation
2012-06-24 23:57 . 2012-06-24 23:57 -------- d-----w- c:\program files\Diskeeper Corporation
2012-06-24 23:57 . 2012-06-24 23:57 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2012-06-24 23:35 . 2012-06-24 23:35 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-24 23:17 . 2012-06-24 23:17 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-06-24 23:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-24 23:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-24 23:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-24 23:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-24 23:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-24 23:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-24 23:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-24 23:12 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-06-24 23:11 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-24 23:11 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-24 23:11 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-24 23:11 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-24 23:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-24 23:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-24 23:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-24 23:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-06-24 23:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-06-24 23:03 . 2012-06-24 23:04 -------- d-----w- c:\windows\system32\SPReview
2012-06-24 22:57 . 2010-11-20 09:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-06-24 22:57 . 2010-11-20 08:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-06-24 22:57 . 2010-11-20 09:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-06-24 22:57 . 2010-11-20 09:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-06-24 22:53 . 2010-11-20 09:27 4400640 ----a-w- c:\program files\DVD Maker\OmdProject.dll
2012-06-24 22:52 . 2012-06-24 22:52 -------- d-----w- c:\windows\system32\EventProviders
2012-06-24 22:30 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{992A9E12-0B2F-40E5-A5A2-EB1D71574ECB}\mpengine.dll
2012-06-24 22:30 . 2012-02-23 14:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-06-24 22:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 22:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 22:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 22:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 22:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 22:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 22:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 22:27 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 22:27 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 22:23 . 2011-06-10 10:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-06-24 22:23 . 2012-06-24 22:23 -------- d-----w- c:\program files (x86)\Realtek
2012-06-24 22:23 . 2012-06-24 22:23 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-06-24 22:18 . 2012-06-26 00:48 -------- d-----w- c:\program files (x86)\CyberPower PowerPanel Personal Edition
2012-06-24 22:17 . 2012-06-25 21:59 -------- d-sh--w- c:\windows\Installer
2012-06-24 22:13 . 2012-06-24 22:13 -------- d-----w- c:\users\Trey
2012-06-24 22:12 . 2012-06-24 22:12 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 23:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-24 23:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-25 16:11 . 2012-04-25 16:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 16:11 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:32 . 2012-04-06 02:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 02:32 . 2012-04-06 02:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-04-20 06:07 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-04-20 05:27 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-04-20 05:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Gainward"="c:\program files (x86)\EXPERTool ATI\TBPanel.exe" [2008-07-31 2296360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2009-05-27 315392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S3 ALSysIO;ALSysIO;d:\bak\cache\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000Core.job
- c:\users\Trey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 06:38]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-199241184-3945020382-703911535-1000UA.job
- c:\users\Trey\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 06:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-asdras - c:\users\Trey\AppData\Roaming\asdras.dll
AddRemove-dBpoweramp AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Nero AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4b Audio book Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\DAODx.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
.
**************************************************************************
.
Completion time: 2012-06-25 20:49:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 00:49
.
Pre-Run: 42,949,689,344 bytes free
Post-Run: 42,855,571,456 bytes free
.
- - End Of File - - A9E21D44DF31546B09F8619605747A8B
  • 0

#5
zxiomoixz
Posted 25 June 2012 - 07:03 PM

zxiomoixz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My aswMBR.exe log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 20:58:56
-----------------------------
20:58:56.947 OS Version: Windows x64 6.1.7601 Service Pack 1
20:58:56.947 Number of processors: 4 586 0x402
20:58:56.947 ComputerName: TREY-PC UserName: Trey
20:58:57.181 Initialize success
20:59:25.924 AVAST engine defs: 12062501
20:59:44.086 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
20:59:44.086 Disk 0 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
20:59:44.086 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-a
20:59:44.086 Disk 1 Vendor: C300-CTFDDAC064MAG 0006 Size: 61057MB BusType: 3
20:59:44.101 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-8
20:59:44.101 Disk 2 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
20:59:44.101 Disk 1 MBR read successfully
20:59:44.101 Disk 1 MBR scan
20:59:44.117 Disk 1 Windows 7 default MBR code
20:59:44.117 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:59:44.117 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
20:59:44.117 Disk 1 scanning C:\Windows\system32\drivers
20:59:46.597 Service scanning
20:59:52.588 Modules scanning
20:59:52.588 Disk 1 trace - called modules:
20:59:52.588 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006b672c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:59:52.588 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007bbc060]
20:59:52.603 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8007636520]
20:59:52.603 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-a[0xfffffa80075e7060]
20:59:52.603 \Driver\atapi[0xfffffa8006cc9060] -> IRP_MJ_CREATE -> 0xfffffa8006b672c0
20:59:52.728 AVAST engine scan C:\Windows
20:59:53.258 AVAST engine scan C:\Windows\system32
21:00:45.113 AVAST engine scan C:\Windows\system32\drivers
21:00:47.640 AVAST engine scan C:\Users\Trey
21:00:51.072 AVAST engine scan C:\ProgramData
21:00:54.411 Scan finished successfully
21:01:22.600 Disk 1 MBR has been saved successfully to "C:\Users\Trey\Desktop\MBR.dat"
21:01:22.600 The log file has been saved successfully to "C:\Users\Trey\Desktop\aswMBR.txt"



Again thank you so much for helping me out I really appreciate it! :)
  • 0

#6
zxiomoixz
Posted 25 June 2012 - 07:20 PM

zxiomoixz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Well I just did another scan with Avira and here is the log the was produced:

So where do I go from here? Should I just reformat? Would that save time and effort in the end compared to trying to clean what I have currently installed?


Avira Free Antivirus
Report file date: Monday, June 25, 2012 21:09

Scanning for 3869467 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Professional
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Trey
Computer name : TREY-PC

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/2/2012 04:48:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 6/25/2012 00:13:32
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.29.136 2166272 Bytes 5/10/2012 00:13:11
VBASE006.VDF : 7.11.29.137 2048 Bytes 5/10/2012 00:13:11
VBASE007.VDF : 7.11.29.138 2048 Bytes 5/10/2012 00:13:12
VBASE008.VDF : 7.11.29.139 2048 Bytes 5/10/2012 00:13:12
VBASE009.VDF : 7.11.29.140 2048 Bytes 5/10/2012 00:13:12
VBASE010.VDF : 7.11.29.141 2048 Bytes 5/10/2012 00:13:12
VBASE011.VDF : 7.11.29.142 2048 Bytes 5/10/2012 00:13:12
VBASE012.VDF : 7.11.29.143 2048 Bytes 5/10/2012 00:13:13
VBASE013.VDF : 7.11.29.144 2048 Bytes 5/10/2012 00:13:13
VBASE014.VDF : 7.11.30.3 198144 Bytes 5/14/2012 00:13:13
VBASE015.VDF : 7.11.30.69 186368 Bytes 5/17/2012 00:13:13
VBASE016.VDF : 7.11.30.143 223744 Bytes 5/21/2012 00:13:14
VBASE017.VDF : 7.11.30.207 287744 Bytes 5/23/2012 00:13:15
VBASE018.VDF : 7.11.31.57 188416 Bytes 5/28/2012 00:13:15
VBASE019.VDF : 7.11.31.111 214528 Bytes 5/30/2012 00:13:18
VBASE020.VDF : 7.11.31.151 116736 Bytes 5/31/2012 00:13:18
VBASE021.VDF : 7.11.31.205 134144 Bytes 6/3/2012 00:13:19
VBASE022.VDF : 7.11.32.9 169472 Bytes 6/5/2012 00:13:20
VBASE023.VDF : 7.11.32.85 155648 Bytes 6/8/2012 00:13:20
VBASE024.VDF : 7.11.32.133 127488 Bytes 6/11/2012 00:13:20
VBASE025.VDF : 7.11.32.171 182784 Bytes 6/12/2012 00:13:21
VBASE026.VDF : 7.11.32.251 119296 Bytes 6/14/2012 00:13:21
VBASE027.VDF : 7.11.33.83 159232 Bytes 6/18/2012 00:13:22
VBASE028.VDF : 7.11.33.195 200192 Bytes 6/22/2012 00:13:23
VBASE029.VDF : 7.11.33.196 2048 Bytes 6/22/2012 00:13:23
VBASE030.VDF : 7.11.33.197 2048 Bytes 6/22/2012 00:13:24
VBASE031.VDF : 7.11.34.2 105984 Bytes 6/25/2012 00:12:35
Engine version : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 6/25/2012 00:13:29
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 6/25/2012 00:13:29
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/25/2012 00:13:30
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.2.16.22 807288 Bytes 6/25/2012 00:13:29
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 6/25/2012 00:13:29
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 6/25/2012 00:13:29
AEHELP.DLL : 8.1.21.0 254326 Bytes 6/25/2012 00:13:26
AEGEN.DLL : 8.1.5.30 422261 Bytes 6/25/2012 00:13:26
AEEXP.DLL : 8.1.0.54 82293 Bytes 6/25/2012 00:13:30
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/21/2012 05:22:36
AECORE.DLL : 8.1.25.10 201080 Bytes 6/25/2012 00:13:25
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/2/2012 04:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/2/2012 06:03:52
RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/2/2012 19:40:44

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: off
Macro heuristic.....................: on
File heuristic......................: off

Start of the scan: Monday, June 25, 2012 21:09

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'pppeuser.exe' - '1' Module(s) have been scanned
Scan process 'TBPANEL.exe' - '1' Module(s) have been scanned
Scan process 'ppped.exe' - '1' Module(s) have been scanned
Scan process 'DAODx.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '994' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Qoobox\Quarantine\C\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\[email protected]
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\[email protected]
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\[email protected]
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

Beginning disinfection:
C:\Qoobox\Quarantine\C\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\[email protected]
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '56d5a1a6.qua'.
C:\Qoobox\Quarantine\C\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\[email protected]
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e428e01.qua'.
C:\Qoobox\Quarantine\C\Windows\Installer\{d99d6dce-73a6-c504-2fb3-ca09eeea494c}\U\[email protected]
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1c1dd4e9.qua'.


End of the scan: Monday, June 25, 2012 21:17
Used time: 07:45 Minute(s)

The scan has been done completely.

26467 Scanned directories
129202 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
129199 Files not concerned
0 Archives were scanned
0 Warnings
3 Notes
  • 0

#7
zxiomoixz
Posted 25 June 2012 - 07:31 PM

zxiomoixz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
HaHa! I realize now that those detections were previously quarantined...I rescanned and all is clean, thank you so much you rock!!! Let me know if there is anything else I need to do before conclusion thanx! :D
  • 0

#8
Essexboy
Posted 26 June 2012 - 07:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aha that always catches every one out :lol:

Now is just a sweep for orphans and ensuring that all works as it should

Could you now update Malwarebytes, run a quick scan and post the resultant log please..

Also what other problems are you experiencing ?
  • 0

#9
Essexboy
Posted 30 June 2012 - 04:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP