Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

.ZZZ self-replicating directories, ".dll" and ".keygen"

Started by zebraskeletal , Oct 05 2012 09:39 AM

  • Please log in to reply

#1
zebraskeletal
Posted 05 October 2012 - 09:39 AM

zebraskeletal

    New Member

  • Member
  • Pip
  • 1 posts
Two days ago, I checked my system for any available software updates, and selected Windows Security Essentials to be updated. I use the free-version of Avast! and did not have Malware Bytes installed at the time but now do. After updating Windows Security Essentials, it scanned my system for issues. It found two. I am unable to remember the name of either exactly but do recall both beginning with "Win32(something)" and one ending with ".keygen". I also recall a ".dll". I assumed both were related to a ".keygen" I had in a torrent folder so selected the option to ignore warnings. The loading icon then froze, as did the software. So, I restarted my computer. It asked me to log in as always, and after doing so, a black screen appeared. I restarted it again after a couple of minutes. Logged in, black screen appeared again. I restarted one last time, pressed F10, selected for my computer ('s harddrive, I believe; all data stored on it) to be checked. Took an hour, said it found the same issue Windows Security Essentials had of a "Win32(something)"//.something (obviously going by whatever I remember, sorry for inaccuracy). I chose for it to be stored in Avast!'s chest. Restarted the computer, logged in successfully. I notice not only my Internet connection but network selection had gone, so checked if it was the modem or router/if anyone else's computer had had this happen just then; they hadn't. I went into My Documents to see two folders. Both were named a random bunch of letters and numbers. I entered one and found a bunch of .ZZZ folders. Entered one and saw self-replicating directories of varied .ZZZ..ZZZZ pattern names. They got/get to 251 and then make do in a new, self-made folder. Note a new directory appears every second and some I am unable to delete. The second folder had the same thing happening. I resolved all of this eventually by simply restoring my computer to an earlier point: before I'd updated Windows Security Essentials. I'm unsure if this is even a virus of some sort at all. I have since moved the folders to Local Disk. Keep in mind on the day this happened, but after I had updated WSE (whilst it was frozen), I'd downloaded a program called Eraser (permanent erasure of folder by using a crazy code pattern thirty five to override intrusion like recovery) and deleted a folder of mine. Thank you for reading!

Screenshot references:
File of 251 self-replicated directories: Posted Image
Folder in process of self-replicating 251 directories: Posted Image
Directories stopped at 251: Posted Image
So a new folder is created: Posted Image

OTL logfile created on: 05/10/2012 15:04:31 - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\superjoint\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 37.17% Memory free
11.90 Gb Paging File | 8.07 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 674.74 Gb Total Space | 551.45 Gb Free Space | 81.73% Space Free | Partition Type: NTFS
Drive D: | 19.74 Gb Total Space | 2.14 Gb Free Space | 10.84% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.59 Gb Free Space | 90.59% Space Free | Partition Type: FAT32

Computer Name: Anon | User Name: superjoint | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/05 15:03:33 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\superjoint\Downloads\OTL.exe
PRC - [2012/10/05 02:04:59 | 000,963,984 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/09/07 20:38:48 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe
PRC - [2012/08/31 15:02:02 | 007,553,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/08/31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/31 14:55:18 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/08/29 00:54:45 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/24 08:57:08 | 000,336,992 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2012/08/21 16:11:45 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\superjoint\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/08/21 16:11:44 | 001,193,176 | ---- | M] () -- C:\Users\superjoint\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/08/14 10:42:56 | 000,391,520 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/04 13:23:10 | 000,177,152 | ---- | M] (Skillbrains) -- C:\Users\superjoint\AppData\Local\Skillbrains\lightshot\2.5.0.5\LightShot.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Modules (No Company Name) ==========

MOD - [2012/09/07 20:38:47 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla\Mozilla Firefox\mozjs.dll
MOD - [2012/09/05 00:44:58 | 000,015,848 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
MOD - [2012/08/29 00:54:44 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/08/21 16:11:45 | 020,219,096 | ---- | M] () -- C:\Users\superjoint\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/08/21 16:11:44 | 001,193,176 | ---- | M] () -- C:\Users\superjoint\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/08 14:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 10:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/05 23:32:17 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/31 14:45:03 | 000,375,296 | ---- | M] (Tanuki Software, Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\i2p\I2Psvc.exe -- (i2p)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/10 01:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/02/01 22:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 22:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/24 08:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/13 12:05:27 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/04/12 19:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 11:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 07:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/12/15 18:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/15 10:01:32 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/15 10:01:32 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/08 14:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/02 20:46:00 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/08/26 20:54:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/08/26 20:53:52 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/24 06:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/04/26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/14 04:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{4B9D76D0-8600-4974-AEDD-5A9D41028EF2}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://duckduckgo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.0
FF - prefs.js..extensions.enabledAddons: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:5.4
FF - prefs.js..extensions.enabledAddons: [email protected]:2.1.0.12
FF - prefs.js..network.proxy.backup.ftp: "180.179.217.12"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "180.179.217.12"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "180.179.217.12"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "203.172.248.228"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "203.172.248.228"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "203.172.248.228"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/11 19:05:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/14 20:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\Extensions
[2012/10/05 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\Firefox\Profiles\pl3n1dbb.default\extensions
[2012/09/02 16:50:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\superjoint\AppData\Roaming\mozilla\Firefox\Profiles\pl3n1dbb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/10/02 23:36:52 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\superjoint\AppData\Roaming\mozilla\Firefox\Profiles\pl3n1dbb.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/10/05 11:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\Firefox\Profiles\pl3n1dbb.default\extensions\staged
[2012/10/01 17:48:02 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\firefox\profiles\pl3n1dbb.default\extensions\[email protected]
[2012/09/14 19:04:43 | 000,405,108 | ---- | M] () (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\firefox\profiles\pl3n1dbb.default\extensions\[email protected]
[2012/10/05 11:48:27 | 000,631,898 | ---- | M] () (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\firefox\profiles\pl3n1dbb.default\extensions\[email protected]
[2012/09/12 20:41:42 | 000,136,064 | ---- | M] () (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\firefox\profiles\pl3n1dbb.default\extensions\[email protected]
[2012/09/18 19:10:32 | 000,200,226 | ---- | M] () (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\firefox\profiles\pl3n1dbb.default\extensions\[email protected]
[2012/09/26 20:19:27 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\firefox\profiles\pl3n1dbb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/01 18:16:19 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\superjoint\AppData\Roaming\mozilla\firefox\profiles\pl3n1dbb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/29 10:07:51 | 000,010,316 | ---- | M] () -- C:\Users\superjoint\AppData\Roaming\mozilla\firefox\profiles\pl3n1dbb.default\searchplugins\duckduckgo.xml
[2012/09/07 20:38:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2012/09/11 19:05:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - Extension: No name found = C:\Users\superjoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: No name found = C:\Users\superjoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: No name found = C:\Users\superjoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: No name found = C:\Users\superjoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgolngbnohjjclamegnfnnnmcikhima\1.0_0\
CHR - Extension: No name found = C:\Users\superjoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: No name found = C:\Users\superjoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: No name found = C:\Users\superjoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik\2.3.11.0_0\
CHR - Extension: No name found = C:\Users\superjoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.4.972_0\

O1 HOSTS File: ([2012/08/27 20:13:39 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{26c9e18c-3717-4be1-a225-04e4471f5b6e} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{94366e2c-9923-431c-b0d6-747447dd0f2b} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [LightShot] C:\Users\superjoint\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\superjoint\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\superjoint\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\superjoint\AppData\Local\adawarebp" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O4 - Startup: C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\superjoint\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\superjoint\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8:64bit: - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\superjoint\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\superjoint\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Unable to open value key File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{717FBF1D-EC6A-4672-8553-88951B282D54}: DhcpNameServer = 8.8.8.8 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F375D69-9C04-4CA4-854E-7DFF955FDE89}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 13:45:20 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z.ZZ...ZZ.ZZ
[2012/10/05 02:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/10/05 02:04:45 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\uTorrent
[2012/10/03 22:19:13 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\tixati
[2012/10/03 22:18:00 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
[2012/10/03 22:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\tixati
[2012/10/03 22:02:41 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear
[2012/10/03 22:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
[2012/10/03 22:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TunnelBear
[2012/10/03 22:02:09 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2012/10/03 22:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/10/03 21:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/03 21:59:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/03 21:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/03 16:35:43 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Local\Eraser 6
[2012/10/03 15:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2012/10/03 10:59:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2012/10/02 20:26:47 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Local\Hewlett-Packard_Company
[2012/10/02 20:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla
[2012/10/02 20:11:44 | 000,000,000 | R--D | C] -- C:\Users\superjoint\Music
[2012/10/02 18:41:39 | 000,226,304 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysWow64\binkw32.dll
[2012/10/02 17:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012/10/01 18:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/10/01 18:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sims 3
[2012/09/30 22:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/09/30 16:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/09/30 14:41:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/09/30 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/30 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/30 13:50:48 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Local\Babylon
[2012/09/30 13:22:11 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\URSoft
[2012/09/30 13:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010
[2012/09/30 13:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller 2010
[2012/09/29 17:17:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtoWall
[2012/09/29 17:17:29 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtoWall
[2012/09/29 17:10:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2
[2012/09/29 14:28:15 | 000,000,000 | ---D | C] -- C:\Windows\GameData
[2012/09/29 14:28:15 | 000,000,000 | ---D | C] -- C:\Windows\Game
[2012/09/29 13:04:27 | 000,000,000 | ---D | C] -- C:\.gimp-2.8
[2012/09/29 13:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/09/27 09:41:37 | 000,000,000 | ---D | C] -- C:\Chatterbox
[2012/09/26 21:06:45 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Local\VS Revo Group
[2012/09/26 21:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/09/25 20:49:04 | 000,000,000 | ---D | C] -- C:\Java
[2012/09/25 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\PowerISO
[2012/09/25 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/09/25 19:15:47 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012/09/25 19:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2012/09/25 13:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/09/25 13:52:50 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Local\Origin
[2012/09/25 13:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/09/25 13:51:45 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Origin
[2012/09/25 13:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/09/25 13:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/09/25 13:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/09/24 14:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2012/09/21 10:49:14 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2012/09/21 10:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2012/09/21 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Local\Xenocode
[2012/09/18 17:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012/09/18 17:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2012/09/18 17:28:51 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/09/18 17:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/09/18 17:27:57 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2012/09/18 17:27:57 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2012/09/15 19:30:38 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Thunderbird
[2012/09/15 19:30:38 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Local\Thunderbird
[2012/09/12 21:06:54 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\proXPN
[2012/09/12 21:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proXPN
[2012/09/11 10:07:25 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Collaborate
[2012/09/11 10:06:56 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Blackboard
[2012/09/11 10:05:39 | 000,000,000 | ---D | C] -- C:\.jnlp
[2012/09/10 19:04:15 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/09/10 19:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/09/10 14:56:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2012/09/09 20:55:58 | 000,000,000 | ---D | C] -- C:\Users\superjoint\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2012/10/05 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/05 11:58:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3746578315-1114902763-75200483-1005.job
[2012/10/05 11:54:46 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 11:54:46 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 11:53:48 | 000,779,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/05 11:53:48 | 000,665,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/05 11:53:48 | 000,125,670 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/05 11:47:26 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/10/05 11:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 11:46:57 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 11:25:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2012/10/05 11:07:51 | 000,177,664 | ---- | M] () -- C:\Windows\cbuninstall.exe
[2012/10/05 02:04:59 | 000,000,967 | ---- | M] () -- C:\Users\superjoint\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/05 02:04:59 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/10/03 22:18:07 | 000,000,784 | ---- | M] () -- C:\Users\superjoint\Desktop\Tixati.lnk
[2012/10/03 22:02:11 | 000,001,101 | ---- | M] () -- C:\Users\superjoint\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/03 21:09:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/02 20:32:09 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/02 20:04:37 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsuperjoint.job
[2012/10/02 18:44:54 | 000,385,792 | ---- | M] () -- C:\Windows\SysWow64\nxcooking.dll
[2012/10/02 18:41:50 | 000,226,304 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysWow64\binkw32.dll
[2012/10/02 00:27:17 | 000,307,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/30 17:32:20 | 000,000,878 | ---- | M] () -- C:\Users\superjoint\AppData\Local\recently-used.xbel
[2012/09/30 14:08:08 | 000,000,822 | ---- | M] () -- C:\Users\superjoint\Desktop\CCleaner.lnk
[2012/09/30 13:22:03 | 000,001,086 | ---- | M] () -- C:\Users\superjoint\Desktop\Your Unin-staller!.lnk
[2012/09/29 17:10:31 | 000,000,778 | ---- | M] () -- C:\Users\superjoint\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerGuardian.lnk
[2012/09/25 19:16:04 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/09/18 17:39:21 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/09/18 17:28:51 | 000,000,989 | ---- | M] () -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/09/11 10:16:29 | 000,000,225 | ---- | M] () -- C:\Users\superjoint\AppData\Roaming\My Profile.xml
[2012/09/09 22:13:49 | 000,007,605 | ---- | M] () -- C:\Users\superjoint\AppData\Local\resmon.resmoncfg
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/06 01:21:17 | 000,001,112 | ---- | M] () -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk

========== Files Created - No Company Name ==========

[2012/10/05 02:04:59 | 000,000,967 | ---- | C] () -- C:\Users\superjoint\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/05 02:04:59 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/10/03 22:18:07 | 000,000,784 | ---- | C] () -- C:\Users\superjoint\Desktop\Tixati.lnk
[2012/10/03 22:02:11 | 000,001,101 | ---- | C] () -- C:\Users\superjoint\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/02 20:32:09 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/02 18:44:50 | 000,385,792 | ---- | C] () -- C:\Windows\SysWow64\nxcooking.dll
[2012/09/30 17:32:20 | 000,000,878 | ---- | C] () -- C:\Users\superjoint\AppData\Local\recently-used.xbel
[2012/09/30 14:08:08 | 000,000,822 | ---- | C] () -- C:\Users\superjoint\Desktop\CCleaner.lnk
[2012/09/30 13:49:31 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon.lnk
[2012/09/30 13:22:03 | 000,001,086 | ---- | C] () -- C:\Users\superjoint\Desktop\Your Unin-staller!.lnk
[2012/09/29 17:10:31 | 000,000,778 | ---- | C] () -- C:\Users\superjoint\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerGuardian.lnk
[2012/09/29 13:03:52 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/09/25 19:16:04 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/09/18 17:39:21 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/09/18 17:28:51 | 000,000,989 | ---- | C] () -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/09/11 10:16:29 | 000,000,225 | ---- | C] () -- C:\Users\superjoint\AppData\Roaming\My Profile.xml
[2012/09/06 01:21:17 | 000,001,112 | ---- | C] () -- C:\Users\superjoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
[2012/09/05 18:27:43 | 000,007,605 | ---- | C] () -- C:\Users\superjoint\AppData\Local\resmon.resmoncfg
[2012/06/29 20:12:52 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
[2012/06/29 20:12:52 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2012/06/03 21:32:44 | 000,021,260 | ---- | C] () -- C:\Users\superjoint\AppData\Roaming\UserTile.png
[2012/05/30 21:04:41 | 000,004,608 | ---- | C] () -- C:\Users\superjoint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/30 19:37:07 | 000,000,785 | ---- | C] () -- C:\Users\superjoint\AppData\Local\UserProducts.xml
[2012/05/23 21:12:15 | 000,003,376 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirect.ini
[2012/05/23 21:12:15 | 000,001,968 | ---- | C] () -- C:\Windows\SysWow64\EasyRedirectOff.ini
[2012/05/12 14:34:39 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/01 20:12:18 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/05/01 11:48:09 | 000,765,244 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/30 18:04:14 | 000,177,664 | ---- | C] () -- C:\Windows\cbuninstall.exe
[2011/12/12 09:36:41 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/12 09:28:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/10/15 14:20:53 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/09/06 21:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/08/26 20:54:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/26 20:53:54 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/26 20:53:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/26 20:53:48 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/26 20:53:48 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/12 22:31:56 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Ad-Aware Antivirus
[2012/06/08 19:43:26 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Audacity
[2012/06/30 16:39:16 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\AVG
[2012/08/15 15:30:59 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\AVG2012
[2012/10/02 00:24:25 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Babylon
[2012/06/30 03:01:31 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\BitZipper
[2012/09/11 11:18:08 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Blackboard
[2012/05/13 03:20:44 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Blio
[2012/05/27 11:15:27 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Canneverbe Limited
[2012/09/11 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Collaborate
[2012/09/26 22:40:02 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\DAEMON Tools Pro
[2012/09/10 13:50:14 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\DVDVideoSoft
[2012/09/02 16:50:18 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/09/01 23:44:33 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\FreeFileViewer
[2012/05/30 21:04:23 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\GeoVid
[2012/05/14 18:21:25 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Greenshot
[2012/07/31 14:46:38 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\I2P
[2012/05/30 19:16:44 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\IObit
[2012/05/10 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\JimbobSoft
[2012/08/15 15:22:48 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Media Finder
[2012/06/29 02:53:48 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\OpenCandy
[2012/05/05 15:32:29 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\OpenOffice.org
[2012/06/15 04:01:48 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Opera
[2012/09/25 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Origin
[2012/06/03 21:32:43 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\PeerNetworking
[2012/09/25 20:03:09 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\PowerISO
[2012/06/23 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Registry Mechanic
[2012/08/15 15:20:28 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\RoboForm
[2012/10/02 19:51:35 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\SoftGrid Client
[2012/10/05 15:07:50 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Spotify
[2012/05/03 17:26:35 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Synaptics
[2012/06/15 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\TeamViewer
[2012/09/15 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Thunderbird
[2012/10/04 12:55:52 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\tixati
[2012/09/30 13:22:11 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\URSoft
[2012/05/22 14:01:03 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Usenet.nl
[2012/10/05 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\uTorrent
[2012/05/19 22:13:27 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Vso
[2012/05/25 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\WildTangent
[2012/06/17 14:23:11 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\Windows Live Writer
[2012/08/27 20:32:28 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\WNR
[2012/05/25 01:19:26 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\_MDLogs
[2012/05/13 02:24:35 | 000,000,000 | ---D | M] -- C:\Users\superjoint\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z.ZZ...ZZ.ZZ:1
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:1CE11B51
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP