Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan and Ransom found and cleaned but Possible Rootkit present [Solv

Started by Ardant , Dec 30 2012 10:49 AM

  • This topic is locked This topic is locked

#1
Ardant
Posted 30 December 2012 - 10:49 AM

Ardant

    Member

  • Member
  • PipPipPip
  • 229 posts
My computer is acting extremely weird. I did find Ransom and Exploit Trojan on my computer and cleaned them but am still finding the computer acting up. I have run Avast, Malwarebytes and Spybot in regular mode and in Safe Mode. After performing a full Scan with Avast in Safe Mode I can no longer seem to get it to run now that I am back in reg mode. Spybot seems to think I may have a rootkit issue. I can not log into microsoft update. My games are crashing. I am getting email notifications on a seperate email address advising that my Diablo 3 account has been compromised despite that email account is not attached to that game. I have tried everything I can think of. Please advise.


OTL logfile created on: 30/12/2012 11:35:44 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\John Richardson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.22% Memory free
7.96 Gb Paging File | 7.16 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): C:\pagefile.sys 4989 7500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 62.91 Gb Free Space | 21.35% Space Free | Partition Type: NTFS

Computer Name: PARENT | User Name: John Richardson | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/30 11:29:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\My Documents\Downloads\OTL(3).exe
PRC - [2012/12/29 12:54:24 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/23 11:36:03 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/12/18 10:11:58 | 001,912,320 | ---- | M] (Curse) -- C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
PRC - [2012/12/11 17:46:12 | 003,558,856 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2012/11/23 03:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/23 14:54:45 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5fd59c12\mscorlib.dll
MOD - [2012/12/23 14:54:43 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_abb5bdef\system.drawing.dll
MOD - [2012/12/23 14:54:39 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_afa0bdbc\system.xml.dll
MOD - [2012/12/23 14:54:36 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_68d5575d\system.windows.forms.dll
MOD - [2012/12/23 14:54:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_393d2560\system.dll
MOD - [2012/12/23 14:54:24 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/12/23 14:54:23 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/12/23 14:54:22 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/12/23 13:25:09 | 000,647,168 | ---- | M] () -- C:\Program Files\Steam\sdl.dll
MOD - [2012/12/23 13:24:20 | 020,320,240 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/12/23 13:23:55 | 000,969,280 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/12/23 13:23:52 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/12/23 13:23:50 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/23 13:23:48 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/18 10:11:56 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\Curse.CurseClient.WowDb.dll
MOD - [2012/12/18 10:11:52 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\Curse.CurseClient.CMOD2.dll
MOD - [2012/11/16 03:30:35 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/16 03:28:37 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll
MOD - [2012/11/16 03:26:11 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\38a190d849769ca2a9b174bd7253913c\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/16 03:23:55 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll
MOD - [2012/11/16 03:23:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/16 03:23:12 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/16 03:22:31 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/16 03:21:50 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/16 03:16:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/16 03:16:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/16 03:16:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/16 03:10:34 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/16 03:09:18 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c14cec63fc2a347b26e146d390e6e4e\PresentationFramework.Classic.ni.dll
MOD - [2012/11/16 03:09:05 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\607521f6878e37764b6a2272f89996f6\PresentationFramework.ni.dll
MOD - [2012/11/16 03:07:20 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\1ce67382fb5f6eff28ec02c1d5f9d692\PresentationCore.ni.dll
MOD - [2012/11/16 03:06:17 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\e42848e8620740a16ef83db124a05803\WindowsBase.ni.dll
MOD - [2012/11/16 03:05:45 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/16 03:05:18 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/16 03:02:44 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/06/13 06:40:05 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 19:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2004/08/11 17:23:24 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2004/08/11 17:23:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/11 17:23:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/12/23 15:14:31 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/12/11 23:59:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/07 18:32:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/06 18:28:00 | 003,980,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/09/04 00:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2012/05/14 01:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/08/06 15:14:39 | 007,023,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/01/15 18:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/11/15 02:48:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/01/14 11:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004/10/28 05:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iobit.com/
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes,DefaultScope = {90D74DB8-5709-4054-911E-52EC8A817CAA}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{4352F279-82F3-4FF2-8C18-74793B4E329F}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{90D74DB8-5709-4054-911E-52EC8A817CAA}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{945EB1C1-B262-4DC7-ADA7-F6B1D592E691}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-23 21:51:21&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Documents and Settings\John Richardson\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/30 10:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/12/29 12:54:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/07 18:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/23 15:16:34 | 000,000,000 | ---D | M]

[2012/05/23 21:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Extensions
[2012/11/20 18:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions
[2012/11/20 18:39:16 | 000,243,496 | ---- | M] () (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/22 10:32:17 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\searchplugins\search-here.xml
[2012/12/07 18:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/30 10:04:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/12/07 18:32:56 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/06 05:28:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/22 11:22:09 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/11/03 07:51:06 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http:\/\/www.google.com\/
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http:\/\/ca.search.yahoo.com\/search?fr=mcafee&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http:\/\/www.google.com\/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.134.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/29 16:11:20 | 000,888,494 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15286 more lines...
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1348353807734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1333671003155 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD334E44-7F06-497C-A727-0B7C2627C830}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /A:"C:" /A:"*STARTUP-SHORT" /A:"*STARTUP" /L:"1033" /heur:100 /RA:chest /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/30 11:02:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John Richardson\Recent
[2012/12/30 09:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/12/29 16:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\ProcAlyzer Dumps
[2012/12/29 15:26:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/12/29 14:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2012/12/29 12:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\RoboForm
[2012/12/29 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/12/29 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! EasyPass
[2012/12/29 12:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\My Avast EasyPass Data
[2012/12/29 12:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2012/12/25 15:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\2K Games
[2012/12/25 15:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/12/24 17:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\THQ
[2012/12/24 16:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\iBomber Attack Demo
[2012/12/24 16:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\Cobra Mobile
[2012/12/24 16:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\CarrierCommandDemo
[2012/12/24 15:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\democracy2
[2012/12/23 15:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/12/23 15:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/12/23 13:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/12/23 13:18:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/12/22 08:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/22 08:47:12 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/12/22 08:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/12/18 10:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Start Menu\Programs\Curse
[2012/12/07 18:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/30 11:27:47 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/30 11:03:59 | 000,003,946 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121230_110354.reg
[2012/12/30 10:19:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/30 10:19:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/30 10:19:22 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/30 10:04:18 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/12/30 10:04:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/12/30 10:04:16 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/30 09:37:10 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2012/12/29 18:04:40 | 000,003,842 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/12/29 16:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/29 16:49:01 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/29 16:48:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005UA.job
[2012/12/29 16:11:20 | 000,888,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/12/29 16:02:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/29 16:01:33 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/29 16:01:32 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/12/29 15:35:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/29 12:45:30 | 000,454,292 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2012/12/29 12:45:25 | 000,236,975 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2012/12/29 10:57:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 10:53:39 | 000,888,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121229-161120.backup
[2012/12/29 00:48:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005Core.job
[2012/12/26 09:51:12 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/25 16:16:18 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Naval War Arctic Circle Demo.url
[2012/12/25 12:20:33 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Mafia II - Demo.url
[2012/12/24 16:58:45 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Warhammer 40,000 Space Marine Demo.url
[2012/12/24 16:46:32 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\iBomber Attack Demo.url
[2012/12/24 15:46:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2012/12/24 15:40:30 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Democracy 2 Demo.url
[2012/12/24 15:39:41 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Carrier Command Gaea Mission Demo.url
[2012/12/24 03:17:08 | 000,505,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/24 03:17:08 | 000,089,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/23 15:47:46 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Half-Life 2 Lost Coast.url
[2012/12/23 15:30:16 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\XCOM Enemy Unknown Demo.url
[2012/12/23 15:16:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/12/23 11:26:31 | 000,888,086 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121229-105339.backup
[2012/12/22 11:14:12 | 000,006,256 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121222_111408.reg
[2012/12/22 11:13:25 | 000,888,086 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121223-112630.backup
[2012/12/22 09:10:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/22 08:47:28 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/22 08:47:18 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/12/22 08:44:12 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Update Checker.lnk
[2012/12/21 03:17:47 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/18 23:59:23 | 000,005,050 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121218_235916.reg
[2012/12/18 10:12:05 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Curse Client.appref-ms
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/12 18:58:09 | 000,047,830 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121212_185804.reg
[2012/12/11 17:46:18 | 000,042,440 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/12/11 02:00:02 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/30 11:03:57 | 000,003,946 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121230_110354.reg
[2012/12/30 09:04:24 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/29 16:02:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\John Richardson\Start Menu\Programs\Internet Explorer.lnk
[2012/12/25 16:16:18 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Naval War Arctic Circle Demo.url
[2012/12/25 12:20:33 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Mafia II - Demo.url
[2012/12/24 16:58:45 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Warhammer 40,000 Space Marine Demo.url
[2012/12/24 16:46:32 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\iBomber Attack Demo.url
[2012/12/24 15:46:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/24 15:40:30 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Democracy 2 Demo.url
[2012/12/24 15:39:41 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Carrier Command Gaea Mission Demo.url
[2012/12/23 15:47:46 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Half-Life 2 Lost Coast.url
[2012/12/23 15:30:16 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\XCOM Enemy Unknown Demo.url
[2012/12/23 15:16:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/23 15:16:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/12/22 11:14:10 | 000,006,256 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121222_111408.reg
[2012/12/22 08:47:27 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/12/22 08:47:27 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/22 08:47:27 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/22 08:47:18 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/22 08:47:18 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/12/18 23:59:18 | 000,005,050 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121218_235916.reg
[2012/12/12 18:58:07 | 000,047,830 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121212_185804.reg
[2012/12/11 17:46:18 | 000,042,440 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/06/03 10:44:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/23 21:26:32 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\dt.dat
[2012/05/23 06:36:35 | 001,008,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/01 23:14:07 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\John Richardson\NTUSER.bak
[2012/04/09 17:17:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/26 00:00:10 | 000,454,292 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2011/10/25 23:59:53 | 000,236,975 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2011/10/25 22:25:51 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 18:55:28 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/05/30 18:55:28 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/03/13 10:38:17 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\John Richardson\test
[2011/02/21 15:11:38 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/02/21 15:11:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/04/26 11:38:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Richardson\Application Data\wklnhst.dat
[2008/03/06 22:08:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 19:02:55 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/19 19:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2012/05/24 20:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wargaming.net
[2012/04/01 09:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/10/16 18:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/21 18:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/05/23 20:11:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/06 23:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curse Client
[2011/06/05 17:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/10/29 18:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/01/04 18:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2012/02/10 07:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/05/24 20:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/05 17:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012/09/18 19:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/04/03 17:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/12/29 12:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/06/27 06:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/04/05 06:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/05 16:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IObit
[2008/12/27 17:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Acreon
[2012/05/26 08:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG
[2012/05/23 20:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search
[2012/05/23 20:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG2012
[2012/11/03 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Bioshock
[2011/05/30 18:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\BugTrap Console Test108
[2008/03/01 14:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Canon
[2012/12/24 16:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Cobra Mobile
[2012/09/22 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\DefaultTab
[2012/06/03 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations
[2012/06/18 19:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\DriverCure
[2010/03/28 13:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\FOG Downloader
[2011/08/20 11:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IGG
[2012/10/06 11:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IObit
[2011/03/27 11:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Itibiti
[2011/07/16 19:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Kalypso Media
[2012/04/05 06:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PCDr
[2012/06/03 12:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PingPlotter
[2012/12/19 21:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\raidcall
[2011/03/27 12:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\RegistryKeys
[2012/12/29 12:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\RoboForm
[2011/08/06 13:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment
[2012/06/18 19:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc
[2008/04/26 11:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Template
[2011/07/07 20:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Unity
[2011/05/03 20:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\wargaming.net
[2012/06/02 08:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Wise Registry Cleaner
[2009/02/15 12:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\Canon
[2012/04/04 20:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\IObit
[2008/05/05 11:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\Template
[2009/12/11 10:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\XPSViewer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\SxsCaPendDel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\LastGood.Tmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB942288-v3$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2761226$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2756822$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2753842-v2$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2736233$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2731847$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2727528$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2724197$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2723135$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2719985$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718704$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718523$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2709162$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2698365$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2685939$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2661254-v2$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2655992$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\World of Warcraft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Ubisoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Siber Systems:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Reference Assemblies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\PingPlotter Standard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSECache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSBuild:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Mozilla Maintenance Service:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Microsoft.NET:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FileHippo.com:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\File Type Assistant:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\EA SPORTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Intuit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\AnswerWorks 4.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AVG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ie-spyad_zo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Download:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.010\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.009\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.008\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.007\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.006\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.005\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.004\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.003\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.002\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.001\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.000\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\SACore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\McAfee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\Canon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Administrative Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\PrivacIE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\SH3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\ProcAlyzer Dumps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\My Avast EasyPass Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Madden NFL 07:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\KOEI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\democracy2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Temp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\PCHealth:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Electronic Arts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Dell:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Blizzard Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\IECompatCache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\ZonedOut:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Runes_of_Magic_2.1.6.2049:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\New Hampshire Trip 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Adobe Reader 9 Installer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\RegistryKeys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\raidcall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\PingPlotter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Itibiti:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\FOG Downloader:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DriverCure:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Acreon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Default User\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\avast! EasyPass:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Desktop\CC Support:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\RoboForm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\MFAData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\FreeApp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Common Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Blizzard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Battle.net:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Ask:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Config.Msi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\b90c13be94acef04c636:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\AMD:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 05 January 2013 - 07:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay. I would like a fresh OTL scan please also an update on your current problem

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
Ardant
Posted 06 January 2013 - 07:04 PM

Ardant

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
I have been playing around trying to figure out what is wrong and found that I couldn't get my computer out of safe mode. After alot of struggles I booted in windows domain files only, ran Spybot, Malware Bytes and avast, still no viruses. Ran CC Cleaner and wise registry cleaner and then rebooted. Regular mode seems to have come back. The system looks clean as far as I can tell but there are still some oddities that have me concerned. I am still getting emails about my diablo 3 account on the email address that is not registered with diablo. Programs that used to work don't. I have reinstalled several programs with some success. Others will still not work. Spybot still says I may have a rootkit issues but wont tell me specifically what the issue is. I will have to defer this to you. I have Updated many of the programs I have but can not seem to update my video drivers. Not sure what is hapenning. I have attached the logs as requested. I do not recall all these alternate data streams before.

OTL logfile created on: 06/01/2013 7:22:05 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\John Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 72.38% Memory free
7.96 Gb Paging File | 6.87 Gb Available in Paging File | 86.28% Paging File free
Paging file location(s): C:\pagefile.sys 4989 7500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 77.21 Gb Free Space | 26.20% Space Free | Partition Type: NTFS
Drive D: | 626.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PARENT | User Name: John Richardson | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 19:17:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
PRC - [2012/12/29 12:54:24 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/23 15:14:31 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/23 11:36:03 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/12/18 10:11:58 | 001,912,320 | ---- | M] (Curse) -- C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
PRC - [2012/12/11 17:46:12 | 003,558,856 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2012/11/23 03:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2001/10/15 03:42:45 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/06 12:36:43 | 002,042,368 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13010601\algo.dll
MOD - [2013/01/06 03:43:38 | 002,043,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13010600\algo.dll
MOD - [2012/12/23 14:54:45 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5fd59c12\mscorlib.dll
MOD - [2012/12/23 14:54:43 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_abb5bdef\system.drawing.dll
MOD - [2012/12/23 14:54:39 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_afa0bdbc\system.xml.dll
MOD - [2012/12/23 14:54:36 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_68d5575d\system.windows.forms.dll
MOD - [2012/12/23 14:54:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_393d2560\system.dll
MOD - [2012/12/23 14:54:24 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/12/23 14:54:23 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/12/23 14:54:22 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/12/23 13:25:09 | 000,647,168 | ---- | M] () -- C:\Program Files\Steam\sdl.dll
MOD - [2012/12/23 13:24:20 | 020,320,240 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/12/23 13:23:55 | 000,969,280 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/12/23 13:23:52 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/12/23 13:23:50 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/23 13:23:48 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/18 10:11:56 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\Curse.CurseClient.WowDb.dll
MOD - [2012/11/16 03:30:35 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/16 03:28:37 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll
MOD - [2012/11/16 03:26:11 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\38a190d849769ca2a9b174bd7253913c\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/16 03:23:55 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll
MOD - [2012/11/16 03:23:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/16 03:23:12 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/16 03:22:31 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/16 03:21:50 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/16 03:16:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/16 03:16:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/16 03:16:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/16 03:10:34 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/16 03:09:42 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3524383abc7d257cdb5d3f6f22ee8068\PresentationFramework.Luna.ni.dll
MOD - [2012/11/16 03:09:05 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\607521f6878e37764b6a2272f89996f6\PresentationFramework.ni.dll
MOD - [2012/11/16 03:07:20 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\1ce67382fb5f6eff28ec02c1d5f9d692\PresentationCore.ni.dll
MOD - [2012/11/16 03:06:17 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\e42848e8620740a16ef83db124a05803\WindowsBase.ni.dll
MOD - [2012/11/16 03:05:45 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/16 03:05:18 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/16 03:02:44 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/06/13 06:40:05 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2004/08/11 17:23:24 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2004/08/11 17:23:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/11 17:23:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/12/23 15:14:31 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/12/11 23:59:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/07 18:32:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/06 18:28:00 | 003,980,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/09/04 00:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2012/05/14 01:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/08/06 15:14:39 | 007,023,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/01/15 18:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/11/15 02:48:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/01/14 11:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004/10/28 05:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE8HP&PC=UP68
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/120
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=EIE8HP&PC=UP68
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes,DefaultScope = {90D74DB8-5709-4054-911E-52EC8A817CAA}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{4352F279-82F3-4FF2-8C18-74793B4E329F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{90D74DB8-5709-4054-911E-52EC8A817CAA}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{945EB1C1-B262-4DC7-ADA7-F6B1D592E691}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-23 21:51:21&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{EDAD97F0-437A-4A6D-820C-6622DF6576FB}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Documents and Settings\John Richardson\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/30 10:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/12/29 12:54:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/07 18:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/23 15:16:34 | 000,000,000 | ---D | M]

[2012/05/23 21:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Extensions
[2012/11/20 18:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions
[2012/11/20 18:39:16 | 000,243,496 | ---- | M] () (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/22 10:32:17 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\searchplugins\search-here.xml
[2012/12/07 18:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/30 10:04:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/12/07 18:32:56 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/06 05:28:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/22 11:22:09 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/11/03 07:51:06 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http:\/\/www.google.com\/
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http:\/\/ca.search.yahoo.com\/search?fr=mcafee&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http:\/\/www.google.com\/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.134.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/02 20:29:08 | 000,888,494 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15286 more lines...
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1348353807734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1333671003155 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD334E44-7F06-497C-A727-0B7C2627C830}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /A:"C:" /A:"*STARTUP-SHORT" /A:"*STARTUP" /L:"1033" /heur:100 /RA:chest /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 19:21:32 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\John Richardson\Desktop\aswMBR.exe
[2013/01/06 19:18:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
[2013/01/05 13:08:34 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/01/05 12:52:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/01/05 12:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2013/01/05 11:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Tanks
[2013/01/05 09:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/01/02 19:35:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John Richardson\Recent
[2012/12/30 09:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/12/29 16:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\ProcAlyzer Dumps
[2012/12/29 14:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2012/12/29 12:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\RoboForm
[2012/12/29 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/12/29 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! EasyPass
[2012/12/29 12:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\My Avast EasyPass Data
[2012/12/29 12:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2012/12/25 15:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\2K Games
[2012/12/25 15:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/12/24 17:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\THQ
[2012/12/24 16:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\iBomber Attack Demo
[2012/12/24 16:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\Cobra Mobile
[2012/12/24 16:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\CarrierCommandDemo
[2012/12/24 15:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\democracy2
[2012/12/24 15:13:19 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2012/12/23 15:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/12/23 15:15:10 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/23 15:14:52 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/23 15:14:52 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/23 15:14:52 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/23 15:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/12/23 13:39:25 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\John Richardson\Desktop\dotNetFx40_Full_setup.exe
[2012/12/23 13:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/12/23 13:18:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/12/22 08:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/22 08:47:12 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/12/22 08:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/12/18 10:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Start Menu\Programs\Curse
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/06 19:21:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\John Richardson\Desktop\aswMBR.exe
[2013/01/06 19:17:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
[2013/01/06 18:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/06 18:49:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/06 18:48:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005UA.job
[2013/01/06 10:04:00 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/06 01:40:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/06 00:48:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005Core.job
[2013/01/05 19:49:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/05 13:07:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/05 12:56:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/05 12:55:22 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/01/05 12:55:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/05 12:55:09 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/05 12:47:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/05 11:37:56 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Tanks.lnk
[2013/01/05 11:19:11 | 000,003,887 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/01/04 22:54:29 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\John Richardson\NTUSER.bak
[2013/01/04 19:29:31 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.rhk
[2013/01/02 20:31:16 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2013/01/02 20:29:08 | 000,888,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/12/30 11:27:47 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/30 11:03:59 | 000,003,946 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121230_110354.reg
[2012/12/30 10:04:18 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/12/30 10:04:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/12/29 16:11:20 | 000,888,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130102-202908.backup
[2012/12/29 15:35:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/29 12:45:30 | 000,454,292 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2012/12/29 12:45:25 | 000,236,975 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2012/12/29 10:57:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 10:53:39 | 000,888,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121229-161120.backup
[2012/12/26 09:51:12 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/25 16:16:18 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Naval War Arctic Circle Demo.url
[2012/12/25 12:20:33 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Mafia II - Demo.url
[2012/12/24 16:58:45 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Warhammer 40,000 Space Marine Demo.url
[2012/12/24 16:46:32 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\iBomber Attack Demo.url
[2012/12/24 15:46:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2012/12/24 15:40:30 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Democracy 2 Demo.url
[2012/12/24 15:39:41 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Carrier Command Gaea Mission Demo.url
[2012/12/24 03:17:08 | 000,505,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/24 03:17:08 | 000,089,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/23 15:47:46 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Half-Life 2 Lost Coast.url
[2012/12/23 15:30:16 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\XCOM Enemy Unknown Demo.url
[2012/12/23 15:16:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/12/23 15:14:35 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/12/23 15:14:29 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/12/23 15:14:29 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/23 15:14:29 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/23 15:14:29 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/12/23 15:14:27 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/12/23 15:14:27 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/12/23 13:39:25 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\John Richardson\Desktop\dotNetFx40_Full_setup.exe
[2012/12/23 11:26:31 | 000,888,086 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121229-105339.backup
[2012/12/22 11:14:12 | 000,006,256 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121222_111408.reg
[2012/12/22 11:13:25 | 000,888,086 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121223-112630.backup
[2012/12/22 09:10:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/22 08:47:28 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/22 08:47:18 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/12/22 08:44:12 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Update Checker.lnk
[2012/12/21 03:17:47 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/18 23:59:23 | 000,005,050 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121218_235916.reg
[2012/12/18 10:12:05 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Curse Client.appref-ms
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/12 18:58:09 | 000,047,830 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121212_185804.reg
[2012/12/11 23:59:11 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/11 23:59:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/11 17:46:18 | 000,042,440 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/12/11 02:00:02 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/05 12:54:07 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/01/05 12:15:49 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/05 12:12:46 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2013/01/05 11:37:56 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Tanks.lnk
[2013/01/04 22:46:57 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/04 19:29:31 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.rhk
[2012/12/30 11:03:57 | 000,003,946 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121230_110354.reg
[2012/12/29 16:02:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\John Richardson\Start Menu\Programs\Internet Explorer.lnk
[2012/12/25 16:16:18 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Naval War Arctic Circle Demo.url
[2012/12/25 12:20:33 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Mafia II - Demo.url
[2012/12/24 16:58:45 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Warhammer 40,000 Space Marine Demo.url
[2012/12/24 16:46:32 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\iBomber Attack Demo.url
[2012/12/24 15:46:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/24 15:40:30 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Democracy 2 Demo.url
[2012/12/24 15:39:41 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Carrier Command Gaea Mission Demo.url
[2012/12/23 15:47:46 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Half-Life 2 Lost Coast.url
[2012/12/23 15:30:16 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\XCOM Enemy Unknown Demo.url
[2012/12/23 15:16:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/23 15:16:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/12/22 11:14:10 | 000,006,256 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121222_111408.reg
[2012/12/22 08:47:27 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/12/22 08:47:27 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/22 08:47:27 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/22 08:47:18 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/22 08:47:18 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/12/18 23:59:18 | 000,005,050 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121218_235916.reg
[2012/12/12 18:58:07 | 000,047,830 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121212_185804.reg
[2012/12/11 17:46:18 | 000,042,440 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/06/03 10:44:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/25 18:04:09 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\John Richardson\NTUSER.bak
[2012/05/23 21:26:32 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\dt.dat
[2012/05/23 06:36:35 | 001,008,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/09 17:17:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/26 00:00:10 | 000,454,292 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2011/10/25 23:59:53 | 000,236,975 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2011/10/25 22:25:51 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 18:55:28 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/05/30 18:55:28 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/03/13 10:38:17 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\John Richardson\test
[2011/02/21 15:11:38 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/02/21 15:11:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/04/26 11:38:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Richardson\Application Data\wklnhst.dat
[2008/03/06 22:08:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 19:02:55 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2011/08/11 12:06:26 | 002,551,808 | ---- | M] (MarvelQuest) -- C:\MFPatcher.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/04 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2008/11/11 01:27:35 | 000,001,602 | ---- | M] () MD5=DFDDD5515C9DCC4863D04ED35DA86034 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/04 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.PNG >
[2012/09/04 00:56:00 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.SBS >
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs

< MD5 for: SERVICES.ZIP >
[2012/07/07 22:31:41 | 000,876,996 | ---- | M] () MD5=CAC0A919FE55CAAFFAC56BAEFC037444 -- C:\Documents and Settings\All Users\Desktop\CC Support\Tools\ServicesRepair\Temp\Services.zip

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\i386\winsock.dll
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\XPSViewer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\SxsCaPendDel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\LastGood.Tmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB942288-v3$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2761226$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2756822$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2753842-v2$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2736233$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2731847$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2727528$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2724197$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2723135$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2719985$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718704$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718523$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2709162$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2698365$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2685939$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2661254-v2$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2655992$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\World of Warcraft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Ubisoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Siber Systems:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Reference Assemblies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\PingPlotter Standard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSECache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSBuild:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Mozilla Maintenance Service:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Microsoft.NET:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FileHippo.com:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\File Type Assistant:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\EA SPORTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Intuit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\AnswerWorks 4.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AVG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Adobe\Reader 11.0\Reader\Services:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ie-spyad_zo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Download:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\SACore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\McAfee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Local Settings\Application Data\Microsoft\Internet Explorer\Services:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Administrative Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\PrivacIE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\SH3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\ProcAlyzer Dumps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\My Avast EasyPass Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Madden NFL 07:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\KOEI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\democracy2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Temp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\PCHealth:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Microsoft\Internet Explorer\Services:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Electronic Arts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Dell:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Blizzard Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\IECompatCache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\ZonedOut:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Runes_of_Magic_2.1.6.2049:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\New Hampshire Trip 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Adobe Reader 9 Installer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\RegistryKeys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\raidcall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\PingPlotter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Itibiti:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\FOG Downloader:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DriverCure:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Acreon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\avast! EasyPass:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Desktop\CC Support:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\RoboForm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\MFAData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\FreeApp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Common Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Blizzard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Battle.net:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Ask:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Config.Msi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\b90c13be94acef04c636:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\AMD:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-06 19:36:09
-----------------------------
19:36:09.718 OS Version: Windows 5.1.2600 Service Pack 3
19:36:09.718 Number of processors: 2 586 0xF0B
19:36:09.718 ComputerName: PARENT UserName:
19:36:10.765 Initialize success
19:36:10.859 AVAST engine defs: 13010601
19:36:15.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:36:15.765 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
19:36:15.781 Disk 0 MBR read successfully
19:36:15.781 Disk 0 MBR scan
19:36:15.781 Disk 0 unknown MBR code
19:36:15.781 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:36:15.796 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 301807 MB offset 112455
19:36:15.812 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3380 MB offset 618213330
19:36:15.828 Disk 0 scanning sectors +625137345
19:36:15.843 Disk 0 scanning C:\WINDOWS\system32\drivers
19:36:23.921 Service scanning
19:36:39.953 Modules scanning
19:36:45.890 Disk 0 trace - called modules:
19:36:45.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
19:36:45.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3e3ab8]
19:36:45.906 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000069[0x8b3ee030]
19:36:45.906 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b3f1940]
19:36:45.921 \Driver\atapi[0x8b3ed460] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xba338d60]
19:36:46.671 AVAST engine scan C:\WINDOWS
19:36:50.812 AVAST engine scan C:\WINDOWS\system32
19:38:53.421 AVAST engine scan C:\WINDOWS\system32\drivers
19:39:11.531 AVAST engine scan C:\Documents and Settings\John Richardson
19:40:11.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Richardson\Desktop\MBR.dat"
19:40:11.859 The log file has been saved successfully to "C:\Documents and Settings\John Richardson\Desktop\aswMBR.txt"
19:52:46.125 AVAST engine scan C:\Documents and Settings\All Users
20:02:00.531 Scan finished successfully
20:02:35.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Richardson\Desktop\MBR.dat"
20:02:35.062 The log file has been saved successfully to "C:\Documents and Settings\John Richardson\Desktop\aswMBR2.txt"
  • 0

#4
Essexboy
Posted 07 January 2013 - 08:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
aswMBR is not reporting any anomalies. The ADS are part of Roxio burning system, I can remove them if you wish

Is Avast reporting a rootkit, as it does an antirootkit scan 8 minutes after boot

When you run the programmes what are the specific errors you are getting ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{945EB1C1-B262-4DC7-ADA7-F6B1D592E691}: "URL" = http://www.mysearchr...q={searchTerms}
[2012/09/22 10:32:17 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\searchplugins\search-here.xml
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Ardant
Posted 07 January 2013 - 05:51 PM

Ardant

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
If the Data streams are normal the no problem. If they are something that can be used against my computer then we should stop them if they are not needed.

When I got home from work I found that avast had done a full system scan. There was an error message saying that some files could not be scanned. These were all avast def .dll files. I cant seem to generate a text document so I can post them but if you need them I will type them out.

As for gaming programs not working I seem to be getting an Internet explorer active x error that states that an active x control on this page might be unsafe to interact with other parts of the page. It asks me if I want to allow this and no matter what the response is the game seems to hang. May just be a setting but not sure.

Avast has never mentioned anything about a rootkit but based on errors as mentioned above it my not be doing it's thing properly. As I said Spybot says it suspects something but that it may not be true. Most the items listed in the spybot deep scan were Roxio files so I am not sure myself.

For the most part the computer seems to be working ok but as I said I have just some minor concerns. Hopefully the report below will show everything clean.

I will try and update avast and see what happens from there.





OTL logfile created on: 07/01/2013 6:13:19 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\John Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 66.36% Memory free
7.96 Gb Paging File | 6.91 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): C:\pagefile.sys 4989 7500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 77.87 Gb Free Space | 26.42% Space Free | Partition Type: NTFS
Drive D: | 626.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PARENT | User Name: John Richardson | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 19:17:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
PRC - [2012/12/29 12:54:24 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/23 15:14:31 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/23 11:36:03 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/12/18 10:11:58 | 001,912,320 | ---- | M] (Curse) -- C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
PRC - [2012/12/11 17:46:12 | 003,558,856 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2012/12/07 18:32:56 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/23 03:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2001/10/15 03:42:45 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/07 02:38:43 | 002,042,368 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13010700\algo.dll
MOD - [2012/12/23 14:54:45 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5fd59c12\mscorlib.dll
MOD - [2012/12/23 14:54:43 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_abb5bdef\system.drawing.dll
MOD - [2012/12/23 14:54:39 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_afa0bdbc\system.xml.dll
MOD - [2012/12/23 14:54:36 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_68d5575d\system.windows.forms.dll
MOD - [2012/12/23 14:54:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_393d2560\system.dll
MOD - [2012/12/23 14:54:24 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/12/23 14:54:23 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/12/23 14:54:22 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/12/23 13:25:09 | 000,647,168 | ---- | M] () -- C:\Program Files\Steam\sdl.dll
MOD - [2012/12/23 13:24:20 | 020,320,240 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/12/23 13:23:55 | 000,969,280 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/12/23 13:23:52 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/12/23 13:23:50 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/23 13:23:48 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/18 10:11:56 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\Curse.CurseClient.WowDb.dll
MOD - [2012/12/07 18:32:56 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/16 03:30:35 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/16 03:28:37 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\188d6391f7485a07e1218b5fc4ec2207\System.Deployment.ni.dll
MOD - [2012/11/16 03:26:11 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\38a190d849769ca2a9b174bd7253913c\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/16 03:23:55 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e564bacf8526a85451e0eaaf5b1137bb\System.Security.ni.dll
MOD - [2012/11/16 03:23:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/16 03:23:12 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/16 03:22:31 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/16 03:21:50 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/16 03:16:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/16 03:16:17 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/16 03:16:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/16 03:10:34 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/16 03:09:42 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3524383abc7d257cdb5d3f6f22ee8068\PresentationFramework.Luna.ni.dll
MOD - [2012/11/16 03:09:05 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\607521f6878e37764b6a2272f89996f6\PresentationFramework.ni.dll
MOD - [2012/11/16 03:07:20 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\1ce67382fb5f6eff28ec02c1d5f9d692\PresentationCore.ni.dll
MOD - [2012/11/16 03:06:17 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\e42848e8620740a16ef83db124a05803\WindowsBase.ni.dll
MOD - [2012/11/16 03:05:45 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/16 03:05:18 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/16 03:02:44 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/06/13 06:40:05 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2004/08/11 17:23:24 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2004/08/11 17:23:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/11 17:23:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/12/23 15:14:31 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/12/11 23:59:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/07 18:32:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/06 18:28:00 | 003,980,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/09/04 00:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2012/05/14 01:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/08/06 15:14:39 | 007,023,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/01/15 18:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/11/15 02:48:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/01/14 11:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004/10/28 05:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE8HP&PC=UP68
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/120
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=EIE8HP&PC=UP68
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes,DefaultScope = {90D74DB8-5709-4054-911E-52EC8A817CAA}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{4352F279-82F3-4FF2-8C18-74793B4E329F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{90D74DB8-5709-4054-911E-52EC8A817CAA}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-05-23 21:51:21&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{EDAD97F0-437A-4A6D-820C-6622DF6576FB}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Documents and Settings\John Richardson\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/30 10:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/12/29 12:54:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/07 18:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/23 15:16:34 | 000,000,000 | ---D | M]

[2012/05/23 21:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Extensions
[2012/11/20 18:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions
[2012/11/20 18:39:16 | 000,243,496 | ---- | M] () (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/12/07 18:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/30 10:04:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/12/07 18:32:56 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/06 05:28:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/22 11:22:09 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/11/03 07:51:06 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http:\/\/www.google.com\/
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http:\/\/ca.search.yahoo.com\/search?fr=mcafee&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http:\/\/www.google.com\/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.134.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/07 18:02:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1348353807734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1333671003155 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD334E44-7F06-497C-A727-0B7C2627C830}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /A:"C:" /A:"*STARTUP-SHORT" /A:"*STARTUP" /L:"1033" /heur:100 /RA:chest /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 19:21:32 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\John Richardson\Desktop\aswMBR.exe
[2013/01/06 19:18:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
[2013/01/05 12:52:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/01/05 12:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2013/01/05 11:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Tanks
[2013/01/05 09:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/01/02 19:35:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John Richardson\Recent
[2012/12/30 09:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/12/29 16:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\ProcAlyzer Dumps
[2012/12/29 14:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2012/12/29 12:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\RoboForm
[2012/12/29 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/12/29 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! EasyPass
[2012/12/29 12:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\My Avast EasyPass Data
[2012/12/29 12:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2012/12/25 15:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\2K Games
[2012/12/25 15:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/12/24 17:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\THQ
[2012/12/24 16:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\iBomber Attack Demo
[2012/12/24 16:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Application Data\Cobra Mobile
[2012/12/24 16:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\CarrierCommandDemo
[2012/12/24 15:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\My Documents\democracy2
[2012/12/23 15:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/12/23 15:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/12/23 13:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/12/22 08:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/22 08:47:12 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012/12/22 08:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/12/18 10:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Start Menu\Programs\Curse
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/07 18:07:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/07 18:04:45 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/07 18:04:14 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/07 18:04:14 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/01/07 18:04:14 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/07 18:04:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/07 18:03:47 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/07 18:02:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/01/07 17:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/07 17:49:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/07 17:48:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005UA.job
[2013/01/07 00:48:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005Core.job
[2013/01/06 20:02:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\MBR.dat
[2013/01/06 19:21:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\John Richardson\Desktop\aswMBR.exe
[2013/01/06 19:17:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
[2013/01/05 13:07:11 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/05 12:47:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/05 11:37:56 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Tanks.lnk
[2013/01/05 11:19:11 | 000,003,887 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/01/04 22:54:29 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\John Richardson\NTUSER.bak
[2013/01/04 19:29:31 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.rhk
[2013/01/02 20:31:16 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2012/12/30 11:27:47 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/30 11:03:59 | 000,003,946 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121230_110354.reg
[2012/12/30 10:04:18 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/12/30 10:04:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/12/29 16:11:20 | 000,888,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130102-202908.backup
[2012/12/29 15:35:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/29 12:45:30 | 000,454,292 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2012/12/29 12:45:25 | 000,236,975 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2012/12/29 10:57:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 10:53:39 | 000,888,494 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121229-161120.backup
[2012/12/26 09:51:12 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/25 16:16:18 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Naval War Arctic Circle Demo.url
[2012/12/25 12:20:33 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Mafia II - Demo.url
[2012/12/24 16:58:45 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Warhammer 40,000 Space Marine Demo.url
[2012/12/24 16:46:32 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\iBomber Attack Demo.url
[2012/12/24 15:46:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2012/12/24 15:40:30 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Democracy 2 Demo.url
[2012/12/24 15:39:41 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Carrier Command Gaea Mission Demo.url
[2012/12/24 03:17:08 | 000,505,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/24 03:17:08 | 000,089,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/23 15:47:46 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Half-Life 2 Lost Coast.url
[2012/12/23 15:30:16 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\XCOM Enemy Unknown Demo.url
[2012/12/23 15:16:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/12/23 11:26:31 | 000,888,086 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121229-105339.backup
[2012/12/22 11:14:12 | 000,006,256 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121222_111408.reg
[2012/12/22 11:13:25 | 000,888,086 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121223-112630.backup
[2012/12/22 09:10:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/22 08:47:28 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/22 08:47:18 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/12/22 08:44:12 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Update Checker.lnk
[2012/12/21 03:17:47 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/18 23:59:23 | 000,005,050 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121218_235916.reg
[2012/12/18 10:12:05 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Curse Client.appref-ms
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/12 18:58:09 | 000,047,830 | ---- | M] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121212_185804.reg
[2012/12/11 17:46:18 | 000,042,440 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/12/11 02:00:02 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/06 19:40:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\MBR.dat
[2013/01/05 12:54:07 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/01/05 12:15:49 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/05 12:12:46 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2013/01/05 11:37:56 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Tanks.lnk
[2013/01/04 22:46:57 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/04 19:29:31 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.rhk
[2012/12/30 11:03:57 | 000,003,946 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121230_110354.reg
[2012/12/29 16:02:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\John Richardson\Start Menu\Programs\Internet Explorer.lnk
[2012/12/25 16:16:18 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Naval War Arctic Circle Demo.url
[2012/12/25 12:20:33 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Mafia II - Demo.url
[2012/12/24 16:58:45 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Warhammer 40,000 Space Marine Demo.url
[2012/12/24 16:46:32 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\iBomber Attack Demo.url
[2012/12/24 15:46:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/12/24 15:40:30 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Democracy 2 Demo.url
[2012/12/24 15:39:41 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Carrier Command Gaea Mission Demo.url
[2012/12/23 15:47:46 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Half-Life 2 Lost Coast.url
[2012/12/23 15:30:16 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\XCOM Enemy Unknown Demo.url
[2012/12/23 15:16:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/23 15:16:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2012/12/22 11:14:10 | 000,006,256 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121222_111408.reg
[2012/12/22 08:47:27 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/12/22 08:47:27 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/22 08:47:27 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/22 08:47:18 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/22 08:47:18 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/12/18 23:59:18 | 000,005,050 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121218_235916.reg
[2012/12/12 18:58:07 | 000,047,830 | ---- | C] () -- C:\Documents and Settings\John Richardson\My Documents\cc_20121212_185804.reg
[2012/12/11 17:46:18 | 000,042,440 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/06/03 10:44:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/25 18:04:09 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\John Richardson\NTUSER.bak
[2012/05/23 21:26:32 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\dt.dat
[2012/05/23 06:36:35 | 001,008,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/09 17:17:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/26 00:00:10 | 000,454,292 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2011/10/25 23:59:53 | 000,236,975 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2011/10/25 22:25:51 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\housecall.guid.cache
[2011/05/30 18:55:28 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/05/30 18:55:28 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/03/13 10:38:17 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\John Richardson\test
[2011/02/21 15:11:38 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/02/21 15:11:08 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/04/26 11:38:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Richardson\Application Data\wklnhst.dat
[2008/03/06 22:08:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 19:02:55 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/19 19:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2012/05/24 20:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wargaming.net
[2013/01/04 19:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wise Registry Cleaner
[2012/04/01 09:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/10/16 18:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/21 18:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/05/23 20:11:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/06 23:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curse Client
[2011/06/05 17:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/10/29 18:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/01/04 18:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2012/02/10 07:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/05/24 20:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/05 17:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012/09/18 19:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/04/03 17:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/12/29 12:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/06/27 06:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/04/05 06:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/05 16:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IObit
[2008/12/27 17:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Acreon
[2012/05/26 08:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG
[2012/05/23 20:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search
[2012/05/23 20:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG2012
[2012/11/03 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Bioshock
[2011/05/30 18:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\BugTrap Console Test108
[2008/03/01 14:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Canon
[2012/12/24 16:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Cobra Mobile
[2012/09/22 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\DefaultTab
[2012/06/03 12:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations
[2012/06/18 19:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\DriverCure
[2010/03/28 13:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\FOG Downloader
[2011/08/20 11:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IGG
[2012/10/06 11:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IObit
[2011/03/27 11:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Itibiti
[2011/07/16 19:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Kalypso Media
[2012/04/05 06:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PCDr
[2012/06/03 12:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PingPlotter
[2012/12/19 21:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\raidcall
[2011/03/27 12:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\RegistryKeys
[2012/12/29 12:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\RoboForm
[2011/08/06 13:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment
[2012/06/18 19:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc
[2008/04/26 11:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Template
[2011/07/07 20:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Unity
[2011/05/03 20:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\wargaming.net
[2012/06/02 08:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Wise Registry Cleaner
[2009/02/15 12:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\Canon
[2012/04/04 20:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\IObit
[2008/05/05 11:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\Template
[2009/12/11 10:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\XPSViewer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\SxsCaPendDel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB942288-v3$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2761226$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2756822$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2753842-v2$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2736233$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2731847$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2727528$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2724197$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2723135$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2719985$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718704$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718523$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2709162$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2698365$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2685939$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2661254-v2$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2655992$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\World of Warcraft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Ubisoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Siber Systems:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Reference Assemblies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\PingPlotter Standard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSECache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSBuild:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Mozilla Maintenance Service:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Microsoft.NET:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FileHippo.com:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\File Type Assistant:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\EA SPORTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Intuit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\AnswerWorks 4.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AVG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\AAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ie-spyad_zo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Download:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.010\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.009\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.008\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.007\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.006\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.005\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.004\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.003\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.002\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.001\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.000\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\SACore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\McAfee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\Canon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Administrative Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\PrivacIE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\SH3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\ProcAlyzer Dumps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\My Avast EasyPass Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Madden NFL 07:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\KOEI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\democracy2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Temp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\PCHealth:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Electronic Arts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Dell:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Blizzard Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\IECompatCache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\ZonedOut:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Runes_of_Magic_2.1.6.2049:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\New Hampshire Trip 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Adobe Reader 9 Installer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\RegistryKeys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\raidcall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\PingPlotter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Itibiti:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\FOG Downloader:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DriverCure:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DefaultTab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\AVG Secure Search:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Acreon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Default User\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\avast! EasyPass:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Desktop\CC Support:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\SpeedMaxPc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\RoboForm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\MFAData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\FreeApp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Common Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Blizzard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Battle.net:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Ask:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Config.Msi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\b90c13be94acef04c636:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\AMD:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#6
Essexboy
Posted 08 January 2013 - 08:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

When I got home from work I found that avast had done a full system scan. There was an error message saying that some files could not be scanned.

That is not a problem, generally it means that the file is password protected and Avast does not know the password. If they are bad then they will be detected and killed by the file shield as soon as they are opened

As for gaming programs not working I seem to be getting an Internet explorer active x error that states that an active x control on this page might be unsafe to interact with other parts of the page

Are we looking at online games here ?

OK lets now put to rest one way or the other the rootkit detection

.Download the GMER Rootkit Scanner. to your Desktop, it will be a randomly named .exe file .

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click the file you downloaded. The program will begin to run.
Posted Image

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#7
Ardant
Posted 08 January 2013 - 05:34 PM

Ardant

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
GMER report as requested.

As for the game yes this is an online game World of Tanks that has been causing me grief lately. If this is a game related issue then I will take it up with them. If it is an IE problem then I will have to sort it out. Just wanted to be sure this was not virus related.

Was the correction you got me to do a virus still on my computer or was it just fixing issues caused by the viruses I removed?

The computer seems to be working fine now with the exception of the WOT game. I just want to be sure all is good. I try my best to run Avast, Spybot, Malwarebytes, cc cleaner and wise registry cleaner regularly.

Please advise.




GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-08 18:24:06
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320620AS rev.3.ADG 298.09GB
Running: 0o9bw21z.exe; Driver: C:\DOCUME~1\JOHNRI~1\LOCALS~1\Temp\agtdapow.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAC27A4BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAC327C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAC27AED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAC2BC811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAC285FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAC285FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAC286176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAC2BC1C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAC285F16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAC286038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAC285F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAC27B11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAC286130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAC27B93E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAC27A508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAC2BCED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAC2BD18D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAC27F1C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAC2BCD42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAC2BCBAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC327CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAC27A170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAC27A556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAC27F534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAC27C3A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAC285FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAC286016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAC28619A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAC2BC521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAC285F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAC27EC3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAC2860BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAC285F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAC27EF14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAC286154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAC327E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAC2BCA28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAC27C272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAC2BC87A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAC27BDD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC3347D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAC2BB838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAC27A5A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAC27A5F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAC27B7BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAC27A1FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAC27A3AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAC2BCFDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAC27A350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAC27BAF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAC27BC54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAC27A41A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAC27B4D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAC27B636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xAC32641C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAC27A640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAC27AF1A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC340E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CAC327C
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, A5, 27, AC, F2, A5, 27, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, BA, 27, AC, 54, BC, 27, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL AC27CA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP AC33DCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP AC33F810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP AC340E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8D14000, 0x2A7064, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80991D 4 Bytes JMP AC280B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 4 Bytes JMP AC280A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 4 Bytes JMP AC2809F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 4 Bytes JMP AC2800A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 4 Bytes JMP AC27F7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 4 Bytes JMP AC280CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 4 Bytes JMP AC280EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP AC2808FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP AC27F688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP AC28016A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 4 Bytes JMP AC27FC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP AC27FEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 4 Bytes JMP AC27F670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 4 Bytes JMP AC280A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 4 Bytes JMP AC27FCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 4 Bytes JMP AC27FE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E66 4 Bytes JMP AC280182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF894410 4 Bytes JMP AC280BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EE8 4 Bytes JMP AC280E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C29E 4 Bytes JMP AC280090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D833 4 Bytes JMP AC27F834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP AC27F944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA15D 4 Bytes JMP AC27FA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP AC27FB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 4 Bytes JMP AC27F56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 4 Bytes JMP AC2800C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP AC27F760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914FD5 4 Bytes JMP AC27F8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP AC27FFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP AC280D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 2.0 ----

.text C:\Program Files\Java\jre7\bin\jqs.exe[236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[372] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Steam\Steam.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Steam\Steam.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Steam\Steam.exe[828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Steam\Steam.exe[828] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Steam\Steam.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01221014
.text C:\Program Files\Steam\Steam.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01220804
.text C:\Program Files\Steam\Steam.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01220A08
.text C:\Program Files\Steam\Steam.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01220C0C
.text C:\Program Files\Steam\Steam.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01220E10
.text C:\Program Files\Steam\Steam.exe[828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 012201F8
.text C:\Program Files\Steam\Steam.exe[828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 012203FC
.text C:\Program Files\Steam\Steam.exe[828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01220600
.text C:\Program Files\Steam\Steam.exe[828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01B70804
.text C:\Program Files\Steam\Steam.exe[828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01B70A08
.text C:\Program Files\Steam\Steam.exe[828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01B70600
.text C:\Program Files\Steam\Steam.exe[828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01B701F8
.text C:\Program Files\Steam\Steam.exe[828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01B703FC
.text C:\WINDOWS\system32\csrss.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[840] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[880] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D60804
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D60A08
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D60600
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D601F8
.text c:\program files\common files\installshield\updateservice\isuspm.exe[904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D603FC
.text C:\WINDOWS\system32\services.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\John Richardson\Desktop\0o9bw21z.exe[1048] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1296] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Xfire\Xfire.exe[1344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Xfire\Xfire.exe[1344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Xfire\Xfire.exe[1344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Xfire\Xfire.exe[1344] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 051DBBAD C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 051DB457 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Xfire\Xfire.exe[1344] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 051DADEE C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 051DAD3A C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 051DAC92 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 051DB5D4 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 051DB754 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 051DB517 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F40804
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!InvalidateRect 7E428FD5 5 Bytes JMP 051DAF68 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 051DABF6 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 051DB187 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 051DB238 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!RedrawWindow 7E429944 5 Bytes JMP 051DB2EC C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 051DB691 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!IsWindowVisible 7E429E3D 7 Bytes JMP 051DB8D7 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!SetFocus 7E42B112 5 Bytes JMP 051DAEB7 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 051DB0D6 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!InvalidateRgn 7E42CDFE 5 Bytes JMP 051DB01F C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 051DB805 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00F40A08
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 051DB3A6 C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00F40600
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00F401F8
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00F403FC
.text C:\Program Files\Xfire\Xfire.exe[1344] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 051DBAEA C:\Program Files\Xfire\xfire_toucan_45948.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00F31014
.text C:\Program Files\Xfire\Xfire.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00F30804
.text C:\Program Files\Xfire\Xfire.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00F30A08
.text C:\Program Files\Xfire\Xfire.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00F30C0C
.text C:\Program Files\Xfire\Xfire.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00F30E10
.text C:\Program Files\Xfire\Xfire.exe[1344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00F301F8
.text C:\Program Files\Xfire\Xfire.exe[1344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F303FC
.text C:\Program Files\Xfire\Xfire.exe[1344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00F30600
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1728] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1844] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2104] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B61014
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B60804
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B60A08
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B60C0C
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B60E10
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B601F8
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B603FC
.text C:\WINDOWS\system32\svchost.exe[2104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B60600
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2116] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A61014
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A60804
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A60A08
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A60C0C
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A60E10
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A601F8
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A603FC
.text C:\WINDOWS\system32\svchost.exe[2116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A60600
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03420804
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03420A08
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03420600
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 034201F8
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[2160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 034203FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B41014
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B40804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B40A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B40C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B40E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B401F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B403FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B40600
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\WINDOWS\RTHDCPL.EXE[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\WINDOWS\RTHDCPL.EXE[2632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\WINDOWS\RTHDCPL.EXE[2632] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 02981014
.text C:\WINDOWS\RTHDCPL.EXE[2632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 02980804
.text C:\WINDOWS\RTHDCPL.EXE[2632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 02980A08
.text C:\WINDOWS\RTHDCPL.EXE[2632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 02980C0C
.text C:\WINDOWS\RTHDCPL.EXE[2632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 02980E10
.text C:\WINDOWS\RTHDCPL.EXE[2632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 029801F8
.text C:\WINDOWS\RTHDCPL.EXE[2632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 029803FC
.text C:\WINDOWS\RTHDCPL.EXE[2632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 02980600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00F81014
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00F80804
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00F80A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00F80C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00F80E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00F801F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F803FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2648] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00F80600
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00F31014
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00F30804
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00F30A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00F30C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00F30E10
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00F301F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F303FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00F30600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CF0804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CF0A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] USER32.dll!SetWindowsHookExA 7E431211 3 Bytes JMP 00CF0600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] USER32.dll!SetWindowsHookExA + 4 7E431215 1 Byte [82]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] USER32.dll!SetWinEventHook 7E4317F7 3 Bytes JMP 00CF01F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] USER32.dll!SetWinEventHook + 4 7E4317FB 1 Byte [82]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00CF03FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D11014
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D10804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D10A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D10C0C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D10E10
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D101F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D103FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D10600
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[2764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\ctfmon.exe[2776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[2776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[2776] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009E1014
.text C:\WINDOWS\system32\ctfmon.exe[2776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009E0804
.text C:\WINDOWS\system32\ctfmon.exe[2776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009E0A08
.text C:\WINDOWS\system32\ctfmon.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009E0C0C
.text C:\WINDOWS\system32\ctfmon.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009E0E10
.text C:\WINDOWS\system32\ctfmon.exe[2776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009E01F8
.text C:\WINDOWS\system32\ctfmon.exe[2776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009E03FC
.text C:\WINDOWS\system32\ctfmon.exe[2776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009E0600
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E00804
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00E00A08
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00E00600
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00E001F8
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[2940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00E003FC
.text C:\WINDOWS\System32\alg.exe[2952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2952] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01990804
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01990A08
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01990600
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 019901F8
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 019903FC
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B71014
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B70804
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B70A08
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B70C0C
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B70E10
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B701F8
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B703FC
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B70600
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 052C0804
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 052C0A08
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 052C0600
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 052C01F8
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 052C03FC
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe[3024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01080804
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01080A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01080600
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 010801F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe[3196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 010803FC
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03B70804
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03B70A08
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03B70600
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 03B701F8
.text C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe[3384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 03B703FC
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01350804
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01350A08
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01350600
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 013501F8
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 013503FC
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01931014
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01930804
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01930A08
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01930C0C
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01930E10
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 019301F8
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 019303FC
.text C:\Program Files\SpywareGuard\sgmain.exe[3420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01930600
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01321014
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01320804
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01320A08
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01320C0C
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01320E10
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 013201F8
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 013203FC
.text C:\Program Files\SpywareGuard\sgbhp.exe[3560] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01320600
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 037A0804
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 037A0A08
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 037A0600
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 037A01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 037A03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 037A0804
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 037A0A08
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 037A0600
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 037A01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[3656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 037A03FC
.text C:\WINDOWS\Explorer.EXE[3732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[3732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[3732] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\Explorer.EXE[3732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\Explorer.EXE[3732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\Explorer.EXE[3732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\Explorer.EXE[3732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\Explorer.EXE[3732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\Explorer.EXE[3732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\Explorer.EXE[3732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\Explorer.EXE[3732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02750804
.text C:\WINDOWS\Explorer.EXE[3732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 02750A08
.text C:\WINDOWS\Explorer.EXE[3732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 02750600
.text C:\WINDOWS\Explorer.EXE[3732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 027501F8
.text C:\WINDOWS\Explorer.EXE[3732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 027503FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00CF1014
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00CF0804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00CF0A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00CF0C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00CF0E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00CF01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00CF03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00CF0600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012E0804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 012E0A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 012E0600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 012E01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[3912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 012E03FC

---- User IAT/EAT - GMER 2.0 ----

IAT C:\WINDOWS\system32\services.exe[924] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[924] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[2640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSiatq.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSfqcf.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSyiaq.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSrfhc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSehnv.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSboak.log

---- EOF - GMER 2.0 ----
  • 0

#8
Essexboy
Posted 09 January 2013 - 08:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK GMER has revealed a possible rootkit

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
Ardant
Posted 09 January 2013 - 05:15 PM

Ardant

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
Combofix report as requested


ComboFix 13-01-08.01 - John Richardson 09/01/2013 18:01:03.5.2 - x86 DSREPAIR
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2498 [GMT -5:00]
Running from: c:\documents and settings\John Richardson\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\016060e8-e1de-4d82-bd11-b667007b1f12.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\2390e056-e2db-44ed-91a5-5ca43aefea83.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\468d25c7-baa8-4db4-a17f-ceac895a9bc8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4f1c58d6-ca02-4906-b156-709481baca61.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\788ad19e-7745-402f-a5a5-20d2ab8b5f1b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ba58cab8-833c-4868-95e2-cff538a852a7.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bbd4d2b0-9dc6-46d0-a352-dbcd92f63c4d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d220b53c-6a3c-4b5d-8797-965d39e82fff.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ff24953d-0c6e-4af9-a727-84ce58c99035.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 07:19 . 2013-01-09 07:19 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CFA148CE-C485-4EC8-9335-89E2AA4A1A4F}\offreg.dll
2013-01-08 06:42 . 2012-11-19 06:04 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CFA148CE-C485-4EC8-9335-89E2AA4A1A4F}\mpengine.dll
2013-01-08 01:53 . 2013-01-08 03:32 -------- d-----w- c:\documents and settings\John Richardson\Application Data\FinalTorrent
2013-01-08 01:50 . 2013-01-08 01:50 -------- d-----w- c:\documents and settings\All Users\Uniblue
2013-01-08 01:48 . 2013-01-09 01:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2013-01-08 01:46 . 2013-01-08 01:56 -------- d-----w- c:\documents and settings\John Richardson\Local Settings\Application Data\FileTypeAssistant
2013-01-08 01:45 . 2013-01-08 01:45 -------- d-----w- c:\program files\Microsoft Silverlight
2013-01-08 01:45 . 2013-01-08 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2013-01-08 01:45 . 2013-01-08 01:45 -------- d-----w- c:\program files\FinalTorrent
2013-01-08 01:45 . 2013-01-08 02:05 -------- d-----w- c:\documents and settings\John Richardson\Application Data\Yahoo!
2013-01-08 01:45 . 2013-01-08 02:05 -------- d-----w- c:\program files\Yahoo!
2013-01-08 01:43 . 2013-01-08 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-01-07 23:55 . 2013-01-09 00:22 -------- d--ha-w- c:\windows\msdownld.tmp
2013-01-07 23:55 . 2013-01-09 02:36 -------- d---a-w- c:\windows\LastGood
2013-01-05 18:08 . 2012-11-19 06:04 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-05 18:08 . 2012-05-31 16:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 17:52 . 2013-01-05 17:54 -------- dc-ha-w- c:\windows\ie8
2013-01-05 17:12 . 2013-01-05 17:12 -------- d-----w- c:\program files\Windows Defender
2013-01-05 14:02 . 2013-01-05 14:04 -------- d-----w- c:\windows\system32\NtmsData
2013-01-05 00:18 . 2013-01-05 00:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wise Registry Cleaner
2013-01-03 23:22 . 2013-01-03 23:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire
2012-12-29 17:56 . 2012-12-29 17:56 -------- d-----w- c:\documents and settings\John Richardson\Application Data\RoboForm
2012-12-29 17:54 . 2012-12-29 17:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\RoboForm
2012-12-29 17:54 . 2012-12-29 17:54 -------- d---a-w- c:\program files\Siber Systems
2012-12-25 20:28 . 2012-12-25 20:28 -------- d-----w- c:\documents and settings\John Richardson\Local Settings\Application Data\2K Games
2012-12-25 20:28 . 2012-12-25 20:28 -------- d-----w- c:\program files\NVIDIA Corporation
2012-12-24 22:39 . 2012-12-24 22:39 -------- d-----w- c:\documents and settings\John Richardson\Local Settings\Application Data\THQ
2012-12-24 21:50 . 2012-12-24 21:50 -------- d-----w- c:\documents and settings\John Richardson\Application Data\Cobra Mobile
2012-12-24 20:13 . 2007-10-22 08:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2012-12-23 20:16 . 2012-12-23 20:16 -------- d-----w- c:\program files\Common Files\Adobe
2012-12-23 20:14 . 2012-12-23 20:14 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-23 20:04 . 2012-12-23 20:04 -------- d---a-w- c:\program files\Microsoft.NET
2012-12-22 13:47 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-22 13:47 . 2012-12-22 13:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-11 22:46 . 2012-12-11 22:46 42440 ----a-w- c:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 18:59 . 2012-04-05 01:15 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 18:59 . 2011-06-05 22:48 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 20:14 . 2008-02-26 00:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-23 20:14 . 2012-09-22 22:21 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-23 20:14 . 2011-10-28 22:44 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:23 . 2004-08-11 22:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-06-02 14:54 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-11 22:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2007-05-15 20:43 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-11 22:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-11 22:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-11 22:00 385024 ------w- c:\windows\system32\html.iec
2012-10-30 23:51 . 2012-10-16 23:30 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-10-16 23:30 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-10-16 23:30 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2012-10-16 23:30 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-10-16 23:30 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2012-10-16 23:30 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2012-10-16 23:30 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-10-16 23:30 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2012-10-16 23:29 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-10-16 23:29 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 05:36 . 2012-06-03 17:36 44 ---h--w- c:\program files\d81f0199.tmp
2012-12-07 23:32 . 2012-12-07 23:32 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-14 1103216]
"Akamai NetSession Interface"="c:\documents and settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-29 96056]
"Steam"="c:\program files\Steam\Steam.exe" [2012-12-23 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 196608]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2008-11-10 767]
.
c:\documents and settings\John Richardson\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-2 0]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-12-11 3558856]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe\0aswBoot.exe /A:* /A:C: /A:*STARTUP-SHORT /A:*STARTUP /L:1033 /heur:100 /RA:chest /pup /archives /IA:0 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MarbleStation"=c:\netmarbleglobal\MarbleStation\GlbMSLauncher.exe
"AVG PC Tuneup"="c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe" -UseTray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 07\\Updater.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"c:\\NetmarbleGlobal\\MarbleStation\\nmgDownloader\\nmgDownload.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\FEAR2\\FEAR2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\John Richardson\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
"c:\\Program Files\\Diablo III\\Diablo III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\king's bounty - the legend\\kb.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\king's bounty - the legend\\save_fixer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\kings bounty armored princess\\kb.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\kings bounty crossworlds\\kb.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1544\\Agent.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dungeon siege iii\\Dungeon Siege III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Democracy 2 Demo\\Democracy2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Carrier Command Gaea Mission demo\\carrier_demo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\iBomber Attack Demo\\iBomberAttackDemo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\naval war arctic circle\\NWAC.exe"=
"c:\\Documents and Settings\\John Richardson\\Local Settings\\Apps\\2.0\\RCMH2E3C.XKX\\N6C0O9YD.PBO\\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\\CurseClient.exe"=
"c:\\Program Files\\FinalTorrent\\FinalTorrent.EXE"=
"c:\\Program Files\\FinalTorrent\\FTCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\tsassist.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Mafia II\\pc\\mafia2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58199:TCP"= 58199:TCP:Pando Media Booster
"58199:UDP"= 58199:UDP:Pando Media Booster
"59153:TCP"= 59153:TCP:Pando Media Booster
"59153:UDP"= 59153:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/10/2012 6:30 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/10/2012 6:30 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/10/2012 6:30 PM 21256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [22/12/2012 8:47 AM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [22/12/2012 8:47 AM 1369624]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 7:19 PM 13592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [23/09/2012 9:53 AM 103040]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/08/2004 5:00 PM 14336]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [22/12/2012 8:47 AM 168384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [04/09/2012 12:54 AM 22640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 18:59]
.
2013-01-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-16 23:50]
.
2013-01-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-22 19:08]
.
2013-01-09 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2013-01-08 19:24]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-16 23:30]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-16 23:30]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005Core.job
- c:\documents and settings\John Richardson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-10 13:47]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879840139-2802958703-907680667-1005UA.job
- c:\documents and settings\John Richardson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-10 13:47]
.
2013-01-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2012-12-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-09-19 03:48]
.
2013-01-09 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\program files\File Type Assistant\TSASetup.exe [2013-01-08 15:15]
.
2013-01-09 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2011-03-27 18:51]
.
2013-01-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-22 19:07]
.
2012-12-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-22 19:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: worldoftanks.com
TCP: DhcpNameServer = 64.71.255.198
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath - c:\documents and settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - ExtSQL: 2012-12-29 12:54; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 18:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-879840139-2802958703-907680667-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,5f,aa,30,64,48,a5,e2,9f,c3,01,ee,47,f7,9e,7e,11,7d,de,3f,53,e3,61,
65,b7,0a,a4,67,96,3d,f0,d2,33,47,2f,b8,2d,b6,f7,26,49,ca,63,67,c0,74,0f,5b,\
"??"=hex:af,4b,db,31,8c,18,8b,1f,0f,e7,56,55,e3,4a,d7,19
.
[HKEY_USERS\S-1-5-21-879840139-2802958703-907680667-1005\Software\SecuROM\License information*]
"datasecu"=hex:79,3e,8d,fc,be,fb,61,b0,6d,87,b2,94,0d,99,ea,c1,09,89,90,16,35,
eb,c5,40,6c,5e,13,b8,a8,26,42,9a,f9,df,36,c4,46,b3,69,ce,a3,60,e4,b5,48,4f,\
"rkeysecu"=hex:a3,57,c4,0d,f8,95,92,51,5f,05,99,76,7c,43,56,19
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2013-01-09 18:10:48
ComboFix-quarantined-files.txt 2013-01-09 23:10
.
Pre-Run: 72,272,564,224 bytes free
Post-Run: 72,300,195,840 bytes free
.
- - End Of File - - 0563434C9473FBFAE06CEED30E282802
  • 0

#10
Essexboy
Posted 10 January 2013 - 08:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks OK now.. How is the computer behaving ?

I am getting email notifications on a seperate email address advising that my Diablo 3 account has been compromised despite that email account is not attached to that game.

You may need to change the e-mail associated with that account and change all passwords
  • 0

#11
Ardant
Posted 10 January 2013 - 05:46 PM

Ardant

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
The computer seems to be working fine. Even World of Tanks is now functioning. As for the Diablo 3 account the email address that I keep getting the notifications on are not associated with this game. It is actually my work email account. Very strange but I will continue to monitor it.

Thank you for all your help.
  • 0

#12
Essexboy
Posted 11 January 2013 - 06:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The rootkit was inactive data from an old infection

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
Essexboy
Posted 15 January 2013 - 02:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP