Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IDP.Hacktool.B87C2318 detected on every startup [Solved]


  • This topic is locked This topic is locked

#1
TheyCallMeRadish

TheyCallMeRadish

    New Member

  • Member
  • Pip
  • 7 posts
Every time I start up my computer on AVG protects me from this "IDP.Hacktool.B87C2318" from running in my temporary folder under SVChost.exe

I noticed another thread from awhile ago with the same problem, however there was a warning from the fixer that the fix was specific for that system so I guess I'll have to post my own help topic.

Any help would be appreciated!

Here are my OTL logs :

OTL logfile created on: 12/23/2012 1:30:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.67 Gb Available Physical Memory | 85.44% Memory free
32.00 Gb Paging File | 29.64 Gb Available in Paging File | 92.62% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 131.21 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
Drive D: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/23 13:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.exe
PRC - [2012/12/11 19:06:43 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/06 00:04:03 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/21 15:53:35 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/11/21 15:53:27 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/11/08 20:47:37 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/08 20:47:37 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/19 15:09:48 | 000,336,304 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/06 19:17:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/11 19:06:43 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/06 00:04:02 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/14 00:24:57 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll
MOD - [2012/11/14 00:23:39 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/11/14 00:23:38 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/14 00:23:38 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll
MOD - [2012/11/14 00:23:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012/11/14 00:23:23 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012/11/14 00:16:20 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012/11/14 00:16:10 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012/11/14 00:16:04 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012/11/14 00:16:02 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012/11/14 00:14:26 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/14 00:14:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/14 00:14:21 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/14 00:14:20 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/14 00:14:16 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/14 00:14:15 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/14 00:14:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/08 20:47:37 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/08 20:47:37 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 20:47:37 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/11 19:06:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/12/06 00:04:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/21 15:53:35 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/11/21 15:53:27 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/08 20:47:37 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/06 19:17:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/19 19:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/22 10:18:14 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/11/08 20:47:37 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/24 20:18:26 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/10/24 20:18:26 | 000,022,016 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/05/15 05:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/09/16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/09/15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 0B C2 42 B2 7E CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1B2EF917-4B9F-47a2-8F9D-CD47C03CDD5C}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-08-20 23:44:19&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{C3EAA5F6-5B0B-4ab6-BC80-976D9646B2E2}: "URL" = http://search.yahoo....icevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mangahere.com/"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 20:47:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 00:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 00:04:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/20 15:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2012/12/17 23:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions
[2012/08/21 15:52:26 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions\[email protected]
[2012/10/13 23:37:16 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/12/17 23:53:26 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/10 14:12:50 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/12/06 00:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/06 00:04:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/08 20:47:41 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/31 23:14:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 00:57:44 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\5D406E1.vbe ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C26F7E-A2CD-42A5-ADCB-AFB7FAD68A73}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935C2239-6063-4517-BB0C-2FD7769D325E}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8494E43-0245-41E7-ADF9-B738FC5D3453}: DhcpNameServer = 68.94.156.1 68.94.157.1 0.0.0.0
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/20 15:47:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/08 15:13:25 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{8c2404d5-4bc4-11e2-b4d4-c8a1492df12b}\Shell - "" = AutoRun
O33 - MountPoints2\{8c2404d5-4bc4-11e2-b4d4-c8a1492df12b}\Shell\AutoRun\command - "" = D:\FalloutLauncher.exe -- [2009/10/26 17:31:23 | 001,540,608 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{92c3dd08-eaa3-11e1-a3b3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{92c3dd08-eaa3-11e1-a3b3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/22 17:03:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Fallout3
[2012/12/22 16:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012/12/22 16:51:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/12/22 10:25:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Skyrim
[2012/12/22 10:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2012/12/22 10:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/12/22 10:18:14 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/22 10:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/12/21 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\The Elder Scrolls V Skyrim-Razor1911
[2012/12/21 21:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Running with rifles
[2012/12/21 21:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Running with rifles
[2012/12/21 21:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Running with rifles
[2012/12/21 17:46:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Arktos
[2012/12/21 17:46:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\CrashRpt
[2012/12/21 17:46:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Arktos
[2012/12/21 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012/12/21 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\The War Z
[2012/12/21 00:12:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 00:12:47 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 00:12:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 00:12:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/19 11:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2012/12/17 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Go Games
[2012/12/14 12:09:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\AVG2013
[2012/12/14 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\TuneUp Software
[2012/12/14 12:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/12/14 11:39:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\MFAData
[2012/12/14 11:39:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Avg2013
[2012/12/12 22:46:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 22:46:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 22:46:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 22:46:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 22:46:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 22:46:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 22:46:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 22:46:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 22:46:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 22:46:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 22:46:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 22:46:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 22:46:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 22:46:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 22:46:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 16:09:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 16:09:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 16:09:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 16:09:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 16:09:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 16:09:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 16:09:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 16:09:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 16:09:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 16:09:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 16:09:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 16:09:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:09:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:09:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:09:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:09:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 16:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:09:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 16:09:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 16:09:29 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/11 19:50:13 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012/12/11 19:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/11 19:44:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\logs
[2012/12/11 19:44:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\.techniclauncher
[2012/12/11 19:06:39 | 016,363,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/06 00:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/23 22:27:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Junk Folder
[2012/11/23 22:25:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/11/23 22:03:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\StarCraft II
[2012/11/23 22:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/11/23 22:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/23 13:18:53 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 13:18:53 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 13:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/23 13:11:36 | 4294,356,990 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 03:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/22 21:22:41 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/22 21:22:41 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/22 21:22:41 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/22 21:20:32 | 000,001,751 | ---- | M] () -- C:\Users\Alex\Desktop\Fallout3 - Shortcut.lnk
[2012/12/22 10:26:13 | 000,001,735 | ---- | M] () -- C:\Users\Alex\Desktop\SkyrimLauncher - Shortcut.lnk
[2012/12/22 10:19:02 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/12/22 10:18:14 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/21 21:06:37 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/12/21 21:06:37 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/12/21 21:06:37 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/12/21 21:06:37 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/12/21 21:06:32 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Running with rifles.lnk
[2012/12/21 20:21:29 | 000,007,596 | ---- | M] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2012/12/21 17:41:21 | 000,088,953 | ---- | M] () -- C:\Users\Alex\Desktop\1356128380826.png
[2012/12/21 17:36:29 | 000,069,825 | ---- | M] () -- C:\Users\Alex\Desktop\1356126649324.png
[2012/12/21 17:32:37 | 000,023,294 | ---- | M] () -- C:\Users\Alex\Desktop\26.png
[2012/12/21 17:21:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012/12/21 11:56:14 | 000,300,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/19 10:49:27 | 000,067,121 | ---- | M] () -- C:\Users\Alex\Desktop\The+true+story+behind+MJ+s+death.+Using+the+tags+right_d00c06_4308562.jpg
[2012/12/19 10:49:13 | 000,089,301 | ---- | M] () -- C:\Users\Alex\Desktop\Dating.+Kind+of+OC_d65544_4308531.jpg
[2012/12/18 16:20:39 | 000,914,021 | ---- | M] () -- C:\Users\Alex\Desktop\1355865037720.png
[2012/12/18 15:55:20 | 000,110,880 | ---- | M] () -- C:\Users\Alex\Desktop\m005.jpg
[2012/12/17 21:46:58 | 000,039,869 | ---- | M] () -- C:\Users\Alex\Desktop\1355800633311.jpg
[2012/12/17 21:17:56 | 000,008,327 | ---- | M] () -- C:\Users\Alex\Desktop\Alex Di Varco Dune.rtf
[2012/12/17 18:45:29 | 001,268,425 | ---- | M] () -- C:\Users\Alex\Desktop\IMG_17122012_184343.png
[2012/12/16 20:09:11 | 000,000,720 | ---- | M] () -- C:\Users\Alex\Desktop\Alex Di Varco Dune.lnk
[2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:19:36 | 000,127,670 | ---- | M] () -- C:\Users\Alex\Desktop\Pac-Man....+Hair+Bra+Gallery+theleek.com+2012+12+hair-bras-are-all-the-rage-in-cleave-land-22-pics+Happy+Fapping_28dc0f_4297698.gif
[2012/12/14 12:07:21 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/11 20:10:13 | 000,263,186 | ---- | M] () -- C:\Users\Alex\Desktop\Minecraft.exe
[2012/12/11 19:44:44 | 000,581,642 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\technic-launcher.jar
[2012/12/11 19:06:43 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 19:06:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/11 19:06:39 | 016,363,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/06 20:23:15 | 000,927,371 | ---- | M] () -- C:\Users\Alex\Desktop\1354845275877.jpg
[2012/11/25 05:14:13 | 000,063,485 | ---- | M] () -- C:\Users\Alex\Desktop\1353839810530.jpg
[2012/11/24 06:03:02 | 000,062,052 | ---- | M] () -- C:\Users\Alex\Desktop\1353755174337.jpg
[2012/11/23 22:03:15 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/22 21:20:32 | 000,001,751 | ---- | C] () -- C:\Users\Alex\Desktop\Fallout3 - Shortcut.lnk
[2012/12/22 10:26:13 | 000,001,735 | ---- | C] () -- C:\Users\Alex\Desktop\SkyrimLauncher - Shortcut.lnk
[2012/12/22 10:19:02 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/12/21 21:06:32 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Running with rifles.lnk
[2012/12/21 17:41:21 | 000,088,953 | ---- | C] () -- C:\Users\Alex\Desktop\1356128380826.png
[2012/12/21 17:36:29 | 000,069,825 | ---- | C] () -- C:\Users\Alex\Desktop\1356126649324.png
[2012/12/21 17:32:35 | 000,023,294 | ---- | C] () -- C:\Users\Alex\Desktop\26.png
[2012/12/21 17:21:11 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012/12/19 10:49:27 | 000,067,121 | ---- | C] () -- C:\Users\Alex\Desktop\The+true+story+behind+MJ+s+death.+Using+the+tags+right_d00c06_4308562.jpg
[2012/12/19 10:49:12 | 000,089,301 | ---- | C] () -- C:\Users\Alex\Desktop\Dating.+Kind+of+OC_d65544_4308531.jpg
[2012/12/18 16:20:38 | 000,914,021 | ---- | C] () -- C:\Users\Alex\Desktop\1355865037720.png
[2012/12/18 15:55:18 | 000,110,880 | ---- | C] () -- C:\Users\Alex\Desktop\m005.jpg
[2012/12/17 21:46:57 | 000,039,869 | ---- | C] () -- C:\Users\Alex\Desktop\1355800633311.jpg
[2012/12/17 21:17:56 | 000,008,327 | ---- | C] () -- C:\Users\Alex\Desktop\Alex Di Varco Dune.rtf
[2012/12/17 18:44:33 | 001,268,425 | ---- | C] () -- C:\Users\Alex\Desktop\IMG_17122012_184343.png
[2012/12/14 16:19:36 | 000,127,670 | ---- | C] () -- C:\Users\Alex\Desktop\Pac-Man....+Hair+Bra+Gallery+theleek.com+2012+12+hair-bras-are-all-the-rage-in-cleave-land-22-pics+Happy+Fapping_28dc0f_4297698.gif
[2012/12/14 12:07:21 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/11 20:10:11 | 000,263,186 | ---- | C] () -- C:\Users\Alex\Desktop\Minecraft.exe
[2012/12/11 19:44:34 | 000,581,642 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\technic-launcher.jar
[2012/12/06 20:23:15 | 000,927,371 | ---- | C] () -- C:\Users\Alex\Desktop\1354845275877.jpg
[2012/11/25 05:14:12 | 000,063,485 | ---- | C] () -- C:\Users\Alex\Desktop\1353839810530.jpg
[2012/11/24 06:03:02 | 000,062,052 | ---- | C] () -- C:\Users\Alex\Desktop\1353755174337.jpg
[2012/11/23 22:03:11 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/11/11 18:05:58 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 22:40:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/20 19:16:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/20 19:16:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/20 16:41:40 | 000,007,596 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2012/08/20 15:54:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/20 15:53:59 | 000,023,465 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/21 02:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements


#2
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now! It isn't always a quick & easy fix to remove malware but if you'll stick with me, I'll stick with you until your computer is clean. Throughout this process you may want to print instructions in case you loose internet access unless you have another way to access them aside from the infected computer. Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)

I am currently reviewing your log and will post back with instructions as soon as possible.
  • 0

#3
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
If you have any questions be sure to ask. Let me know if the message from AVG is gone after these scans.

Step 1 ~Run AdwCleaner~
  • Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete

    Posted Image
  • Once it has completed it will ask to reboot the computer, please allow it to so.
  • After the computer reboots, a log will be produced. Please attach that log to your next post.

Step 1 OTL Fix

Before running this fix, please move OTL to your desktop.

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\5D406E1.vbe ()

:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again:
  • Select All Users
  • Under Extra Registry choose Use Safelist
  • Then click the Run Scan button at the top
  • Let the program run and post the logs it produces in your next reply.

Step 3
Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. adwCleaner log
2. OTL fix log
3. New OTL log and Extras.txt
4. aswMBR log
  • 0

#4
TheyCallMeRadish

TheyCallMeRadish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
This is the log from running Adwcleaner. I will now run the OTL fix after posting the log.

# AdwCleaner v2.101 - Logfile created 12/23/2012 at 15:42:46
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Alex - ALEX-PC
# Boot Mode : Normal
# Running from : C:\Users\Alex\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Alex\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Alex\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Alex\AppData\Local\Temp\[email protected]
Folder Deleted : C:\Users\Alex\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");

*************************

AdwCleaner[S1].txt - [5524 octets] - [23/12/2012 15:42:46]

########## EOF - C:\AdwCleaner[S1].txt - [5584 octets] ##########
  • 0

#5
TheyCallMeRadish

TheyCallMeRadish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
This is the record from the Fix running.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe deleted successfully.
C:\ProgramData\Adobe\5D406E1.vbe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 1211755782 bytes
->Temporary Internet Files folder emptied: 209595067 bytes
->Java cache emptied: 1006921 bytes
->FireFox cache emptied: 1160948905 bytes
->Flash cache emptied: 68782 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mom

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 303611296 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36092047 bytes
RecycleBin emptied: 473068886 bytes

Total Files Cleaned = 3,239.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12232012_154905

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

This is the record from the scan after the fix.

OTL logfile created on: 12/23/2012 3:59:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.08 Gb Available Physical Memory | 88.02% Memory free
32.00 Gb Paging File | 30.02 Gb Available in Paging File | 93.82% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 134.89 Gb Free Space | 14.48% Space Free | Partition Type: NTFS
Drive D: | 5.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/23 13:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/06 00:04:03 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/21 15:53:35 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/11/21 15:53:27 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/11/08 20:47:37 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/19 15:09:48 | 000,336,304 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/06 19:17:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/06 00:04:02 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/14 00:24:57 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll
MOD - [2012/11/14 00:23:39 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/11/14 00:23:38 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/14 00:23:38 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll
MOD - [2012/11/14 00:23:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012/11/14 00:23:23 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012/11/14 00:16:20 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012/11/14 00:16:10 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012/11/14 00:16:04 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012/11/14 00:16:02 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012/11/14 00:14:26 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/14 00:14:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/14 00:14:21 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/14 00:14:20 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/14 00:14:16 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/14 00:14:15 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/14 00:14:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/11 19:06:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/12/06 00:04:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/21 15:53:35 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/11/21 15:53:27 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/08 20:47:37 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/06 19:17:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/19 19:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/22 10:18:14 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/11/08 20:47:37 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/24 20:18:26 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/10/24 20:18:26 | 000,022,016 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/05/15 05:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/09/16 09:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/09/15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 0B C2 42 B2 7E CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1B2EF917-4B9F-47a2-8F9D-CD47C03CDD5C}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{C3EAA5F6-5B0B-4ab6-BC80-976D9646B2E2}: "URL" = http://search.yahoo....icevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mangahere.com/"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 00:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 00:04:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/20 15:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2012/12/17 23:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions
[2012/08/21 15:52:26 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions\[email protected]
[2012/10/13 23:37:16 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/12/17 23:53:26 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/10 14:12:50 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\nw61zlm3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/12/06 00:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/06 00:04:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/31 23:14:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 00:57:44 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C26F7E-A2CD-42A5-ADCB-AFB7FAD68A73}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935C2239-6063-4517-BB0C-2FD7769D325E}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8494E43-0245-41E7-ADF9-B738FC5D3453}: DhcpNameServer = 68.94.156.1 68.94.157.1 0.0.0.0
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/20 15:47:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/08 15:13:25 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{8c2404d5-4bc4-11e2-b4d4-c8a1492df12b}\Shell - "" = AutoRun
O33 - MountPoints2\{8c2404d5-4bc4-11e2-b4d4-c8a1492df12b}\Shell\AutoRun\command - "" = D:\FalloutLauncher.exe -- [2009/10/26 17:31:23 | 001,540,608 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{92c3dd08-eaa3-11e1-a3b3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{92c3dd08-eaa3-11e1-a3b3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/23 15:49:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/23 13:20:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/12/22 17:03:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Fallout3
[2012/12/22 16:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012/12/22 16:51:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/12/22 10:25:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Skyrim
[2012/12/22 10:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2012/12/22 10:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/12/22 10:18:14 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/22 10:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/12/21 23:39:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\The Elder Scrolls V Skyrim-Razor1911
[2012/12/21 21:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Running with rifles
[2012/12/21 21:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Running with rifles
[2012/12/21 21:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Running with rifles
[2012/12/21 17:46:44 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Arktos
[2012/12/21 17:46:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\CrashRpt
[2012/12/21 17:46:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Arktos
[2012/12/21 17:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012/12/21 17:21:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\The War Z
[2012/12/21 00:12:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 00:12:47 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 00:12:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 00:12:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/19 11:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2012/12/17 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Go Games
[2012/12/14 12:09:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\AVG2013
[2012/12/14 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\TuneUp Software
[2012/12/14 12:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/12/14 11:39:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\MFAData
[2012/12/14 11:39:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Avg2013
[2012/12/12 22:46:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 22:46:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 22:46:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 22:46:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 22:46:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 22:46:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 22:46:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 22:46:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 22:46:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 22:46:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 22:46:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 22:46:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 22:46:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 22:46:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 22:46:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 16:09:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 16:09:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 16:09:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 16:09:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 16:09:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 16:09:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 16:09:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 16:09:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 16:09:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 16:09:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 16:09:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 16:09:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:09:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:09:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:09:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:09:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 16:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:09:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:09:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:09:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 16:09:29 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 16:09:29 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/11 19:50:13 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012/12/11 19:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/11 19:44:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\logs
[2012/12/11 19:44:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\.techniclauncher
[2012/12/11 19:06:39 | 016,363,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/06 00:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/23 22:27:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Junk Folder
[2012/11/23 22:25:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/11/23 22:03:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\StarCraft II
[2012/11/23 22:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/11/23 22:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II

========== Files - Modified Within 30 Days ==========

[2012/12/23 15:56:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/23 15:56:10 | 4294,356,990 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 15:51:55 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 15:51:55 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 15:42:19 | 000,547,175 | ---- | M] () -- C:\Users\Alex\Desktop\adwcleaner.exe
[2012/12/23 15:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/23 13:20:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/12/22 21:22:41 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/22 21:22:41 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/22 21:22:41 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/22 21:20:32 | 000,001,751 | ---- | M] () -- C:\Users\Alex\Desktop\Fallout3 - Shortcut.lnk
[2012/12/22 10:26:13 | 000,001,735 | ---- | M] () -- C:\Users\Alex\Desktop\SkyrimLauncher - Shortcut.lnk
[2012/12/22 10:19:02 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/12/22 10:18:14 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/21 21:06:37 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/12/21 21:06:37 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/12/21 21:06:37 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/12/21 21:06:37 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/12/21 21:06:32 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Running with rifles.lnk
[2012/12/21 20:21:29 | 000,007,596 | ---- | M] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2012/12/21 17:41:21 | 000,088,953 | ---- | M] () -- C:\Users\Alex\Desktop\1356128380826.png
[2012/12/21 17:36:29 | 000,069,825 | ---- | M] () -- C:\Users\Alex\Desktop\1356126649324.png
[2012/12/21 17:32:37 | 000,023,294 | ---- | M] () -- C:\Users\Alex\Desktop\26.png
[2012/12/21 17:21:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012/12/21 11:56:14 | 000,300,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/19 10:49:27 | 000,067,121 | ---- | M] () -- C:\Users\Alex\Desktop\The+true+story+behind+MJ+s+death.+Using+the+tags+right_d00c06_4308562.jpg
[2012/12/19 10:49:13 | 000,089,301 | ---- | M] () -- C:\Users\Alex\Desktop\Dating.+Kind+of+OC_d65544_4308531.jpg
[2012/12/18 16:20:39 | 000,914,021 | ---- | M] () -- C:\Users\Alex\Desktop\1355865037720.png
[2012/12/18 15:55:20 | 000,110,880 | ---- | M] () -- C:\Users\Alex\Desktop\m005.jpg
[2012/12/17 21:46:58 | 000,039,869 | ---- | M] () -- C:\Users\Alex\Desktop\1355800633311.jpg
[2012/12/17 21:17:56 | 000,008,327 | ---- | M] () -- C:\Users\Alex\Desktop\Alex Di Varco Dune.rtf
[2012/12/17 18:45:29 | 001,268,425 | ---- | M] () -- C:\Users\Alex\Desktop\IMG_17122012_184343.png
[2012/12/16 20:09:11 | 000,000,720 | ---- | M] () -- C:\Users\Alex\Desktop\Alex Di Varco Dune.lnk
[2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 16:19:36 | 000,127,670 | ---- | M] () -- C:\Users\Alex\Desktop\Pac-Man....+Hair+Bra+Gallery+theleek.com+2012+12+hair-bras-are-all-the-rage-in-cleave-land-22-pics+Happy+Fapping_28dc0f_4297698.gif
[2012/12/14 12:07:21 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/11 20:10:13 | 000,263,186 | ---- | M] () -- C:\Users\Alex\Desktop\Minecraft.exe
[2012/12/11 19:44:44 | 000,581,642 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\technic-launcher.jar
[2012/12/11 19:06:43 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 19:06:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/11 19:06:39 | 016,363,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/06 20:23:15 | 000,927,371 | ---- | M] () -- C:\Users\Alex\Desktop\1354845275877.jpg
[2012/11/25 05:14:13 | 000,063,485 | ---- | M] () -- C:\Users\Alex\Desktop\1353839810530.jpg
[2012/11/24 06:03:02 | 000,062,052 | ---- | M] () -- C:\Users\Alex\Desktop\1353755174337.jpg
[2012/11/23 22:03:15 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk

========== Files Created - No Company Name ==========

[2012/12/23 15:42:12 | 000,547,175 | ---- | C] () -- C:\Users\Alex\Desktop\adwcleaner.exe
[2012/12/22 21:20:32 | 000,001,751 | ---- | C] () -- C:\Users\Alex\Desktop\Fallout3 - Shortcut.lnk
[2012/12/22 10:26:13 | 000,001,735 | ---- | C] () -- C:\Users\Alex\Desktop\SkyrimLauncher - Shortcut.lnk
[2012/12/22 10:19:02 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/12/21 21:06:32 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Running with rifles.lnk
[2012/12/21 17:41:21 | 000,088,953 | ---- | C] () -- C:\Users\Alex\Desktop\1356128380826.png
[2012/12/21 17:36:29 | 000,069,825 | ---- | C] () -- C:\Users\Alex\Desktop\1356126649324.png
[2012/12/21 17:32:35 | 000,023,294 | ---- | C] () -- C:\Users\Alex\Desktop\26.png
[2012/12/21 17:21:11 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012/12/19 10:49:27 | 000,067,121 | ---- | C] () -- C:\Users\Alex\Desktop\The+true+story+behind+MJ+s+death.+Using+the+tags+right_d00c06_4308562.jpg
[2012/12/19 10:49:12 | 000,089,301 | ---- | C] () -- C:\Users\Alex\Desktop\Dating.+Kind+of+OC_d65544_4308531.jpg
[2012/12/18 16:20:38 | 000,914,021 | ---- | C] () -- C:\Users\Alex\Desktop\1355865037720.png
[2012/12/18 15:55:18 | 000,110,880 | ---- | C] () -- C:\Users\Alex\Desktop\m005.jpg
[2012/12/17 21:46:57 | 000,039,869 | ---- | C] () -- C:\Users\Alex\Desktop\1355800633311.jpg
[2012/12/17 21:17:56 | 000,008,327 | ---- | C] () -- C:\Users\Alex\Desktop\Alex Di Varco Dune.rtf
[2012/12/17 18:44:33 | 001,268,425 | ---- | C] () -- C:\Users\Alex\Desktop\IMG_17122012_184343.png
[2012/12/14 16:19:36 | 000,127,670 | ---- | C] () -- C:\Users\Alex\Desktop\Pac-Man....+Hair+Bra+Gallery+theleek.com+2012+12+hair-bras-are-all-the-rage-in-cleave-land-22-pics+Happy+Fapping_28dc0f_4297698.gif
[2012/12/14 12:07:21 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/11 20:10:11 | 000,263,186 | ---- | C] () -- C:\Users\Alex\Desktop\Minecraft.exe
[2012/12/11 19:44:34 | 000,581,642 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\technic-launcher.jar
[2012/12/06 20:23:15 | 000,927,371 | ---- | C] () -- C:\Users\Alex\Desktop\1354845275877.jpg
[2012/11/25 05:14:12 | 000,063,485 | ---- | C] () -- C:\Users\Alex\Desktop\1353839810530.jpg
[2012/11/24 06:03:02 | 000,062,052 | ---- | C] () -- C:\Users\Alex\Desktop\1353755174337.jpg
[2012/11/23 22:03:11 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/11/11 18:05:58 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 22:40:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/20 19:16:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/20 19:16:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/20 16:41:40 | 000,007,596 | ---- | C] () -- C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2012/08/20 15:54:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/20 15:53:59 | 000,023,465 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/21 02:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Here is the save log from aswMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-23 16:06:16
-----------------------------
16:06:16.673 OS Version: Windows x64 6.1.7601 Service Pack 1
16:06:16.673 Number of processors: 3 586 0x403
16:06:16.673 ComputerName: ALEX-PC UserName: Alex
16:06:20.198 Initialize success
16:13:09.762 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
16:13:09.762 Disk 0 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
16:13:09.778 Disk 0 MBR read successfully
16:13:09.778 Disk 0 MBR scan
16:13:09.778 Disk 0 Windows 7 default MBR code
16:13:09.793 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
16:13:09.809 Disk 0 scanning C:\Windows\system32\drivers
16:13:15.987 Service scanning
16:13:25.721 Modules scanning
16:13:25.721 Disk 0 trace - called modules:
16:13:25.737 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
16:13:25.737 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dc97060]
16:13:25.752 3 CLASSPNP.SYS[fffff8800199243f] -> nt!IofCallDriver -> [0xfffffa800ce59e40]
16:13:25.752 5 ACPI.sys[fffff88000f337a1] -> nt!IofCallDriver -> \Device\00000062[0xfffffa800ce47900]
16:13:26.267 Scan finished successfully
16:13:49.090 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
16:13:49.090 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
  • 0

#6
TheyCallMeRadish

TheyCallMeRadish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The problem seems to be fixed, and my computer is running much faster than before!

Thanks for all the help, it was simple and quick! :D

Edited by TheyCallMeRadish, 23 December 2012 - 04:19 PM.

  • 0

#7
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

The problem seems to be fixed, and my computer is running much faster than before!

Thanks for all the help, it was simple and quick! :D


That's good news! :thumbsup: You're welcome. I've posted the "final" scans to make sure we got everything to my instructor and I'll post it back as soon as he approves it.

Jasmyne
  • 0

#8
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have a few more scans for you to make sure everything is gone. :)

Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Run ESET online scan.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan


~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. Log from Malware Bytes Scan
2. Log from ESET Scan
  • 0

#9
TheyCallMeRadish

TheyCallMeRadish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry I did not get the chance to reply quickly, and thanks for keeping the topic open!

I scanned with Malewarebytes and sure enough it found a Hacktool

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-PC [administrator]

12/27/2012 7:45:27 PM
mbam-log-2012-12-27 (19-45-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243255
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\RECYCLER\S-1-5-21-1078081533-1645522239-839522115-1003\Dc30.dll (PUP.Hacktool.crk) -> Quarantined and deleted successfully.

(end)
  • 0

#10
TheyCallMeRadish

TheyCallMeRadish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the final log

It only detected one file as being infected, which I have checked this specific file over before and I'm fairly certain that it is a "false positive" as it was described everywhere I looked.

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=183e52056304424599f61306de4616db
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-28 02:59:14
# local_time=2012-12-27 08:59:14 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 10572810 108207004 0 0
# scanned=163095
# found=1
# cleaned=0
# scan_time=2693
C:\Program Files (x86)\1C Company\Men of War. Condemned Heroes\skidrow.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 39D2D94B8A70FD29A851809154333878DA3436D1 I
  • 0

#11
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

Sorry I did not get the chance to reply quickly, and thanks for keeping the topic open!


It's okay, with the holidays everyone is pretty busy, I completely understand. :)

I'll post back to my instructor tonight with the information from these scans and have a new post for you tomorrow.
  • 0

#12
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Let's check out that skidrow.dll file to before we decide to keep or delete it.

File Scanner

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Program Files (x86)\1C Company\Men of War. Condemned Heroes\skidrow.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

After that please run this Security Check Scan:

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#13
TheyCallMeRadish

TheyCallMeRadish

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
From Virscan.org

VirSCAN.org Scanned Report :
Scanned time : 2012/12/28 22:22:47 (CST)
Scanner results: 43% Scanner(s) (16/37) found malware!
File Name : skidrow.dll
File Size : 1219584 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 71165786431ff36d5390f5df80f47ed4
SHA1 : 39d2d94b8a70fd29a851809154333878da3436d1
Online report : http://r.virscan.org...b5fdb047832bf8e

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20121229090916 2012-12-29 10.30 Virus.Win32.Heur!IK
AhnLab V3 2012.12.29.00 2012.12.29 2012-12-29 3.60 -
AntiVir 8.2.10.202 7.11.50.58 2012-11-16 0.20 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.43 -
Arcavir 2011 201212180022 2012-12-18 4.20 -
Authentium 5.1.1 201212281937 2012-12-28 2.68 -
AVAST! 4.7.4 121228-1 2012-12-28 0.54 -
AVG 12.0.1794 2637/5493 2012-12-28 0.70 -
BitDefender 7.90123.8472254 7.44572 2012-12-29 5.22 Trojan.Generic.7456545
ClamAV 0.97.5 16164 2012-12-28 0.40 -
Comodo 5.1 14713 2012-12-28 2.18 UnclassifiedMalware
CP Secure 1.3.0.5 2012.12.29 2012-12-29 0.58 -
Dr.Web 7.0.4.9250 2012.12.29 2012-12-29 0.00 -
F-Prot 4.6.2.117 20121228 2012-12-28 2.96 -
F-Secure 7.02.73807 2012.12.28.09 2012-12-28 2.57 Trojan.Generic.7456545 [Aquarius]
Fortinet 4.3.392 16.549 2012-12-29 0.22 -
GData 22.7216 20121229 2012-12-29 7.21 Trojan.Generic.7456545 [Engine:A]
ViRobot 20121228 2012.12.28 2012-12-28 0.40 -
Ikarus T3.1.32.20.0 2012.12.28.83098 2012-12-28 7.76 Virus.Win32.Heur
JiangMin 13.0.900 2012.12.21 2012-12-21 2.47 -
Kaspersky 5.5.10 2012.12.28 2012-12-28 0.31 -
KingSoft 2009.2.5.15 2012.12.29.9 2012-12-29 1.11 -
McAfee 5400.1158 6939 2012-12-28 0.00 Scan_Timeout!
Microsoft 1.9002 2012.12.28 2012-12-28 12.01 -
NOD32 3.0.21 7841 2012-12-28 8.58 a variant of Win32/Packed.VMProtect.AAA trojan
Norman 6.8.3 201208311030 2012-08-31 0.00 -
Panda 9.05.01 2012.12.28 2012-12-28 4.34 Generic Trojan
Trend Micro 9.500-1005 9.622.08 2012-12-28 0.19 TROJ_SPNR.0BDQ12
Quick Heal 11.00 2012.12.28 2012-12-28 2.13 Trojan.Generic.ok
Rising 20.0 24.42.04.01 2012-12-28 4.80 -
Sophos 3.35.1 4.81 2012-12-29 6.41 Mal/Behav-363
Sunbelt 3.9.2556.2 14726 2012-12-28 0.89 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20121226.002 2012-12-26 0.65 Packed.Vmpbad!gen1
nProtect 20121228.02 13236315 2012-12-28 5.23 Trojan.Generic.7456545
The Hacker 6.8.0.0 v00164 2012-12-27 1.16 -
VBA32 3.12.18.4 20121228.0735 2012-12-28 17.66 -
VirusBuster 5.5.2.13 15.0.300.1/105542112012-12-28 0.24 Trojan.Packed!jSrHWP1sV3M


Here is the log from SecurityCheck

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#14
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Well, 43% of the scanners, detected the file as malware, so personally I would recommend the removal of it. However, if you strongly believe that is a false positive then it can be left on your computer.

If you choose to remove it:

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[CREATERESTOREPOINT]

:Files
C:\Program Files (x86)\1C Company\Men of War. Condemned Heroes\skidrow.dll

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image text box, right click and click Paste. This will put the above script inside the text box.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.

If you choose to keep the file:


Congratulations and Good Work, It looks like your log is clean. :thumbsup:

Now for some final "housekeeping" procedures.

1. Clear Old Restore Points

Follow instructions here to clear the old restore points that could be infected and create a new clean restore point.

~~~~~~~~~~~~~~~~~~~~Anti Malware Protection ~~~~~~~~~~~~~~~~~~~~


MalwareBytes Anti-Malware This is an excellent Anti-Malware product. It offers free malware scanning, free malware removal, and free updates. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

SUPERAntiSpyware Is another great Anti-Malware product that scans your computer for known Spyware, Adware, Malware, Trojans, and many other types of threats, and allows you to remove or quarantine them. It offers daily (manual) definition updates, as well as home page hijack protection and customizable scan options.

~~~~~~~~~~~~~~~~~~~~Free Antivirus Protection ~~~~~~~~~~~~~~~~~~~~

Always make sure you have an antivirus program! If for some reason in the future you'd like to switch programs here are some recomendations: Microsoft Security Essentials, Anti-Vir or Avast! Antivirus all three FREE to use. Please remember that you can only have one Antivirus installed at a time.

~~~~~~~~~~~~~~~~~~~~Free Firewall Programs ~~~~~~~~~~~~~~~~~~~~


Like antivirus, if for some reason in the future you'd like to switch, Comodo Personal Firewall and Sunbelt Personal Firewall are two good options for a FREE firewall to help protect your computer from any unwanted intruders.

~~~~~~~~~~~~~~~~~~~~Staying Updated ~~~~~~~~~~~~~~~~~~~~


Keeping your PC updated is important to protect yourself against future infections. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit. To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click here to find out how.

File Hippo Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link.

~~~~~~~~~~~~~~~~~~~~Alternate Browsers ~~~~~~~~~~~~~~~~~~~~


Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge add-on list.

Firefox - My personal choice, easy to use and has a large number of excellent add-ons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful add-ons that are worth having installed.

Google Chrome - Is another browser that's easy to use and is worth trying if you want to test out new browsers.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place?

Happy surfing! :wave:
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP