TechSpot

Several icky viruses :(

By hecter
Apr 15, 2012
  1. Here's what's been going on, logs are too follow. A while back (I've been putting this off for too long now) I found myself infected with a god awful virus. One of those stupid "System Check" viruses that won't allow you to do much of anything and open up a million windows and purchase their "software" so they can steal your credit card info. I was able to manually get rid of it, with the help of Avast!, but I'm 99.999% certain that it wasn't the only thing to infect my computer. While that one no longer troubles me, when ever I open up a google search result it redirects me to some scammy webpage. Everytime. And Avast! notifications keep popping up telling me it blocked a malicious link from openning when I'm not browsing the internet. I also suffer from intermittent and severe latency issues with playing games (it's impossible to play a game with 10000 ping). Things like that. Soo... The help of your volounteers is GREATLY appreciated, and here are the logs I promised.


    MalwareBytes

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.15.07

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Isaac :: ISAAC-PC [administrator]

    15/04/2012 5:52:38 PM
    mbam-log-2012-04-15 (17-52-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 248400
    Time elapsed: 8 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-15 18:43:26
    Windows 6.1.7600
    Running: nhjy3g14.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xBE 0x40 0x21 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x80 0x9F 0xCC 0x8D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x05 0x09 0x29 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8D 0xBE 0x40 0x21 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x80 0x9F 0xCC 0x8D ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x05 0x09 0x29 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Isaac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8U5BAKPA\down[1] 748 bytes

    ---- EOF - GMER 1.0.15 ----
     
  2. hecter

    hecter TS Rookie Topic Starter Posts: 20

    DDS - DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Isaac at 18:45:48 on 2012-04-15
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.4094.1720 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\3RVX\3RVX.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
    C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Razer\Salmosa\razerofa.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wuauclt.exe
    F:\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe
    uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    Continued in next post...
     
  3. hecter

    hecter TS Rookie Topic Starter Posts: 20

    Continued from previous post...

    StartupFolder: C:\Users\Isaac\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{18C2F0EC-F530-4EAE-BCC6-62CF2075236A} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{EEAA385F-9116-47D2-93ED-101724924ABC} : DhcpNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 0.0.0.0 localhost
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
    FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - component: C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
    FF - component: C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\screencaptureelite@plugin\platform\WINNT_x86-msvc\components\SCEFF3Client.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-24 44768]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 salmosa;Razer Salmosa;C:\Windows\system32\drivers\salmosa.sys --> C:\Windows\system32\drivers\salmosa.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .

    Continued in next post...
     
  4. hecter

    hecter TS Rookie Topic Starter Posts: 20

    Continued from previous post...

    =============== Created Last 30 ================
    .
    2012-04-15 21:51:40 -------- d-----w- C:\Users\Isaac\AppData\Roaming\Malwarebytes
    2012-04-15 21:51:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-15 21:51:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-15 21:51:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-11 01:24:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-11 01:24:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-11 01:20:46 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-11 01:20:46 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-11 01:20:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-11 01:20:43 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-11 01:20:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-11 01:20:43 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-11 01:20:41 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-07 03:19:58 -------- d-----w- C:\Users\Isaac\AppData\Roaming\.minecraft
    2012-03-26 22:45:36 -------- d-----w- C:\Windows\SysWow64\Adobe
    2012-03-24 14:31:35 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-03-24 14:31:32 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-03-24 14:31:28 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-03-24 14:31:07 41184 ----a-w- C:\Windows\avastSS.scr
    2012-03-24 14:30:59 -------- d-----w- C:\ProgramData\AVAST Software
    2012-03-24 14:30:59 -------- d-----w- C:\Program Files\AVAST Software
    2012-03-24 14:22:54 98816 ----a-w- C:\Windows\sed.exe
    2012-03-24 14:22:54 518144 ----a-w- C:\Windows\SWREG.exe
    2012-03-24 14:22:54 256000 ----a-w- C:\Windows\PEV.exe
    2012-03-24 14:22:54 208896 ----a-w- C:\Windows\MBR.exe
    2012-03-24 14:21:40 -------- d-s---w- C:\ComboFix
    2012-03-22 00:39:20 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-22 00:39:20 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    .
    ==================== Find3M ====================
    .
    2012-04-07 03:27:41 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-19 15:45:30 525544 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-02-18 14:31:48 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 18:54:01.00 ===============

    I was reading the log and I would like to say that (when looking at the "Created last 30..." section) that it was around the time that these were created that my troubles started:
    2012-03-22 00:39:20 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-22 00:39:20 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
     
  5. hecter

    hecter TS Rookie Topic Starter Posts: 20

    DDS - Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 30/04/2010 2:18:08 PM
    System Uptime: 15/04/2012 9:14:45 AM (9 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A87TD/USB3
    Processor: AMD Phenom(tm) II X2 555 Processor | AM3 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 144 GiB total, 35.783 GiB free.
    D: is FIXED (NTFS) - 245 GiB total, 23.394 GiB free.
    E: is FIXED (NTFS) - 316 GiB total, 40.389 GiB free.
    F: is FIXED (NTFS) - 322 GiB total, 62.817 GiB free.
    G: is FIXED (NTFS) - 144 GiB total, 30.293 GiB free.
    H: is CDROM ()
    M: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Universal Serial Bus (USB) Controller
    Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\FFFFFFFFFFFFFFFF00
    Manufacturer:
    Name: Universal Serial Bus (USB) Controller
    PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\FFFFFFFFFFFFFFFF00
    Service:
    .
    Class GUID:
    Description: Ethernet Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\01000000684CE00000
    Manufacturer:
    Name: Ethernet Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\01000000684CE00000
    Service:
    .
    Class GUID:
    Description: pcouffin device ...
    Device ID: ROOT\PCOUFFIN\0000
    Manufacturer:
    Name: pcouffin device ...
    PNP Device ID: ROOT\PCOUFFIN\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP246: 31/03/2012 12:12:52 PM - Scheduled Checkpoint
    RP247: 06/04/2012 11:25:55 PM - Installed Java(TM) 6 Update 31
    RP248: 10/04/2012 9:20:16 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    3RVX
    Acrobat.com
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 10 ActiveX
    Adobe Media Player
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.6
    Adventure Tools
    AI War: Fleet Command
    And Yet It Moves
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    Atom Zombie Smasher
    µTorrent
    Audiosurf Beta
    avast! Free Antivirus
    Batman: Arkham Asylum GOTY Edition
    Beat Hazard
    BIT.TRIP BEAT
    Blur
    CamStudio
    CDex extraction audio
    Character Builder
    Chime
    Cities XL 2012
    Competition Arena
    Crystal Reports for Visual Studio
    Defense Grid: The Awakening
    Dig-N-Rig version 1.0
    DisplayFusion
    DisplayFusion 3.1.6
    DOOM II: Hell on Earth
    Dotfuscator Software Services - Community Edition
    Dropbox
    Dungeons and Dragons Anthology: The Master Collection
    DVD Decrypter (Remove Only)
    DVDFab 7.0.7.0 (08/06/2010)
    EA Download Manager
    EA Download Manager UI
    Fallout New Vegas
    Far Cry
    Fiddler2 (remove only)
    Final DOOM
    FLAC 1.2.1b (remove only)
    foobar2000 v1.1.7
    Galactic Magnate v1.2
    Garry's Mod
    Glary Utilities 2.27.0.982
    GridRunner Revolution
    Hacker Evolution
    Hammerfight
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    ImgBurn
    Java 3D 1.5.1
    Java Auto Updater
    Java(TM) 6 Update 31
    K-Lite Codec Pack 3.9.0 Full
    Killing Floor
    League of Legends
    Linksys Wireless-N PCI Adapter WMP300N Driver - WMP300Nv1.1
    Malwarebytes Anti-Malware version 1.61.0.1400
    MapleStory
    Mass Effect
    Mass Effect 2
    Master Levels for DOOM II
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Choice Guard
    Microsoft Flight
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio Macro Tools
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MilkDrop for Winamp 2x (remove only)
    Mount & Blade: Warband
    Mount&Blade Warband
    Mozilla Firefox 11.0 (x86 en-GB)
    MSVCRT
    NCsoft Launcher
    Nexon Game Manager
    Notepad++
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Oblivion
    OpenAL
    OpenOffice.org 3.2
    Pando Media Booster
    PDF Settings CS5
    PDFCreator
    Platform
    Portal 2
    Post Apocalyptic Mayhem
    ProtoGalaxy
    PxMergeModule
    Quake
    QuantZ
    QuickTime
    Racket v5.0.1
    Razer Lachesis 5600
    Razer Salmosa
    Rhythm Zone
    Roleplaying City Map Generator 5.40
    RTEQ v4.10
    Saints Row 2
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Sid Meier's Civilization IV
    Sid Meier's Civilization IV: Beyond the Sword
    Sid Meier's Civilization IV: Warlords
    Skype Toolbars
    Skype™ 4.2
    Star Ruler
    Star Wars: Knights of the Old Republic
    StarCraft II
    Steam
    Super Meat Boy
    swMSM
    Sword of the Stars Complete Collection
    System Protocol One
    System Requirements Lab
    The Elder Scrolls IV: Oblivion
    The Ultimate DOOM
    Turba
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
    Uplink
    VIA Platform Device Manager
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Voice Shaper 0.93
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Upload Tool
    .

    Continued in next post...
     
  6. hecter

    hecter TS Rookie Topic Starter Posts: 20

    Continued from previous post...


    ==== Event Viewer Messages From Past Week ========
    .
    15/04/2012 9:51:59 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
    15/04/2012 9:35:52 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
    15/04/2012 5:05:02 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    11/04/2012 9:11:01 PM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
    11/04/2012 6:53:41 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    11/04/2012 5:39:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
    11/04/2012 5:39:41 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/04/2012 9:20:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    09/04/2012 3:55:54 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  8. hecter

    hecter TS Rookie Topic Starter Posts: 20

    I am unable to run the Avast! software, aswMBR.exe. When I try, making sure it's set to run as admin, it just does nothing.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Proceed with Bootkit Remover.
     
  10. hecter

    hecter TS Rookie Topic Starter Posts: 20

    Okey doke. I just wanna make sure I don't mess anything up by doing it out of order.

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`7098f400

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  11. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  12. hecter

    hecter TS Rookie Topic Starter Posts: 20

    Same issue as before, when I try to run TDSSKiller.exe, making sure to run as admin, nothing happens. I see it pop up and then immediately disappear in my task manager. I don't know what's wrong, why I can't run this software, sorry :(
     
  13. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  14. hecter

    hecter TS Rookie Topic Starter Posts: 20

    List BCD was NOT checked. I did NOT click fix afterwards.

    ListParts by Farbar Version: 12-03-2012 03
    Ran by Isaac (administrator) on 17-04-2012 at 19:39:33
    Windows 7 (X64)
    Running From: C:\Users\Isaac\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 52%
    Total physical RAM: 4094.18 MB
    Available physical RAM: 1937.09 MB
    Total Pagefile: 8186.5 MB
    Available Pagefile: 5466.79 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:144.3 GB) (Free:35.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Downloads) (Fixed) (Total:245.06 GB) (Free:23.39 GB) NTFS
    3 Drive e: (Music) (Fixed) (Total:316.41 GB) (Free:40.39 GB) NTFS
    4 Drive f: (New Volume) (Fixed) (Total:322.26 GB) (Free:62.81 GB) NTFS
    5 Drive g: (DATA) (Fixed) (Total:144.02 GB) (Free:30.29 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 931 GB 3072 KB

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 9 GB 31 KB
    Partition 2 Primary 144 GB 9 GB
    Partition 3 Primary 144 GB 154 GB
    Partition 4 Primary 1089 KB 298 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 12
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 144 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G DATA NTFS Partition 144 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 912 GB 31 KB
    Partition 2 Logical 7993 MB 63 KB
    Partition 3 Logical 20 GB 7993 MB
    Partition 4 Logical 245 GB 28 GB
    Partition 5 Logical 316 GB 273 GB
    Partition 6 Logical 322 GB 589 GB
    Partition 7 Logical 956 MB 911 GB
    Partition 1 Primary 18 GB 912 GB

    ======================================================================================================

    Disk: 1
    Partition 2
    Type : 83
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 1
    Partition 3
    Type : 83
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 1
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D Downloads NTFS Partition 245 GB Healthy

    ======================================================================================================

    Disk: 1
    Partition 5
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 E Music NTFS Partition 316 GB Healthy

    ======================================================================================================

    Disk: 1
    Partition 6
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 F New Volume NTFS Partition 322 GB Healthy

    ======================================================================================================

    Disk: 1
    Partition 7
    Type : 82
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 83
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    ======================================================================================================

    ****** End Of Log ******
     
  15. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    It looks like we have rootkited partition there.

    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Click Menu then Terminal Emulator
    • Type parted /dev/sda set 2 boot on
    • Press Enter
    • Type parted /dev/sda rm 4
    • Press Enter
    • Remove xPUD CD, reboot, run aswMBR and post the log
     
  16. hecter

    hecter TS Rookie Topic Starter Posts: 20

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-18 13:51:07
    -----------------------------
    13:51:07.228 OS Version: Windows x64 6.1.7600
    13:51:07.228 Number of processors: 2 586 0x403
    13:51:07.229 ComputerName: ISAAC-PC UserName: Isaac
    13:51:07.819 Initialize success
    13:51:07.947 AVAST engine defs: 12041801
    13:51:16.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    13:51:16.752 Disk 0 Vendor: Hitachi_HDT725032VLA380 V54OA73A Size: 305245MB BusType: 3
    13:51:16.754 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
    13:51:16.756 Disk 1 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
    13:51:16.774 Disk 0 MBR read successfully
    13:51:16.776 Disk 0 MBR scan
    13:51:16.797 Disk 0 Windows 7 default MBR code
    13:51:16.799 Disk 0 Partition 1 00 12 Compaq diag NTFS 9993 MB offset 63
    13:51:16.809 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147761 MB offset 20466810
    13:51:16.837 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147479 MB offset 323083215
    13:51:16.869 Disk 0 scanning C:\Windows\system32\drivers
    13:51:28.911 Service scanning
    13:51:45.306 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    13:51:51.150 Modules scanning
    13:51:51.156 Disk 0 trace - called modules:
    13:51:51.170 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004b532c0]<<spzs.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    13:51:51.174 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e62060]
    13:51:51.177 3 CLASSPNP.SYS[fffff88000dbd43f] -> nt!IofCallDriver -> [0xfffffa8004cefdb0]
    13:51:51.180 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004d14680]
    13:51:51.184 \Driver\atapi[0xfffffa8004cd0560] -> IRP_MJ_CREATE -> 0xfffffa8004b532c0
    13:51:51.490 AVAST engine scan C:\Windows
    13:51:53.361 AVAST engine scan C:\Windows\system32
    13:55:49.047 AVAST engine scan C:\Windows\system32\drivers
    13:56:10.891 AVAST engine scan C:\Users\Isaac
    14:05:17.741 AVAST engine scan C:\ProgramData
    14:09:39.486 Scan finished successfully
    14:09:56.581 Disk 0 MBR has been saved successfully to "C:\Users\Isaac\Desktop\MBR.dat"
    14:09:56.584 The log file has been saved successfully to "C:\Users\Isaac\Desktop\aswMBR.txt"
     
  17. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Good job :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  18. hecter

    hecter TS Rookie Topic Starter Posts: 20

    Wheh, that took a while...

    ComboFix 12-04-18.02 - Isaac 18/04/2012 17:19:30.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.4094.2557 [GMT -4:00]
    Running from: c:\users\Isaac\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~lIC3p4QcYcLBCo
    c:\programdata\~lIC3p4QcYcLBCor
    c:\users\Isaac\AppData\Local\assembly\tmp
    c:\users\Isaac\AppData\Roaming\inst.exe
    c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
    c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    D:\install.exe
    F:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-18 21:29 . 2012-04-18 21:29 -------- d-----w- c:\users\Sona\AppData\Local\temp
    2012-04-18 21:29 . 2012-04-18 21:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-04-18 21:29 . 2012-04-18 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-15 21:51 . 2012-04-15 21:51 -------- d-----w- c:\users\Isaac\AppData\Roaming\Malwarebytes
    2012-04-15 21:51 . 2012-04-15 21:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-15 21:51 . 2012-04-15 21:51 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-11 01:24 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-04-11 01:24 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-04-11 01:20 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-11 01:20 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-11 01:20 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-11 01:20 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-11 01:20 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-11 01:20 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-11 01:20 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-07 03:28 . 2012-04-07 03:28 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-04-07 03:19 . 2012-04-07 22:10 -------- d-----w- c:\users\Isaac\AppData\Roaming\.minecraft
    2012-03-26 22:45 . 2012-03-26 22:45 -------- d-----w- c:\windows\SysWow64\Adobe
    2012-03-24 14:31 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-24 14:31 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-24 14:31 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-24 14:31 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-24 14:31 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-24 14:31 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-24 14:31 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-24 14:31 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-24 14:31 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-24 14:30 . 2012-03-24 14:30 -------- d-----w- c:\programdata\AVAST Software
    2012-03-24 14:30 . 2012-03-24 14:30 -------- d-----w- c:\program files\AVAST Software
    2012-03-22 00:39 . 2012-03-22 00:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-22 00:39 . 2012-03-22 00:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-07 03:27 . 2010-05-15 17:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-16 02:58 . 2010-05-31 00:14 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-03-08 03:29 . 2012-03-08 03:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-08 03:29 . 2012-03-08 03:29 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-03-08 03:29 . 2012-03-08 03:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-03-08 03:29 . 2012-03-08 03:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-08 03:29 . 2012-03-08 03:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-03-08 03:29 . 2012-03-08 03:29 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-03-08 03:29 . 2012-03-08 03:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-03-08 03:29 . 2012-03-08 03:29 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-03-08 03:29 . 2012-03-08 03:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-03-08 03:29 . 2012-03-08 03:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-03-08 03:29 . 2012-03-08 03:29 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-03-08 03:29 . 2012-03-08 03:29 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-03-08 03:29 . 2012-03-08 03:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-03-08 03:29 . 2012-03-08 03:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-03-08 03:29 . 2012-03-08 03:29 448512 ----a-w- c:\windows\system32\html.iec
    2012-03-08 03:29 . 2012-03-08 03:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-03-08 03:29 . 2012-03-08 03:29 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-03-08 03:29 . 2012-03-08 03:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-03-08 03:29 . 2012-03-08 03:29 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-08 03:29 . 2012-03-08 03:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-03-08 03:29 . 2012-03-08 03:29 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-03-08 03:29 . 2012-03-08 03:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-03-08 03:29 . 2012-03-08 03:29 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-03-08 03:29 . 2012-03-08 03:29 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-03-08 03:29 . 2012-03-08 03:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-03-08 03:29 . 2012-03-08 03:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-03-08 03:29 . 2012-03-08 03:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-03-08 03:29 . 2012-03-08 03:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-03-08 03:29 . 2012-03-08 03:29 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-03-08 03:29 . 2012-03-08 03:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-03-08 03:29 . 2012-03-08 03:29 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-03-08 03:29 . 2012-03-08 03:29 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-03-08 03:29 . 2012-03-08 03:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-03-08 03:29 . 2012-03-08 03:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-02-19 15:45 . 2012-02-19 15:45 525544 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-18 14:31 . 2011-09-02 21:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 06:27 . 2012-03-13 22:28 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-15 05:44 . 2012-03-13 22:28 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-15 04:47 . 2012-03-13 22:28 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-15 04:46 . 2012-03-13 22:28 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-10 06:18 . 2012-03-14 00:51 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 06:17 . 2012-03-14 00:51 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-02-10 06:17 . 2012-03-14 00:51 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-02-10 06:17 . 2012-03-14 00:51 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-02-10 06:17 . 2012-03-14 00:51 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-02-10 05:41 . 2012-03-14 00:51 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-10 05:41 . 2012-03-14 00:51 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-02-10 05:41 . 2012-03-14 00:51 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-02-10 05:41 . 2012-03-14 00:51 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-02-10 05:41 . 2012-03-14 00:51 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-02-03 04:16 . 2012-03-14 00:51 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-01-25 06:27 . 2012-03-13 22:28 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 06:27 . 2012-03-13 22:28 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 06:20 . 2012-03-13 22:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [-] 2010-05-05 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
    .
    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [-] 2010-05-05 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
    [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "3RVX"="c:\program files (x86)\3RVX\3RVX.exe" [2008-10-14 159232]
    "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
    "Salmosa"="c:\program files (x86)\Razer\Salmosa\razerhid.exe" [2008-08-21 139264]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Razer Lachesis Driver"="c:\program files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe" [2011-03-09 837008]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\Sona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
    .
    c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\DriftCity\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-18 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2010-06-05 15:21]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ---ha-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ---ha-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ---ha-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ---ha-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1088601224-828624667-1065783094-1000\Software\SecuROM\License information*]
    "datasecu"=hex:5f,13,0a,5a,c7,fa,58,51,bf,65,a8,c4,53,e0,14,23,87,fa,38,8b,df,
    30,ec,31,e5,01,cc,62,16,01,64,27,1d,7b,6e,41,c2,3c,2a,dd,ef,4a,23,94,70,c8,\
    "rkeysecu"=hex:91,7b,83,88,d1,d9,46,e4,06,9c,17,63,f8,ba,23,47
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Razer\Salmosa\razerofa.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-18 18:32:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-18 22:32
    .
    Pre-Run: 37,500,346,368 bytes free
    Post-Run: 36,934,418,432 bytes free
    .
    - - End Of File - - 43C78CAB0CC7B40FFAC997A3A4423124
     
  19. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.


    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    user32.dll
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. hecter

    hecter TS Rookie Topic Starter Posts: 20

    Computer has been doing great :D I can safely google things now, and my ping in games is back to normal (just the occasional spike, which is to be expected, really). Here's OTL.txt and Extras.txt, in that order.

    OTL logfile created on: 18/04/2012 8:06:52 PM - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Isaac\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 43.47% Memory free
    7.99 Gb Paging File | 5.11 Gb Available in Paging File | 63.90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 144.30 Gb Total Space | 34.47 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
    Drive D: | 245.06 Gb Total Space | 23.40 Gb Free Space | 9.55% Space Free | Partition Type: NTFS
    Drive E: | 316.41 Gb Total Space | 40.39 Gb Free Space | 12.76% Space Free | Partition Type: NTFS
    Drive F: | 322.26 Gb Total Space | 62.82 Gb Free Space | 19.49% Space Free | Partition Type: NTFS
    Drive G: | 144.02 Gb Total Space | 30.29 Gb Free Space | 21.03% Space Free | Partition Type: NTFS

    Computer Name: ISAAC-PC | User Name: Isaac | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/18 20:06:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Isaac\Desktop\OTL.exe
    PRC - [2012/03/21 20:39:20 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/03/21 17:56:01 | 000,071,464 | ---- | M] (Valve Corporation) -- F:\Steam\GameOverlayUI.exe
    PRC - [2012/03/21 17:56:00 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/02/17 19:23:46 | 002,592,768 | ---- | M] () -- C:\Riot Games\League Of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
    PRC - [2012/02/17 19:22:46 | 001,294,336 | ---- | M] () -- C:\Riot Games\League Of Legends\RADS\system\rads_user_kernel.exe
    PRC - [2011/08/11 14:37:56 | 001,242,448 | ---- | M] (Valve Corporation) -- F:\Steam\Steam.exe
    PRC - [2011/06/05 05:16:20 | 002,011,136 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
    PRC - [2011/02/02 11:25:33 | 002,984,856 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    PRC - [2010/09/08 17:56:04 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League Of Legends\RADS\projects\lol_air_client\releases\0.0.0.136\deploy\LolClient.exe
    PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2008/08/21 16:28:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
    PRC - [2008/08/15 15:20:18 | 000,151,552 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Salmosa\razerofa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/18 14:15:46 | 004,770,176 | ---- | M] () -- C:\Riot Games\League Of Legends\RADS\projects\lol_air_client\releases\0.0.0.136\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
    MOD - [2012/03/21 20:39:19 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/03/21 17:56:00 | 020,297,512 | ---- | M] () -- F:\Steam\bin\libcef.dll
    MOD - [2012/03/21 17:56:00 | 001,099,576 | ---- | M] () -- F:\Steam\bin\avcodec-53.dll
    MOD - [2012/03/21 17:56:00 | 000,907,048 | ---- | M] () -- F:\Steam\bin\chromehtml.dll
    MOD - [2012/03/21 17:56:00 | 000,190,776 | ---- | M] () -- F:\Steam\bin\avformat-53.dll
    MOD - [2012/03/21 17:56:00 | 000,123,192 | ---- | M] () -- F:\Steam\bin\avutil-51.dll
    MOD - [2012/02/18 10:31:48 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2012/02/17 19:23:46 | 002,592,768 | ---- | M] () -- C:\Riot Games\League Of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
    MOD - [2012/02/17 19:22:46 | 001,294,336 | ---- | M] () -- C:\Riot Games\League Of Legends\RADS\system\rads_user_kernel.exe
    MOD - [2012/02/13 21:17:05 | 000,225,280 | ---- | M] () -- C:\Users\Isaac\AppData\Roaming\foobar2000\user-components\foo_controlserver\foo_controlserver.dll
    MOD - [2012/02/13 20:18:02 | 000,242,176 | ---- | M] () -- C:\Users\Isaac\AppData\Roaming\foobar2000\user-components\foo_vis_shpeck\foo_vis_shpeck.dll
    MOD - [2012/02/05 11:15:07 | 001,466,368 | ---- | M] () -- C:\Users\Isaac\AppData\Roaming\foobar2000\user-components\foo_upnp\foo_upnp.dll
    MOD - [2011/09/18 20:14:25 | 000,253,952 | ---- | M] () -- C:\Users\Isaac\AppData\Roaming\foobar2000\user-components\foo_verifier\foo_verifier.dll
    MOD - [2011/06/05 05:16:20 | 002,011,136 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
    MOD - [2011/06/05 05:14:24 | 001,128,960 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
    MOD - [2011/06/05 05:14:24 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
    MOD - [2011/06/05 05:14:22 | 000,275,456 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
    MOD - [2011/06/05 05:14:20 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
    MOD - [2011/06/05 05:13:58 | 001,431,040 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
    MOD - [2011/06/05 05:13:54 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
    MOD - [2011/06/05 05:13:50 | 000,479,744 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
    MOD - [2011/06/05 05:13:24 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
    MOD - [2011/06/05 05:13:14 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
    MOD - [2011/06/05 05:13:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
    MOD - [2011/06/05 05:12:42 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
    MOD - [2011/02/02 11:25:33 | 002,984,856 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    MOD - [2010/11/30 14:43:14 | 000,440,320 | ---- | M] () -- C:\Program Files (x86)\foobar2000\Winamp\plugins\vis_milk2.dll
    MOD - [2010/03/14 14:51:58 | 000,077,876 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
    MOD - [2008/08/21 16:28:44 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Salmosa\razerhid.exe
    MOD - [2007/03/18 01:00:00 | 000,036,864 | ---- | M] () -- C:\Users\Isaac\AppData\Roaming\foobar2000\user-components\foo_cmd_playlist\foo_cmd_playlist.dll
    MOD - [2007/01/22 14:05:12 | 000,263,680 | ---- | M] () -- C:\Users\Isaac\AppData\Roaming\foobar2000\user-components\foo_playlist_manager\foo_playlist_manager.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/03/21 17:56:00 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2010/05/08 20:43:28 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/03/02 19:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/12/11 19:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/03/20 17:59:00 | 000,011,904 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\salmosa.sys -- (salmosa)
    DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
    IE - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 7C AF 1A 1C 1C CD 01 [binary data]
    IE - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.openintab: true
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
    FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
    FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.87
    FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.5
    FF - prefs.js..extensions.enabledItems: fastprevnext@tn123.ath.cx:5
    FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.5
    FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.7
    FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
    FF - prefs.js..extensions.enabledItems: {f2e5baa8-0711-4113-830c-1b3debd6f2a5}:0.2.0
    FF - prefs.js..extensions.enabledItems: custombuttons@xsms.org:0.0.5.3
    FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:2.0.0.20
    FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
    FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.02
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
    FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1
    FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:4.0.2011021601
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
    FF - prefs.js..extensions.enabledItems: {0dd39226-2650-404d-a43d-ffd906b35a9e}:0.2.3
    FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
    FF - prefs.js..extensions.enabledItems: {1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}:0.6.3
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: showmemore@suskind:1.3
    FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
    FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
    FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/23 13:34:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/24 10:31:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/21 20:39:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/29 09:40:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011/02/02 11:11:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2011/02/02 11:11:34 | 000,000,000 | ---D | M]

    [2011/01/13 20:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Extensions
    [2010/06/16 20:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/01/13 20:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
    [2012/04/12 19:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions
    [2010/05/01 10:15:22 | 000,000,000 | ---D | M] (Clear Private Data... +) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{0dd39226-2650-404d-a43d-ffd906b35a9e}
    [2012/03/16 18:17:05 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    [2010/07/17 08:25:59 | 000,000,000 | ---D | M] (Googlepedia) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}
    [2011/04/14 10:34:43 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
    [2011/02/17 11:03:35 | 000,000,000 | ---D | M] ("Text Link") -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
    [2010/05/01 10:15:22 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
    [2011/01/06 23:12:50 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2012/03/01 20:03:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/03/27 20:59:25 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    [2010/05/01 10:15:23 | 000,000,000 | ---D | M] (Tooltip Plus) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\{f2e5baa8-0711-4113-830c-1b3debd6f2a5}
    [2011/08/11 16:01:57 | 000,000,000 | ---D | M] (Custom Buttons) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\custombuttons@xsms.org
    [2011/03/17 10:11:41 | 000,000,000 | ---D | M] (FastPrevNext) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\fastprevnext@tn123.ath.cx
    [2011/03/12 22:16:45 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\personas@christopher.beard
    [2011/12/31 12:42:30 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\screencaptureelite@plugin
    [2011/02/16 11:09:05 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\fi4aj8h7.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com
    [2011/01/13 20:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Sunbird\Profiles\kg7hho2c.default\extensions
    [2012/04/06 23:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/10/07 08:15:44 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/04/06 23:28:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{3E9BB2A7-62CA-4EFA-A4E6-F6F6168A652D}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{DAF44BF7-A45E-4450-979C-91CF07434C3D}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\LONGURLPLEASE@DARRAGH.CURRAN.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\SHOWMEMORE@SUSKIND.XPI
    () (No name found) -- C:\USERS\ISAAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FI4AJ8H7.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
    [2012/03/21 20:39:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
    [2012/04/06 23:27:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/12 11:55:30 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/02/12 11:55:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/02/12 11:55:30 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/02/12 11:55:30 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/02/12 11:55:30 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/04/18 18:14:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [Razer Lachesis Driver] C:\Program Files (x86)\Razer\Lachesis 5600\LachesisSysTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [Salmosa] C:\Program Files (x86)\Razer\Salmosa\razerhid.exe ()
    O4 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000..\Run: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe (matt.malensek.net)
    O4 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
    O4 - Startup: C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Sona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-1088601224-828624667-1065783094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C2F0EC-F530-4EAE-BCC6-62CF2075236A}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAA385F-9116-47D2-93ED-101724924ABC}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (AVAST Software)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (AVAST Software)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.divxa32 - C:\Windows\SysWow64\divxa32.acm (Kristal StudioDFileDescription)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
    Drivers32: vidc.i263 - C:\Windows\SysWow64\I263_32.drv (Intel Corporation)
    Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com)
    Drivers32: VIDC.VP70 - C:\Windows\SysWow64\vp7vfw.dll (On2.com)
    Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/18 20:05:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Isaac\Desktop\OTL.exe
    [2012/04/18 18:32:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/18 18:14:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/04/18 17:16:19 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/18 17:10:44 | 004,467,856 | R--- | C] (Swearware) -- C:\Users\Isaac\Desktop\ComboFix.exe
    [2012/04/17 18:20:11 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Isaac\Desktop\TDSSKiller.exe
    [2012/04/17 18:06:18 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Desktop\tdsskiller
    [2012/04/15 20:08:32 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Desktop\bootkit_remover
    [2012/04/15 20:02:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Isaac\Desktop\explorer.exe
    [2012/04/15 18:45:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Isaac\Desktop\dds.scr
    [2012/04/15 17:51:40 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\Malwarebytes
    [2012/04/15 17:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/15 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/04/15 17:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/15 17:50:14 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Isaac\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/07 20:26:25 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\RPG 2.0 - Copy (4)
    [2012/04/06 23:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/04/06 23:19:58 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\.minecraft
    [2012/03/26 18:45:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
    [2012/03/24 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Isle
    [2012/03/24 10:31:42 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/03/24 10:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/03/24 10:31:41 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/03/24 10:31:35 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/03/24 10:31:33 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/03/24 10:31:32 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/03/24 10:31:28 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/03/24 10:31:28 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/03/24 10:31:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/03/24 10:31:06 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/03/24 10:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/03/24 10:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/03/24 10:22:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/24 10:22:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/24 10:22:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/24 10:21:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/24 10:20:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/23 21:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
    [2010/06/24 17:58:49 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Isaac\AppData\Roaming\pcouffin.sys
     
  21. hecter

    hecter TS Rookie Topic Starter Posts: 20

    ========== Files - Modified Within 30 Days ==========

    [2012/04/18 20:06:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Isaac\Desktop\OTL.exe
    [2012/04/18 18:14:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/18 18:14:51 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/04/18 17:31:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/18 17:11:03 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\Isaac\Desktop\ComboFix.exe
    [2012/04/18 14:09:56 | 000,000,512 | ---- | M] () -- C:\Users\Isaac\Desktop\MBR.dat
    [2012/04/17 19:39:15 | 000,801,997 | ---- | M] () -- C:\Users\Isaac\Desktop\ListParts64.exe
    [2012/04/17 18:20:07 | 002,052,353 | ---- | M] () -- C:\Users\Isaac\Desktop\tdsskiller.zip
    [2012/04/16 16:13:13 | 000,871,102 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/04/16 16:13:13 | 000,729,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/04/16 16:13:13 | 000,149,670 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/04/15 20:08:22 | 000,044,607 | ---- | M] () -- C:\Users\Isaac\Desktop\bootkit_remover.zip
    [2012/04/15 20:03:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Isaac\Desktop\explorer.exe
    [2012/04/15 18:45:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Isaac\Desktop\dds.scr
    [2012/04/15 18:11:42 | 000,302,592 | ---- | M] () -- C:\Users\Isaac\Desktop\nhjy3g14.exe
    [2012/04/15 17:50:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Isaac\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/11 21:33:41 | 000,009,808 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/11 21:33:40 | 000,009,808 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/10 16:55:18 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Isaac\Desktop\TDSSKiller.exe
    [2012/04/07 19:29:01 | 069,249,575 | ---- | M] () -- C:\Users\Isaac\Documents\RPG 2.0 - Copy (4).rar
    [2012/03/24 10:33:06 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/03/24 10:31:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/03/24 09:46:54 | 000,000,677 | ---- | M] () -- C:\Users\Isaac\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

    ========== Files Created - No Company Name ==========

    [2012/04/18 17:25:27 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/04/18 14:09:56 | 000,000,512 | ---- | C] () -- C:\Users\Isaac\Desktop\MBR.dat
    [2012/04/17 19:39:12 | 000,801,997 | ---- | C] () -- C:\Users\Isaac\Desktop\ListParts64.exe
    [2012/04/16 20:25:57 | 002,052,353 | ---- | C] () -- C:\Users\Isaac\Desktop\tdsskiller.zip
    [2012/04/15 20:08:22 | 000,044,607 | ---- | C] () -- C:\Users\Isaac\Desktop\bootkit_remover.zip
    [2012/04/15 18:11:38 | 000,302,592 | ---- | C] () -- C:\Users\Isaac\Desktop\nhjy3g14.exe
    [2012/04/07 19:13:12 | 069,249,575 | ---- | C] () -- C:\Users\Isaac\Documents\RPG 2.0 - Copy (4).rar
    [2012/03/24 10:31:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/03/24 10:22:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/24 10:22:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/24 10:22:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/24 10:22:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/24 10:22:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/24 09:46:54 | 000,000,677 | ---- | C] () -- C:\Users\Isaac\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/10/10 21:33:59 | 085,298,233 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\minecrafttech.7z
    [2011/09/28 19:40:24 | 091,230,187 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\minecraft.7z
    [2011/08/21 21:51:30 | 069,389,622 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\minecraft.zip
    [2011/05/29 21:32:44 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
    [2011/05/29 21:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
    [2011/05/29 21:32:44 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
    [2011/05/29 21:32:44 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
    [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/10/24 19:42:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/10/23 23:47:15 | 000,000,600 | ---- | C] () -- C:\Users\Isaac\AppData\Local\PUTTY.RND
    [2010/10/07 08:16:35 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/14 21:25:15 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/07/31 23:35:23 | 000,000,132 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2010/07/31 23:33:47 | 000,000,132 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\Adobe Targa Format CS5 Prefs
    [2010/07/14 11:51:49 | 000,000,295 | ---- | C] () -- C:\Windows\EReg072.dat
    [2010/06/24 17:58:49 | 000,007,859 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\pcouffin.cat
    [2010/06/24 17:58:49 | 000,001,167 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\pcouffin.inf
    [2010/06/16 05:59:03 | 000,000,120 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\c62553bc.dat
    [2010/06/12 20:16:13 | 000,000,132 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2010/05/30 20:01:11 | 000,856,570 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/05/23 14:10:53 | 000,000,132 | ---- | C] () -- C:\Users\Isaac\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2010/05/06 20:40:46 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010/05/06 20:40:45 | 002,102,272 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
    [2010/05/06 20:40:45 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/05/06 20:40:45 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/05/06 20:40:44 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2010/05/06 20:40:44 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/05/05 20:37:44 | 000,000,786 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

    ========== LOP Check ==========

    [2012/04/07 18:10:54 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\.minecraft
    [2012/04/07 00:08:11 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\.techniclauncher
    [2011/04/24 20:52:35 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\AdventureTools
    [2011/12/30 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\AtomZombieData
    [2011/01/03 21:03:19 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Audacity
    [2011/12/30 13:13:59 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Beat Hazard
    [2011/03/23 16:16:03 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Bioshock
    [2010/12/05 17:18:38 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\bizarre creations
    [2011/12/30 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Broken Rules
    [2011/05/14 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\CBLoader
    [2010/05/27 20:29:19 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/01/01 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Chime
    [2010/05/27 20:25:25 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/05/22 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DAEMON Tools Lite
    [2010/09/27 19:29:34 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DC++
    [2012/04/18 17:27:32 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DisplayFusion
    [2012/03/24 09:46:31 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Dropbox
    [2012/04/18 18:37:31 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\foobar2000
    [2010/12/27 21:10:44 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Galactic Magnate
    [2010/06/05 09:33:12 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\GlarySoft
    [2010/06/03 20:39:52 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\ImgBurn
    [2010/10/24 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\LolClient
    [2010/05/08 08:47:19 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Mount&Blade
    [2011/09/11 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Mount&Blade Warband
    [2010/07/21 12:37:38 | 000,000,000 | -HSD | M] -- C:\Users\Isaac\AppData\Roaming\ms-drivers
    [2012/04/07 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\mts
    [2011/08/18 01:38:41 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Notepad++
    [2010/07/18 08:58:17 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\NPLUTO Corporation
    [2010/05/09 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\OpenOffice.org
    [2010/12/02 01:00:20 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Racket
    [2010/07/21 08:46:36 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Raptr
    [2010/05/05 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\System
    [2011/03/17 10:28:46 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\SystemRequirementsLab
    [2010/06/16 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Thunderbird
    [2012/01/02 21:57:30 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\uTorrent
    [2010/11/27 12:38:29 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Vso
    [2010/07/21 12:37:44 | 000,000,000 | -HSD | M] -- C:\Users\Isaac\AppData\Roaming\wyUpdate AU
    [2011/05/14 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\Sona\AppData\Roaming\LolClient
    [2010/06/16 11:02:42 | 000,000,000 | ---D | M] -- C:\Users\Sona\AppData\Roaming\OpenOffice.org
    [2012/04/18 18:14:51 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
    [2012/02/23 19:23:51 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========




    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/04/30 18:10:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/04/18 18:32:49 | 000,022,626 | ---- | M] () -- C:\ComboFix.txt
    [2012/04/18 17:30:59 | 4293,058,560 | -HS- | M] () -- C:\pagefile.sys
    [2010/07/13 22:19:27 | 000,002,093 | ---- | M] () -- C:\Tetris.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/08 20:01:44 | 000,000,221 | -HS- | M] () -- C:\Users\Isaac\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/18 17:11:03 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\Isaac\Desktop\ComboFix.exe
    [2012/04/15 20:03:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Isaac\Desktop\explorer.exe
    [2012/04/17 19:39:15 | 000,801,997 | ---- | M] () -- C:\Users\Isaac\Desktop\ListParts64.exe
    [2012/04/15 17:50:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Isaac\Desktop\mbam-setup-1.61.0.1400.exe
    [2012/04/15 18:11:42 | 000,302,592 | ---- | M] () -- C:\Users\Isaac\Desktop\nhjy3g14.exe
    [2012/04/18 20:06:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Isaac\Desktop\OTL.exe
    [2012/04/10 16:55:18 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Isaac\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/18 18:14:51 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2012/04/18 17:31:08 | 000,000,006 | ---- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/02/23 19:23:51 | 000,032,580 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/10/17 14:32:50 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2010/10/17 14:32:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2010/10/17 14:32:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2010/10/17 14:32:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2010/10/17 14:32:50 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2010/10/17 14:32:50 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/04 09:28:20 | 000,000,402 | -HS- | M] () -- C:\Users\Isaac\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < MD5 for: USER32.DLL >
    [2010/05/04 22:06:09 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=2C353B6CE0C8D03225CAA2AF33B68D79 -- C:\Windows\SysNative\user32.dll
    [2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [2010/05/04 22:06:09 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=861C4346F9281DC0380DE72C8D55D6BE -- C:\Windows\SysWOW64\user32.dll
    [2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    [2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

    undefined < End of report >
     
  22. hecter

    hecter TS Rookie Topic Starter Posts: 20

    OTL Extras logfile created on: 18/04/2012 8:06:52 PM - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Isaac\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 43.47% Memory free
    7.99 Gb Paging File | 5.11 Gb Available in Paging File | 63.90% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 144.30 Gb Total Space | 34.47 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
    Drive D: | 245.06 Gb Total Space | 23.40 Gb Free Space | 9.55% Space Free | Partition Type: NTFS
    Drive E: | 316.41 Gb Total Space | 40.39 Gb Free Space | 12.76% Space Free | Partition Type: NTFS
    Drive F: | 322.26 Gb Total Space | 62.82 Gb Free Space | 19.49% Space Free | Partition Type: NTFS
    Drive G: | 144.02 Gb Total Space | 30.29 Gb Free Space | 21.03% Space Free | Partition Type: NTFS

    Computer Name: ISAAC-PC | User Name: Isaac | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1088601224-828624667-1065783094-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
    "{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6151cf20-0bd8-4023-a4a0-6a86dcfe58e6}" = Python 2.6.6 (64-bit)
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
    "{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "UDK-2596e26e-1c3e-4649-8ab0-4d4a10e1be70" = Unreal Development Kit: 2010-05
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}" = Roleplaying City Map Generator 5.40
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{580AEA6C-E35C-4470-818F-0F0A083EE1AD}" = Razer Lachesis 5600
    "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}" = 3RVX
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1B2F73A-F5D0-49FB-A114-652B85F71ECB}" = Dungeons and Dragons Anthology: The Master Collection
    "{A4552E28-AF1D-4C3E-9991-8112F40265F4}" = Adventure Tools
    "{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AA20E409-BDB4-439B-B75B-D5B193546779}" = Linksys Wireless-N PCI Adapter WMP300N Driver - WMP300Nv1.1
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{B076073A-5527-4F4F-B46B-B10692277DA2}" = DisplayFusion
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{BE3A3BDB-93B0-4F19-ABB1-D63575210C6C}_is1" = Dig-N-Rig version 1.0
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}" = Razer Salmosa
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "ASIO4ALL" = ASIO4ALL
    "Audiosurf_is1" = Audiosurf Beta
    "avast" = avast! Free Antivirus
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.1.6
    "CamStudio" = CamStudio
    "CDex" = CDex extraction audio
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
    "EA Download Manager" = EA Download Manager
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Fallout New Vegas_is1" = Fallout New Vegas
    "Fiddler2" = Fiddler2 (remove only)
    "FLAC" = FLAC 1.2.1b (remove only)
    "foobar2000" = foobar2000 v1.1.7
    "Galactic Magnate_is1" = Galactic Magnate v1.2
    "Glary Utilities_is1" = Glary Utilities 2.27.0.982
    "ImgBurn" = ImgBurn
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MapleStory" = MapleStory
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mount&Blade Warband" = Mount&Blade Warband
    "Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
    "Notepad++" = Notepad++
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Racket-5.0.1" = Racket v5.0.1
    "RTEQ_is1" = RTEQ v4.10
    "StarCraft II" = StarCraft II
    "Steam App 1250" = Killing Floor
    "Steam App 13520" = Far Cry
    "Steam App 1510" = Uplink
    "Steam App 18500" = Defense Grid: The Awakening
    "Steam App 18700" = And Yet It Moves
    "Steam App 201760" = Cities XL 2012
    "Steam App 203850" = Microsoft Flight
    "Steam App 22330" = The Elder Scrolls IV: Oblivion
    "Steam App 2280" = The Ultimate DOOM
    "Steam App 2290" = Final DOOM
    "Steam App 2300" = DOOM II: Hell on Earth
    "Steam App 2310" = Quake
    "Steam App 24980" = Mass Effect 2
    "Steam App 27810" = GridRunner Revolution
    "Steam App 32370" = Star Wars: Knights of the Old Republic
    "Steam App 35140" = Batman: Arkham Asylum GOTY Edition
    "Steam App 37800" = QuantZ
    "Steam App 38900" = Rhythm Zone
    "Steam App 3900" = Sid Meier's Civilization IV
    "Steam App 3990" = Sid Meier's Civilization IV: Warlords
    "Steam App 4000" = Garry's Mod
    "Steam App 40400" = AI War: Fleet Command
    "Steam App 40800" = Super Meat Boy
    "Steam App 41100" = Hammerfight
    "Steam App 42640" = Blur
    "Steam App 42890" = Sword of the Stars Complete Collection
    "Steam App 48700" = Mount & Blade: Warband
    "Steam App 49600" = Beat Hazard
    "Steam App 55040" = Atom Zombie Smasher
    "Steam App 58300" = System Protocol One
    "Steam App 58400" = Turba
    "Steam App 60600" = ProtoGalaxy
    "Steam App 620" = Portal 2
    "Steam App 62100" = Chime
    "Steam App 63700" = BIT.TRIP BEAT
    "Steam App 70100" = Hacker Evolution
    "Steam App 70900" = Star Ruler
    "Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
    "Steam App 9160" = Master Levels for DOOM II
    "Steam App 91900" = Post Apocalyptic Mayhem
    "Steam App 9480" = Saints Row 2
    "SystemRequirementsLab" = System Requirements Lab
    "uTorrent" = µTorrent
    "vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
    "Voice Shaper_is1" = Voice Shaper 0.93
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1088601224-828624667-1065783094-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Competition Arena" = Competition Arena
    "Dropbox" = Dropbox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 15/04/2012 6:12:37 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: foobar2000.exe, version: 1.1.7.0, time
    stamp: 0x4deb4963 Faulting module name: foo_controlserver.dll, version: 0.0.0.0,
    time stamp: 0x4574a15d Exception code: 0x40000015 Fault offset: 0x0001655d Faulting
    process id: 0x8a8 Faulting application start time: 0x01cd1b11c29e7781 Faulting application
    path: C:\Program Files (x86)\foobar2000\foobar2000.exe Faulting module path: C:\Users\Isaac\AppData\Roaming\foobar2000\user-components\foo_controlserver\foo_controlserver.dll
    Report
    Id: 1b92818e-8748-11e1-b83e-849fe38195fa

    Error - 16/04/2012 4:10:48 PM | Computer Name = Isaac-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 16/04/2012 5:58:36 PM | Computer Name = Isaac-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 16/04/2012 7:55:24 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
    time stamp: 0x4aebab8d Faulting module name: MSHTML.dll, version: 9.0.8112.16443,
    time stamp: 0x4f4c81a4 Exception code: 0xc00000fd Fault offset: 0x000000000033981c
    Faulting
    process id: 0x9a4 Faulting application start time: 0x01cd1c1c12f8e315 Faulting application
    path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: a1d903db-881f-11e1-8ea4-a3b744e5eafb

    Error - 17/04/2012 10:54:34 AM | Computer Name = Isaac-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 17/04/2012 11:43:11 AM | Computer Name = Isaac-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 17/04/2012 6:05:05 PM | Computer Name = Isaac-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 18/04/2012 1:19:42 PM | Computer Name = Isaac-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 18/04/2012 1:49:10 PM | Computer Name = Isaac-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    Error - 18/04/2012 6:14:50 PM | Computer Name = Isaac-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x80070005.

    [ System Events ]
    Error - 17/04/2012 7:40:29 PM | Computer Name = Isaac-PC | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 17/04/2012 7:40:31 PM | Computer Name = Isaac-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 17/04/2012 7:40:31 PM | Computer Name = Isaac-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 18/04/2012 1:19:01 PM | Computer Name = Isaac-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 18/04/2012 1:20:05 PM | Computer Name = Isaac-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 18/04/2012 3:54:02 PM | Computer Name = Isaac-PC | Source = DCOM | ID = 10001
    Description =

    Error - 18/04/2012 5:25:28 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 18/04/2012 5:28:40 PM | Computer Name = Isaac-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 18/04/2012 5:29:34 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 18/04/2012 5:31:15 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      [2012/03/24 09:46:54 | 000,000,677 | ---- | C] () -- C:\Users\Isaac\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    =======================================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. hecter

    hecter TS Rookie Topic Starter Posts: 20

    Double post, got a bit confused. Will updated with the next logs tomorrow.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,884   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...