Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't remove trojan [Solved]


  • This topic is locked This topic is locked

#1
two cents

two cents

    Member

  • Member
  • PipPip
  • 12 posts
I started off in avast and was directed here to help with my virus/malware troubles, this is a vary nasty trojan that just refuses to go. I tried to scan using avast before it boots up into windows but when i try to delete the trojan it gives me an error saying i can't delete,move to chest or repair. Can i get help to remove the trojans & virus's? I would be grateful.

Repair - Error 42060 {The file was not repaired.},
Delete - Error 0x0000034 {Object not found.},
Move to chest - Error 0x000009c {STATUS_DEVICE_DATA_ERROR}

Malwarebytes report
Trojan.Dropper.BCMiner File C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\00000008.@
PUP.Blabbers Registry Value HKCR\protocols\Handler\base64|CLSID Value: base64|CLSID
PUP.Blabbers Registry Key HKCR PROTOCOLS\HANDLER\BASE64
PUP.Blabbers Registry Value HKCR\protocols\Handler\chrome|CLSID Value: crome|CLSID
PUP.Blabbers Registry Key HKCR PROTOCOLS\HANDLER\CHROME
PUP.Blabbers Registry Value HKCR\protocols\Handler\base64|CLSID Value: prox|CLSID
PUP.Blabbers Registry Key HKCR PROTOCOLS\HANDLER\PROX
PUP.Blabbers Registry Value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper value: Run|Browser companion helper

Reimage report

c:\windows\system32\services.exe --- Win64/Patched.B.a.k.a W32/Patched.UA

Heur.Agent/Gen-WhiteBox
D:\DOCUMENTS AND SETTINGS\*****\DESKTOP\NEW BRIEFCASE\UNIVERSAL-USBINSTALLER-V1.7.2.EXE

I tried a lot of other programs and they say Win32Sirefef and HEUR:Backdoor.Win64.Generic
It likes to open web pages to spam sites.

OTL.Txt log

OTL logfile created on: 8/2/2012 1:36:40 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\*****\Downloads
64bit- Enterprise Edition Service Pack 3 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: UW SPACE STATION Dock23| Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 70.69% Memory free
12.00 Gb Paging File | 10.08 Gb Available in Paging File | 84.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400.00 Gb Total Space | 72.83 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 28.47 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 11:45:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Downloads\OTL.exe
PRC - [2012/07/18 19:31:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/19 13:23:29 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/05 06:20:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/21 02:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 19:30:43 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/19 13:23:28 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/05/01 01:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/03/25 10:21:22 | 005,018,624 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 19:31:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/05 06:20:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/27 08:02:29 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/27 07:52:15 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/08/05 02:14:03 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/28 19:16:30 | 000,768,000 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6POD64.sys -- (L6POD)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/08/09 10:57:18 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010/05/28 07:55:10 | 000,354,320 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/10/31 00:37:40 | 000,021,520 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2007/09/05 12:04:48 | 000,077,872 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2011/08/05 00:31:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 505687632
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://ssl.scroogle.org/"
FF - prefs.js..keyword.URL: "https://ixquick.com/...cat=web&query="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\*****\AppData\LocalLow\raidcall\plugins\webplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/04 11:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 19:31:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/25 15:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\Mozilla\Extensions
[2012/08/01 19:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions
[2012/05/19 12:43:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/01 19:13:19 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions\[email protected]
[2012/07/31 01:29:18 | 000,001,590 | ---- | M] () -- C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\searchplugins\ixquick-https.xml
[2012/03/27 09:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/31 16:23:09 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/07/31 01:25:17 | 000,195,889 | ---- | M] () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/02/23 12:59:40 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/02/23 12:59:39 | 000,029,967 | ---- | M] () (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 19:31:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/23 09:27:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/23 09:27:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll ( )
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll (ReImage)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar ******\Rockstar ****** Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41928061-B2C7-42C6-8D6C-E0EA27DEAAB9}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 20:07:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38569860-190a-11e1-9b13-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{38569860-190a-11e1-9b13-00e04d6509d3}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{392bb2d7-1907-11e1-9c99-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{392bb2d7-1907-11e1-9c99-00e04d6509d3}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{431dd1dd-42d0-11e1-b5d4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{431dd1dd-42d0-11e1-b5d4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FHD2303L.exe
O33 - MountPoints2\{a7044560-9b1e-11e1-9798-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{a7044560-9b1e-11e1-9798-00e04d6509d3}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 11:51:53 | 001,079,112 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\******\Desktop\procexp64.exe
[2012/08/02 11:51:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/01 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/01 21:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/01 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/01 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/01 19:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/08/01 19:13:28 | 000,000,000 | ---D | C] -- C:\rei
[2012/08/01 19:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/08/01 19:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/08/01 00:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/01 00:26:07 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/08/01 00:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/31 22:43:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/31 22:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/31 22:26:48 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\DriverCure
[2012/07/31 22:26:47 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\SpeedyPC Software
[2012/07/31 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/31 22:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/31 22:03:10 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Downloads
[2012/07/31 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\GetRightToGo
[2012/07/31 19:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PLAV
[2012/07/31 19:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2012/07/31 19:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/07/31 17:34:27 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2012/07/31 17:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/31 17:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 17:34:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/31 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/31 17:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/07/31 02:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/07/31 02:58:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\adaware
[2012/07/31 02:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/07/31 02:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/07/31 02:58:01 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Downloaded Installations
[2012/07/31 02:57:23 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Ad-Aware Antivirus
[2012/07/30 15:16:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/12 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Chromium
[2012/07/12 00:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
[2012/07/11 16:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\****_***
[2012/07/05 19:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/02 13:39:57 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 13:39:57 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 13:38:18 | 000,713,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 13:38:18 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 13:38:18 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/02 13:33:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 13:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 12:04:09 | 536,469,503 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 11:51:53 | 001,079,112 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\******\Desktop\procexp64.exe
[2012/08/02 11:05:06 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/02 04:25:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/02 00:08:52 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/01 21:06:05 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 88ff3227-76e6-407d-a56e-105e99f323e5.job
[2012/08/01 21:06:05 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 074802e1-9351-4e42-a8db-5747d2dd026e.job
[2012/08/01 21:05:28 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/01 19:14:37 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/08/01 19:13:29 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/08/01 00:26:07 | 000,003,205 | ---- | M] () -- C:\Users\******\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/31 22:26:40 | 000,001,199 | ---- | M] () -- C:\Users\******\Desktop\SpeedyPC Pro.lnk
[2012/07/31 22:25:01 | 210,999,322 | ---- | M] () -- C:\Users\******\Documents\regedit7-31-12virused.reg
[2012/07/31 21:18:43 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job
[2012/07/31 21:18:43 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2012/07/31 19:57:43 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/07/31 19:57:43 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/07/31 17:34:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 13:10:40 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/12 05:46:09 | 000,001,596 | ---- | M] () -- C:\Users\******\Desktop\PlayMaxPayne3.exe - Shortcut.lnk
[2012/07/12 00:26:30 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Max Payne 3.lnk
[2012/07/05 19:55:27 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/04 20:05:15 | 116,735,333 | ---- | M] () -- C:\Users\******\Documents\oceangrid0-14ft4z3.skp
[2012/07/04 11:26:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/02 12:02:51 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\80000032.@
[2012/08/02 12:02:51 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\80000064.@
[2012/08/02 12:02:50 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\80000000.@
[2012/08/02 12:02:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\00000004.@
[2012/08/02 12:02:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\000000cb.@
[2012/08/02 04:25:59 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\00000008.@
[2012/08/01 21:06:05 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 88ff3227-76e6-407d-a56e-105e99f323e5.job
[2012/08/01 21:06:05 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 074802e1-9351-4e42-a8db-5747d2dd026e.job
[2012/08/01 21:05:28 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/01 19:14:18 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/01 19:13:29 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/08/01 00:26:07 | 000,003,205 | ---- | C] () -- C:\Users\******\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/31 22:26:40 | 000,001,199 | ---- | C] () -- C:\Users\******\Desktop\SpeedyPC Pro.lnk
[2012/07/31 22:24:33 | 210,999,322 | ---- | C] () -- C:\Users\******\Documents\regedit7-31-12virused.reg
[2012/07/31 19:57:43 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/07/31 19:57:43 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/07/31 19:50:45 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2012/07/31 19:50:44 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job
[2012/07/31 17:34:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 13:10:38 | 000,000,104 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/30 15:11:24 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\L\00000004.@
[2012/07/12 05:46:09 | 000,001,596 | ---- | C] () -- C:\Users\******\Desktop\PlayMaxPayne3.exe - Shortcut.lnk
[2012/07/12 00:26:30 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Max Payne 3.lnk
[2012/07/05 19:55:27 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/05/28 22:43:20 | 000,005,533 | ---- | C] () -- C:\Users\******\AppData\Local\recently-used.xbel
[2012/04/17 22:57:00 | 000,054,000 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2012/02/23 16:36:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\@
[2012/02/23 16:36:11 | 000,002,048 | -HS- | C] () -- C:\Users\******\AppData\Local\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\@
[2012/02/23 09:29:44 | 000,000,017 | ---- | C] () -- C:\Users\******\AppData\Local\resmon.resmoncfg
[2011/12/25 15:12:53 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/25 15:12:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/25 13:48:20 | 000,001,010 | RHS- | C] () -- C:\Users\******\ntuser.pol
[2011/12/01 05:57:26 | 000,722,680 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2011/12/01 05:57:26 | 000,300,816 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2011/10/17 00:32:57 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/10/17 00:32:46 | 001,362,460 | ---- | C] () -- C:\Windows\SysWow64\ExpansionHD_Firmware.bin
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/08 05:49:52 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 17:29:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/04 22:38:54 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

========== LOP Check ==========

[2012/07/31 13:06:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Ad-Aware Antivirus
[2012/04/21 05:36:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\**********
[2011/12/25 19:23:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Cakewalk
[2012/07/11 16:06:19 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Lite
[2012/05/13 10:52:11 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAPE
[2012/05/13 11:08:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Deepnet Explorer
[2012/07/31 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DriverCure
[2012/07/31 22:26:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GetRightToGo
[2012/05/25 01:51:30 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Need for Speed World
[2012/05/13 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Opera
[2011/12/25 14:43:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin
[2012/04/17 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Proxifier
[2012/07/31 22:26:47 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\SpeedyPC Software
[2012/07/11 15:28:30 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\*********
[2012/07/31 21:18:43 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
[2012/07/31 21:18:43 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2012/06/09 03:38:31 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/01 21:06:05 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 074802e1-9351-4e42-a8db-5747d2dd026e.job
[2012/08/01 21:06:05 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 88ff3227-76e6-407d-a56e-105e99f323e5.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 957 bytes -> C:\ProgramData\Microsoft:MDaCYq8MivnCUFPPJ0MIfd
@Alternate Data Stream - 1128 bytes -> C:\ProgramData\Microsoft:KpL13vzY9sM3C4QIabPjf0s
@Alternate Data Stream - 1044 bytes -> C:\Program Files (x86)\Common Files\System:IQmhbBHGLY2DCJmNZ20wdHF

< End of report >


Let me know if you need any more information.
  • 0

Advertisements


#2
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Hello two cents, Welcome to GeeksToGo

My name is dxfan101010 (dxfan for short) and I will be assisting you with your malware issue. Before continuing please read this post carefully.
  • ** Please not i am still training every post must be approved by my advisor, so expect a minor delay.
  • It is recommended that you Print Or Save these instructions to The Desktop, as part of the fix could involve using Safe Mode
  • Malware removal is a multistage process. Please stay with me until I give you the All Clear
  • One that note please realize that these logs take time to review and I am a volunteer. Please be patient while I review your logs.
  • Follow all directions in the Order Posted. Not following the order can cause problems instead of fixing them.
  • Please Do Not run any programs / scans unless I request them.
  • When asked to post logs, Please Do Not use the attachment feature. Instead copy and paste them directly into your post.
  • If you have any questions, ask them Before continuing with the directions.
  • In order to remain fair, If you don't reply to this thread within 3 days it will be closed.
  • If you have run any removal programs or have experienced a change in symptoms since you posted this log please tell me.




FIrst of, If you starred out your user name Please dont . It will make it harder to fix this infection. If you must star it out i will need you to Private message me this line, copied right from the log. If your user name is ******, please tell me.

C:\Users\******\AppData\Roaming\Cakewalk






Second

  • Double click on the icon to run OTL. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a window. OTL.Txt . These are saved in the same location as OTL.
  • Post The log in your next reply.

  • 0

#3
two cents

two cents

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 8/2/2012 10:51:08 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\games\Desktop
64bit- Enterprise Edition Service Pack 3 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 73.12% Memory free
12.00 Gb Paging File | 9.98 Gb Available in Paging File | 83.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400.00 Gb Total Space | 72.07 Gb Free Space | 18.02% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 28.47 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: HTTP | User Name: games | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 11:45:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\games\Desktop\OTL.exe
PRC - [2012/07/18 19:31:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/05 06:20:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/21 02:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 19:30:43 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/05/01 01:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/03/25 10:21:22 | 005,018,624 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 19:31:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/05 06:20:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/27 08:02:29 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/27 07:52:15 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/08/05 02:14:03 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/28 19:16:30 | 000,768,000 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6POD64.sys -- (L6POD)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/08/09 10:57:18 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010/05/28 07:55:10 | 000,354,320 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/10/31 00:37:40 | 000,021,520 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2007/09/05 12:04:48 | 000,077,872 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2011/08/05 00:31:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 505687632
IE - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://ssl.scroogle.org/"
FF - prefs.js..keyword.URL: "https://ixquick.com/...cat=web&query="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\games\AppData\LocalLow\raidcall\plugins\webplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/04 11:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 19:31:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/25 15:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\games\AppData\Roaming\Mozilla\Extensions
[2012/08/01 19:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions
[2012/05/19 12:43:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/01 19:13:19 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions\[email protected]
[2012/07/31 01:29:18 | 000,001,590 | ---- | M] () -- C:\Users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\searchplugins\ixquick-https.xml
[2012/03/27 09:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/31 16:23:09 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\GAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/07/31 01:25:17 | 000,195,889 | ---- | M] () (No name found) -- C:\USERS\GAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/02/23 12:59:40 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\GAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/02/23 12:59:39 | 000,029,967 | ---- | M] () (No name found) -- C:\USERS\GAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 19:31:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/23 09:27:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/23 09:27:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll ( )
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll (ReImage)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41928061-B2C7-42C6-8D6C-E0EA27DEAAB9}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 20:07:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38569860-190a-11e1-9b13-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{38569860-190a-11e1-9b13-00e04d6509d3}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{392bb2d7-1907-11e1-9c99-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{392bb2d7-1907-11e1-9c99-00e04d6509d3}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{431dd1dd-42d0-11e1-b5d4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{431dd1dd-42d0-11e1-b5d4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FHD2303L.exe
O33 - MountPoints2\{a7044560-9b1e-11e1-9798-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{a7044560-9b1e-11e1-9798-00e04d6509d3}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 22:50:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\games\Desktop\OTL.exe
[2012/08/02 22:40:05 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/02 22:40:04 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/02 11:51:53 | 001,079,112 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\games\Desktop\procexp64.exe
[2012/08/02 11:51:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/01 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/01 21:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/01 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/01 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/01 19:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/08/01 19:13:28 | 000,000,000 | ---D | C] -- C:\rei
[2012/08/01 19:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/08/01 19:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/08/01 00:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/01 00:26:07 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/08/01 00:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/31 22:43:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/31 22:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/31 22:26:48 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\DriverCure
[2012/07/31 22:26:47 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\SpeedyPC Software
[2012/07/31 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/31 22:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/31 22:03:10 | 000,000,000 | ---D | C] -- C:\Users\games\Desktop\Downloads
[2012/07/31 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\GetRightToGo
[2012/07/31 19:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PLAV
[2012/07/31 19:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2012/07/31 19:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/07/31 17:34:27 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\Malwarebytes
[2012/07/31 17:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/31 17:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 17:34:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/31 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/31 17:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/07/31 02:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/07/31 02:58:57 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Local\adaware
[2012/07/31 02:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/07/31 02:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/07/31 02:58:01 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Local\Downloaded Installations
[2012/07/31 02:57:23 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\Ad-Aware Antivirus
[2012/07/30 15:16:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/12 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Local\Chromium
[2012/07/12 00:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
[2012/07/11 16:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black_Box
[2012/07/05 19:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/02 22:50:07 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 22:50:07 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 22:48:20 | 000,713,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 22:48:20 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 22:48:20 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/02 22:43:12 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 22:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 22:42:36 | 536,469,503 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 22:40:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/02 22:05:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/02 11:51:53 | 001,079,112 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\games\Desktop\procexp64.exe
[2012/08/02 11:45:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\games\Desktop\OTL.exe
[2012/08/02 04:25:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/02 00:08:52 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/01 21:06:05 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 88ff3227-76e6-407d-a56e-105e99f323e5.job
[2012/08/01 21:06:05 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 074802e1-9351-4e42-a8db-5747d2dd026e.job
[2012/08/01 21:05:28 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/01 19:14:37 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/08/01 19:13:29 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/08/01 00:26:07 | 000,003,205 | ---- | M] () -- C:\Users\games\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/31 22:26:40 | 000,001,199 | ---- | M] () -- C:\Users\games\Desktop\SpeedyPC Pro.lnk
[2012/07/31 22:25:01 | 210,999,322 | ---- | M] () -- C:\Users\games\Documents\regedit7-31-12virused.reg
[2012/07/31 21:18:43 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job
[2012/07/31 21:18:43 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2012/07/31 19:57:43 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/07/31 19:57:43 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/07/31 17:34:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 13:10:40 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/12 05:46:09 | 000,001,596 | ---- | M] () -- C:\Users\games\Desktop\PlayMaxPayne3.exe - Shortcut.lnk
[2012/07/12 00:26:30 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Max Payne 3.lnk
[2012/07/05 19:55:27 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/04 20:05:15 | 116,735,333 | ---- | M] () -- C:\Users\games\Documents\oceangrid0-14ft4z3.skp
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/02 12:02:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\00000004.@
[2012/08/02 12:02:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\000000cb.@
[2012/08/02 04:25:59 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\00000008.@
[2012/08/01 21:06:05 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 88ff3227-76e6-407d-a56e-105e99f323e5.job
[2012/08/01 21:06:05 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 074802e1-9351-4e42-a8db-5747d2dd026e.job
[2012/08/01 21:05:28 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/01 19:14:18 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/01 19:13:29 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/08/01 00:26:07 | 000,003,205 | ---- | C] () -- C:\Users\games\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/31 22:26:40 | 000,001,199 | ---- | C] () -- C:\Users\games\Desktop\SpeedyPC Pro.lnk
[2012/07/31 22:24:33 | 210,999,322 | ---- | C] () -- C:\Users\games\Documents\regedit7-31-12virused.reg
[2012/07/31 19:57:43 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/07/31 19:57:43 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/07/31 19:50:45 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2012/07/31 19:50:44 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job
[2012/07/31 17:34:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 13:10:38 | 000,000,104 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/30 15:11:24 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\L\00000004.@
[2012/07/12 05:46:09 | 000,001,596 | ---- | C] () -- C:\Users\games\Desktop\PlayMaxPayne3.exe - Shortcut.lnk
[2012/07/12 00:26:30 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Max Payne 3.lnk
[2012/07/05 19:55:27 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/05/28 22:43:20 | 000,005,533 | ---- | C] () -- C:\Users\games\AppData\Local\recently-used.xbel
[2012/04/17 22:57:00 | 000,054,000 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2012/02/23 16:36:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\@
[2012/02/23 16:36:11 | 000,002,048 | -HS- | C] () -- C:\Users\games\AppData\Local\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\@
[2012/02/23 09:29:44 | 000,000,017 | ---- | C] () -- C:\Users\games\AppData\Local\resmon.resmoncfg
[2011/12/25 15:12:53 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/25 15:12:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/25 13:48:20 | 000,001,010 | RHS- | C] () -- C:\Users\games\ntuser.pol
[2011/12/01 05:57:26 | 000,722,680 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2011/12/01 05:57:26 | 000,300,816 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2011/10/17 00:32:57 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/10/17 00:32:46 | 001,362,460 | ---- | C] () -- C:\Windows\SysWow64\ExpansionHD_Firmware.bin
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/08 05:49:52 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 17:29:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/04 22:38:54 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 957 bytes -> C:\ProgramData\Microsoft:MDaCYq8MivnCUFPPJ0MIfd
@Alternate Data Stream - 1128 bytes -> C:\ProgramData\Microsoft:KpL13vzY9sM3C4QIabPjf0s
@Alternate Data Stream - 1044 bytes -> C:\Program Files (x86)\Common Files\System:IQmhbBHGLY2DCJmNZ20wdHF

< End of report >
  • 0

#4
two cents

two cents

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay did the past but it past Selected All Users so i don't know if that will change anything. I know to not do anything else and to let you know if ANYTHING isn't right or might not be correct. Would it matter if i also past the "Select All Users Under the Custom Scan box past this in"? Anyways i put the log below so you can see it after it was done scanning.
Also i know i it put the "CREATERESTOREPOINT" in it but when i just looked its not in it. I saw the bottom part but not the top part so i know for sure it was in it.

"Select All Users
Under the Custom Scan box paste this in
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s"





OTL logfile created on: 8/3/2012 6:07:44 AM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\games\Desktop
64bit- Enterprise Edition Service Pack 3 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.35 Gb Available Physical Memory | 72.54% Memory free
12.00 Gb Paging File | 10.10 Gb Available in Paging File | 84.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400.00 Gb Total Space | 72.07 Gb Free Space | 18.02% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 28.47 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: HTTP | User Name: games | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 11:45:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\games\Desktop\OTL.exe
PRC - [2012/07/18 19:31:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/05 06:20:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/21 02:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 19:30:43 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/05/01 01:32:08 | 000,054,000 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/03/25 10:21:22 | 005,018,624 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 19:31:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/05 06:20:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/27 08:02:29 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/27 07:52:15 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/08/05 02:14:03 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/28 19:16:30 | 000,768,000 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6POD64.sys -- (L6POD)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/08/09 10:57:18 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010/05/28 07:55:10 | 000,354,320 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/10/31 00:37:40 | 000,021,520 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2007/09/05 12:04:48 | 000,077,872 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2007/07/23 07:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 09:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2011/08/05 00:31:33 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 505687632
IE - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://ssl.scroogle.org/"
FF - prefs.js..keyword.URL: "https://ixquick.com/...cat=web&query="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\games\AppData\LocalLow\raidcall\plugins\webplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/04 11:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 19:31:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/25 15:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\games\AppData\Roaming\Mozilla\Extensions
[2012/08/01 19:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions
[2012/05/19 12:43:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/01 19:13:19 | 000,000,000 | ---D | M] (ReImage Helper) -- C:\Users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\extensions\[email protected]
[2012/07/31 01:29:18 | 000,001,590 | ---- | M] () -- C:\Users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\searchplugins\ixquick-https.xml
[2012/03/27 09:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/31 16:23:09 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\GAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/07/31 01:25:17 | 000,195,889 | ---- | M] () (No name found) -- C:\USERS\GAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/02/23 12:59:40 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\GAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/02/23 12:59:39 | 000,029,967 | ---- | M] () (No name found) -- C:\USERS\GAMES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZE3C4SMI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 19:31:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/23 09:27:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/23 09:27:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ReImage Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll ( )
O2 - BHO: (ReImage Browser Helper) - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll (ReImage)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4021335638-3949802892-3917180513-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\PrxerNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41928061-B2C7-42C6-8D6C-E0EA27DEAAB9}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 20:07:10 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{38569860-190a-11e1-9b13-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{38569860-190a-11e1-9b13-00e04d6509d3}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{392bb2d7-1907-11e1-9c99-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{392bb2d7-1907-11e1-9c99-00e04d6509d3}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{431dd1dd-42d0-11e1-b5d4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{431dd1dd-42d0-11e1-b5d4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FHD2303L.exe
O33 - MountPoints2\{a7044560-9b1e-11e1-9798-00e04d6509d3}\Shell - "" = AutoRun
O33 - MountPoints2\{a7044560-9b1e-11e1-9798-00e04d6509d3}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 22:50:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\games\Desktop\OTL.exe
[2012/08/02 22:40:05 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/02 22:40:04 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/02 11:51:53 | 001,079,112 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\games\Desktop\procexp64.exe
[2012/08/02 11:51:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/01 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/01 21:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/01 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/01 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/01 19:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/08/01 19:13:28 | 000,000,000 | ---D | C] -- C:\rei
[2012/08/01 19:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/08/01 19:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReImageCompanion
[2012/08/01 00:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/01 00:26:07 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/08/01 00:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/31 22:43:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/31 22:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/31 22:26:48 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\DriverCure
[2012/07/31 22:26:47 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\SpeedyPC Software
[2012/07/31 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/31 22:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/31 22:03:10 | 000,000,000 | ---D | C] -- C:\Users\games\Desktop\Downloads
[2012/07/31 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\GetRightToGo
[2012/07/31 19:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PLAV
[2012/07/31 19:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2012/07/31 19:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/07/31 17:34:27 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\Malwarebytes
[2012/07/31 17:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/31 17:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 17:34:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/31 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/31 17:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/07/31 02:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/07/31 02:58:57 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Local\adaware
[2012/07/31 02:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/07/31 02:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/07/31 02:58:01 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Local\Downloaded Installations
[2012/07/31 02:57:23 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Roaming\Ad-Aware Antivirus
[2012/07/30 15:16:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/12 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\games\AppData\Local\Chromium
[2012/07/12 00:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
[2012/07/11 16:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black_Box
[2012/07/05 19:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\*.tmp files -> C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/03 06:09:15 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 06:09:15 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 06:07:20 | 000,713,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/03 06:07:20 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/03 06:07:20 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 06:05:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 06:02:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/03 06:01:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 06:01:52 | 536,469,503 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 22:40:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/02 11:51:53 | 001,079,112 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\games\Desktop\procexp64.exe
[2012/08/02 11:45:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\games\Desktop\OTL.exe
[2012/08/02 04:25:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/02 00:08:52 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/01 21:06:05 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 88ff3227-76e6-407d-a56e-105e99f323e5.job
[2012/08/01 21:06:05 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 074802e1-9351-4e42-a8db-5747d2dd026e.job
[2012/08/01 21:05:28 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/01 19:14:37 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/08/01 19:13:29 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/08/01 00:26:07 | 000,003,205 | ---- | M] () -- C:\Users\games\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/31 22:26:40 | 000,001,199 | ---- | M] () -- C:\Users\games\Desktop\SpeedyPC Pro.lnk
[2012/07/31 22:25:01 | 210,999,322 | ---- | M] () -- C:\Users\games\Documents\regedit7-31-12virused.reg
[2012/07/31 21:18:43 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job
[2012/07/31 21:18:43 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2012/07/31 19:57:43 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/07/31 19:57:43 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/07/31 17:34:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 13:10:40 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/12 05:46:09 | 000,001,596 | ---- | M] () -- C:\Users\games\Desktop\PlayMaxPayne3.exe - Shortcut.lnk
[2012/07/12 00:26:30 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Max Payne 3.lnk
[2012/07/05 19:55:27 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/04 20:05:15 | 116,735,333 | ---- | M] () -- C:\Users\games\Documents\oceangrid0-14ft4z3.skp
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/02 12:02:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\00000004.@
[2012/08/02 12:02:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\000000cb.@
[2012/08/02 04:25:59 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U\00000008.@
[2012/08/01 21:06:05 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 88ff3227-76e6-407d-a56e-105e99f323e5.job
[2012/08/01 21:06:05 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 074802e1-9351-4e42-a8db-5747d2dd026e.job
[2012/08/01 21:05:28 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/01 19:14:18 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/01 19:13:29 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/08/01 00:26:07 | 000,003,205 | ---- | C] () -- C:\Users\games\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/31 22:26:40 | 000,001,199 | ---- | C] () -- C:\Users\games\Desktop\SpeedyPC Pro.lnk
[2012/07/31 22:24:33 | 210,999,322 | ---- | C] () -- C:\Users\games\Documents\regedit7-31-12virused.reg
[2012/07/31 19:57:43 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/07/31 19:57:43 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/07/31 19:50:45 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
[2012/07/31 19:50:44 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Anti-Virus PLUS.job
[2012/07/31 17:34:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 13:10:38 | 000,000,104 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/30 15:11:24 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\L\00000004.@
[2012/07/12 05:46:09 | 000,001,596 | ---- | C] () -- C:\Users\games\Desktop\PlayMaxPayne3.exe - Shortcut.lnk
[2012/07/12 00:26:30 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Max Payne 3.lnk
[2012/07/05 19:55:27 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/05/28 22:43:20 | 000,005,533 | ---- | C] () -- C:\Users\games\AppData\Local\recently-used.xbel
[2012/04/17 22:57:00 | 000,054,000 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2012/02/23 16:36:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\@
[2012/02/23 16:36:11 | 000,002,048 | -HS- | C] () -- C:\Users\games\AppData\Local\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\@
[2012/02/23 09:29:44 | 000,000,017 | ---- | C] () -- C:\Users\games\AppData\Local\resmon.resmoncfg
[2011/12/25 15:12:53 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/25 15:12:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/25 13:48:20 | 000,001,010 | RHS- | C] () -- C:\Users\games\ntuser.pol
[2011/12/01 05:57:26 | 000,722,680 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2011/12/01 05:57:26 | 000,300,816 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2011/10/17 00:32:57 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/10/17 00:32:46 | 001,362,460 | ---- | C] () -- C:\Windows\SysWow64\ExpansionHD_Firmware.bin
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/08 05:49:52 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 17:29:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/08/04 22:38:54 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

========== Custom Scans ==========

< Select All Users >

< Under the Custom Scan box paste this in >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/03 22:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/04/12 00:38:21 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 00:38:21 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/04/12 00:38:19 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 00:38:21 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 00:38:19 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 00:38:21 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.WHM >
[2008/11/09 20:49:56 | 000,003,678 | ---- | M] () MD5=78C07607AD198E5769746185F8EF2D78 -- C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\pc\html\www.craplist.net\services.whm
[2010/01/20 18:48:26 | 000,003,676 | R--- | M] () MD5=C255226EECC185E54229D969DC73EC67 -- C:\Program Files (x86)\Rockstar Games\EFLC\pc\html\www.craplist.net\services.whm

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 957 bytes -> C:\ProgramData\Microsoft:MDaCYq8MivnCUFPPJ0MIfd
@Alternate Data Stream - 1128 bytes -> C:\ProgramData\Microsoft:KpL13vzY9sM3C4QIabPjf0s
@Alternate Data Stream - 1044 bytes -> C:\Program Files (x86)\Common Files\System:IQmhbBHGLY2DCJmNZ20wdHF

< End of report >
  • 0

#5
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Hello,

Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you wish to clean follow these instructions.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    @Alternate Data Stream - 957 bytes -> C:\ProgramData\Microsoft:MDaCYq8MivnCUFPPJ0MIfd
    @Alternate Data Stream - 1128 bytes -> C:\ProgramData\Microsoft:KpL13vzY9sM3C4QIabPjf0s
    @Alternate Data Stream - 1044 bytes -> C:\Program Files (x86)\Common Files\System:IQmhbBHGLY2DCJmNZ20wdHF
    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}
    C:\Users\games\AppData\Local\{20b8dfa8-d532-4621-8386-b3f411aed8bb}
    :Commands
    [purity]
    [EMPTYFLASH]
    [EMPTYJAVA]

  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Dont forget
Otl Fix log
Combofix.txt
  • 0

#6
two cents

two cents

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I disabled avast for 10 mins but that wasn't enough time so i disabled it until reboot but it wasn't done scanning and still needed avast and the others not to run so i disabled them again. I don't know if that messed anything up but letting you know just in case. I saved the combofix program but no option to save it strait to desktop so i cut and pasted it from the download folder of firefox to the desktop. Just some FYI in case it matters. Let me know what to do next and thank you for helping me out.

08032012_134156.txt

========== OTL ==========
ADS C:\ProgramData\Microsoft:MDaCYq8MivnCUFPPJ0MIfd deleted successfully.
ADS C:\ProgramData\Microsoft:KpL13vzY9sM3C4QIabPjf0s deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:IQmhbBHGLY2DCJmNZ20wdHF deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\games\Desktop\cmd.bat deleted successfully.
C:\Users\games\Desktop\cmd.txt deleted successfully.
C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U folder moved successfully.
C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\L folder moved successfully.
C:\Windows\Installer\{20b8dfa8-d532-4621-8386-b3f411aed8bb} folder moved successfully.
C:\Users\games\AppData\Local\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\U folder moved successfully.
C:\Users\games\AppData\Local\{20b8dfa8-d532-4621-8386-b3f411aed8bb}\L folder moved successfully.
C:\Users\games\AppData\Local\{20b8dfa8-d532-4621-8386-b3f411aed8bb} folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: games
->Flash cache emptied: 894 bytes

User: na
->Flash cache emptied: 470 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: games
->Java cache emptied: 17669064 bytes

User: na
->Java cache emptied: 829110 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 18.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08032012_134156




ComboFix.txt

ComboFix 12-07-31.06 - games 08/03/2012 13:46:32.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.3.1252.1.1033.18.6143.4538 [GMT -7:00]
Running from: c:\users\games\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
D:\install.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 20:41 . 2012-08-03 20:41 -------- d-----w- C:\_OTL
2012-08-03 05:40 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-03 05:40 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-01 05:43 . 2012-08-01 05:43 -------- d-----w- c:\program files\Enigma Software Group
2012-08-01 05:42 . 2012-08-02 18:51 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-01 05:26 . 2012-08-01 05:26 -------- d-----w- c:\users\games\AppData\Roaming\DriverCure
2012-08-01 05:26 . 2012-08-01 05:26 -------- d-----w- c:\users\games\AppData\Roaming\SpeedyPC Software
2012-08-01 05:26 . 2012-08-02 08:11 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-01 05:03 . 2012-08-01 05:26 -------- d-----w- c:\users\games\AppData\Roaming\GetRightToGo
2012-08-01 02:50 . 2012-08-02 08:10 -------- d-----w- c:\programdata\PLAV
2012-08-01 02:50 . 2012-08-01 02:50 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-08-01 02:50 . 2012-08-02 11:12 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-08-01 00:34 . 2012-08-01 00:34 -------- d-----w- c:\users\games\AppData\Roaming\Malwarebytes
2012-08-01 00:34 . 2012-08-01 00:34 -------- d-----w- c:\programdata\Malwarebytes
2012-08-01 00:34 . 2012-08-01 00:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-01 00:34 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-01 00:29 . 2012-08-01 00:29 -------- d-----w- c:\programdata\GFI Software
2012-07-31 09:58 . 2012-08-03 13:02 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-31 09:58 . 2012-07-31 09:58 -------- d-----w- c:\users\games\AppData\Local\adaware
2012-07-31 09:58 . 2012-07-31 09:58 -------- d-----w- c:\programdata\Lavasoft
2012-07-31 09:58 . 2012-08-01 00:29 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-07-31 09:58 . 2012-07-31 09:58 -------- d-----w- c:\users\games\AppData\Local\Downloaded Installations
2012-07-31 09:57 . 2012-07-31 20:06 -------- d-----w- c:\users\games\AppData\Roaming\Ad-Aware Antivirus
2012-07-30 22:16 . 2012-07-30 22:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 07:28 . 2012-07-12 07:28 -------- d-----w- c:\users\games\AppData\Local\Chromium
2012-07-11 23:07 . 2012-07-12 04:58 -------- d-----w- c:\program files (x86)\Black_Box
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2012-06-29 18:17 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-06-29 18:17 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-05-23 23:26 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-06-29 18:17 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-05-23 23:26 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-05-23 23:26 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-08-05 05:20 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-19 20:47 . 2011-08-05 08:25 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-19 20:23 . 2012-03-30 19:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 20:23 . 2011-08-05 23:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 14:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:44 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:44 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:44 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 14:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:44 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 14:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-18 02:47 . 2012-06-19 20:42 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-19 20:42 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-19 20:42 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-19 20:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-19 20:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-19 20:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-19 20:42 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-19 20:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-19 20:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-19 20:42 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-19 20:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-19 20:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-19 20:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-19 20:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-19 20:42 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-19 20:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-19 20:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-19 20:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-19 20:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-19 20:35 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 18:54 . 2012-05-12 18:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-01 12:56 . 2011-12-01 12:57 722680 ----a-w- c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\games\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PeerBlock.lnk - c:\program files\PeerBlock\peerblock.exe [2011-8-5 2646128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PeerBlock.lnk - c:\program files\PeerBlock\peerblock.exe [2011-8-5 2646128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-11-27 868848]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 116648]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-08-05 19952]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-27 279616]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2007-10-31 21520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-03-25 5018624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
*NewlyCreated* - WS2IFSL
*Deregistered* - pbfilter
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 19:55]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 19:55]
.
2012-08-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 074802e1-9351-4e42-a8db-5747d2dd026e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 88ff3227-76e6-407d-a56e-105e99f323e5.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\games\AppData\Roaming\Mozilla\Firefox\Profiles\ze3c4smi.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: keyword.URL - hxxps://ixquick.com/do/search?language=english&cat=web&query=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4021335638-3949802892-3917180513-1003\Software\SecuROM\License information*]
"datasecu"=hex:86,15,38,0c,c6,27,2c,dd,f3,51,4d,fd,70,b1,3a,c7,c9,0e,1d,a0,e9,
a9,85,af,bd,f1,3c,9c,1e,17,a7,1c,e8,07,cd,c7,d1,10,1b,05,20,dd,36,ae,5d,3d,\
"rkeysecu"=hex:fb,99,9e,21,55,30,2d,b8,02,12,0c,cd,ee,0b,28,a8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-08-03 14:03:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 21:03
.
Pre-Run: 79,256,866,816 bytes free
Post-Run: 81,029,332,992 bytes free
.
- - End Of File - - 087ABB1A170A5BBAFFEFD53CAD57582B
  • 0

#7
two cents

two cents

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I rebooted and been running for a bit and no pop warnings for virus/trojans and it loads faster both on boot and normal running. It seems as if it's gone but i want confirmation as these things can hide. I wasn't able to load up a game and not sure how much damage it did yet.
  • 0

#8
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Do you get any specific errors when running the game. we killed the worst of it but we need to do a few scans to be fully clean. I will have to get those approved so they wont be posted until tomorrow.
  • 0

#9
two cents

two cents

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I just re installed the game, "Remember to backup your saved game". I also had trouble updating windows only to find out it had deleted BITS aka Background Intelligent Transfer Service (BITS) i couldn't find it in services so i found a post and it said to open Command prompt and type this in:

sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto

It did put the BITS back in services and i restarted BITS and is now installing the updates. So i don't know if other programs are missing or broken.
  • 0

#10
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Please dont run any fixes without me. Tell me if you notice any other errors.
  • 0

Advertisements


#11
two cents

two cents

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Make that two games, i didn't fix it as of yet. Waiting for instructions. I will be back online today sometime.
  • 0

#12
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Hey, Looks like we got the worst of it lets make sure there is nothing left., As for your games, We may have to reinstall them lets see what these scans tell us.

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

You have both
Microsoft Security essentials and Avast installed

Please go to Start >> Control Panel >> Add/Remove Programs and remove one of them


Step 1

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

  • Double click on the icon to run OTL. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Make sure to check Use safelist Under the Extra Registry Option
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a window. OTL.Txt . These are saved in the same location as OTL.
  • Post The log in your next reply.

  • 0

#13
two cents

two cents

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Is it still infected with blabber?



Farbar Service Scanner Version: 04-08-2012 01
Ran by games (administrator) on 04-08-2012 at 10:58:16
Running from "C:\Users\games\Downloads"
Microsoft Windows 7 Enterprise Service Pack 3 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.04

Windows 7 Service Pack 3 x64 NTFS
Internet Explorer 9.0.8112.16421
games :: HTTP [administrator]

Protection: Enabled

8/4/2012 10:50:52 AM
mbam-log-2012-08-04 (10-50-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230120
Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> No action taken.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> No action taken.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> No action taken.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> No action taken.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll (PUP.Blabbers) -> No action taken.

(end)
  • 0

#14
two cents

two cents

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It did this yesterday, it said i had the same virus and then i remove them and reboot then scan clean. I haven't done anything but try and fix the computer so not sure whats going on. Here is the new log

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.04

Windows 7 Service Pack 3 x64 NTFS
Internet Explorer 9.0.8112.16421
games :: HTTP [administrator]

Protection: Enabled

8/4/2012 11:06:05 AM
mbam-log-2012-08-04 (11-06-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229726
Time elapsed: 3 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#15
dxfan1010101

dxfan1010101

    Member

  • Member
  • PipPipPip
  • 544 posts
Could you please run the otl scan as well.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP